SUSE-SU-2023:0725-1

Опубликовано: 14 мар. 2023

Источник: suse-cvrf

Описание

Security update for rubygem-rack

This update for rubygem-rack fixes the following issues:

CVE-2023-27530: Fixed denial of service in Multipart MIME parsing (bsc#1209095).

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP2-SAP-Azure

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP2-SAP-BYOS-Azure

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP2-SAP-BYOS-GCE

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP2-SAP-EC2-HVM

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP2-SAP-GCE

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP3-SAP-BYOS-Azure

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP3-SAP-BYOS-GCE

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-BYOS

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-BYOS-Azure

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-BYOS-EC2

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-BYOS-GCE

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-Hardened

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-Hardened-Azure

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-Hardened-BYOS

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-Hardened-EC2

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP4-SAP-Hardened-GCE

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-Azure-3P

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-BYOS-Azure

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-BYOS-EC2

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-BYOS-GCE

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-Hardened-Azure

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-Hardened-EC2

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP5-SAP-Hardened-GCE

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-BYOS

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-BYOS-Azure

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-BYOS-EC2

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-BYOS-GCE

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-Hardened

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-Hardened-Azure

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-Hardened-BYOS

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-Hardened-EC2

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP6-SAP-Hardened-GCE

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

SUSE Linux Enterprise High Availability Extension 15 SP1

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

SUSE Linux Enterprise High Availability Extension 15 SP2

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

SUSE Linux Enterprise High Availability Extension 15 SP3

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

SUSE Linux Enterprise High Availability Extension 15 SP4

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

openSUSE Leap 15.4

ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

ruby2.5-rubygem-rack-doc-2.0.8-150000.3.15.1

ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.15.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230725-1/
Link for SUSE-SU-2023:0725-1
https://lists.suse.com/pipermail/sle-security-updates/2023-March/014032.html
E-Mail link for SUSE-SU-2023:0725-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1209095
SUSE Bug 1209095
https://www.suse.com/security/cve/CVE-2023-27530/
SUSE CVE CVE-2023-27530 page

Описание

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

Затронутые продукты

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-27530.html
CVE-2023-27530
https://bugzilla.suse.com/1209095
SUSE Bug 1209095

SUSE-SU-2023:0725-1

Описание

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-Azure

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-BYOS-Azure

Image SLES15-SP2-SAP-BYOS-EC2-HVM

Image SLES15-SP2-SAP-BYOS-GCE

Image SLES15-SP2-SAP-EC2-HVM

Image SLES15-SP2-SAP-GCE

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP3-SAP-BYOS-Azure

Image SLES15-SP3-SAP-BYOS-EC2-HVM

Image SLES15-SP3-SAP-BYOS-GCE

Image SLES15-SP4-SAP-Azure-LI-BYOS

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

Image SLES15-SP4-SAP-Azure-VLI-BYOS

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP4-SAP-BYOS

Image SLES15-SP4-SAP-BYOS-Azure

Image SLES15-SP4-SAP-BYOS-EC2

Image SLES15-SP4-SAP-BYOS-GCE

Image SLES15-SP4-SAP-Hardened

Image SLES15-SP4-SAP-Hardened-Azure

Image SLES15-SP4-SAP-Hardened-BYOS

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

Image SLES15-SP4-SAP-Hardened-EC2

Image SLES15-SP4-SAP-Hardened-GCE

Image SLES15-SP5-SAP-Azure-3P

Image SLES15-SP5-SAP-Azure-LI-BYOS

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

Image SLES15-SP5-SAP-Azure-VLI-BYOS

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP5-SAP-BYOS-Azure

Image SLES15-SP5-SAP-BYOS-EC2

Image SLES15-SP5-SAP-BYOS-GCE

Image SLES15-SP5-SAP-Hardened-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

Image SLES15-SP5-SAP-Hardened-EC2

Image SLES15-SP5-SAP-Hardened-GCE

Image SLES15-SP6-SAP-Azure-LI-BYOS

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

Image SLES15-SP6-SAP-Azure-VLI-BYOS

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP6-SAP-BYOS

Image SLES15-SP6-SAP-BYOS-Azure

Image SLES15-SP6-SAP-BYOS-EC2

Image SLES15-SP6-SAP-BYOS-GCE

Image SLES15-SP6-SAP-Hardened

Image SLES15-SP6-SAP-Hardened-Azure

Image SLES15-SP6-SAP-Hardened-BYOS

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

Image SLES15-SP6-SAP-Hardened-EC2

Image SLES15-SP6-SAP-Hardened-GCE

SUSE Linux Enterprise High Availability Extension 15 SP1

SUSE Linux Enterprise High Availability Extension 15 SP2

SUSE Linux Enterprise High Availability Extension 15 SP3

SUSE Linux Enterprise High Availability Extension 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-27530

Описание

Затронутые продукты

Ссылки