Описание
Security update for rubygem-rack
This update for rubygem-rack fixes the following issues:
- CVE-2022-44570: Fixed a potential denial of service when parsing a RFC2183 multipart boundary (bsc#1207597).
- CVE-2022-44571: Fixed a potential denial of service when parsing a Range header (bsc#1207599).
- CVE-2022-44572: Fixed a potential denial of service when parsing a Content-Disposition header (bsc#1207596).
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-EC2-HVM
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP3-SAP-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP3-SAP-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-BYOS-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-Hardened
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-Azure-3P
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-BYOS-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-BYOS-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-Hardened
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
SUSE Linux Enterprise High Availability Extension 15 SP1
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
SUSE Linux Enterprise High Availability Extension 15 SP2
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
SUSE Linux Enterprise High Availability Extension 15 SP3
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
SUSE Linux Enterprise High Availability Extension 15 SP4
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
openSUSE Leap 15.4
ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
ruby2.5-rubygem-rack-doc-2.0.8-150000.3.12.1
ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.12.1
Ссылки
- Link for SUSE-SU-2023:0276-1
- E-Mail link for SUSE-SU-2023:0276-1
- SUSE Security Ratings
- SUSE Bug 1207596
- SUSE Bug 1207597
- SUSE Bug 1207599
- SUSE CVE CVE-2022-44570 page
- SUSE CVE CVE-2022-44571 page
- SUSE CVE CVE-2022-44572 page
Описание
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Ссылки
- CVE-2022-44570
- SUSE Bug 1207597
Описание
There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Ссылки
- CVE-2022-44571
- SUSE Bug 1207599
Описание
A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
Ссылки
- CVE-2022-44572
- SUSE Bug 1207596