Описание
Security update for rubygem-puma
This update for rubygem-puma fixes the following issues:
- CVE-2023-40175: Fixed HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers (bsc#1214425).
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP2-SAP-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP2-SAP-BYOS-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP2-SAP-BYOS-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP2-SAP-EC2-HVM
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP2-SAP-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP3-SAP-BYOS-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP3-SAP-BYOS-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-BYOS
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-BYOS-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-BYOS-EC2
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-BYOS-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-Hardened
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-BYOS
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP5-SAP-Azure-3P
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP5-SAP-BYOS-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP5-SAP-BYOS-EC2
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP5-SAP-BYOS-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
SUSE Linux Enterprise High Availability Extension 15 SP1
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
SUSE Linux Enterprise High Availability Extension 15 SP2
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
SUSE Linux Enterprise High Availability Extension 15 SP3
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
SUSE Linux Enterprise High Availability Extension 15 SP4
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
SUSE Linux Enterprise High Availability Extension 15 SP5
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
openSUSE Leap 15.4
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1
openSUSE Leap 15.5
ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1
Ссылки
- Link for SUSE-SU-2023:3957-1
- E-Mail link for SUSE-SU-2023:3957-1
- SUSE Security Ratings
- SUSE Bug 1214425
- SUSE CVE CVE-2023-40175 page
Описание
Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-puma-4.3.12-150000.3.12.1
Ссылки
- CVE-2023-40175
- SUSE Bug 1214425