SUSE-SU-2025:1492-1

Опубликовано: 06 мая 2025

Источник: suse-cvrf

Описание

Security update for rubygem-rack-1_6

This update for rubygem-rack-1_6 fixes the following issues:

CVE-2025-27111: Fixed Escape Sequence Injection vulnerability (bsc#1238607)

Список пакетов

openSUSE Leap 15.6

ruby2.5-rubygem-rack-1_6-1.6.8-150000.3.6.1

ruby2.5-rubygem-rack-doc-1_6-1.6.8-150000.3.6.1

ruby2.5-rubygem-rack-testsuite-1_6-1.6.8-150000.3.6.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20251492-1/
Link for SUSE-SU-2025:1492-1
https://lists.suse.com/pipermail/sle-updates/2025-May/039163.html
E-Mail link for SUSE-SU-2025:1492-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1238607
SUSE Bug 1238607
https://www.suse.com/security/cve/CVE-2025-27111/
SUSE CVE CVE-2025-27111 page

Описание

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vulnerability is fixed in 2.2.12, 3.0.13, and 3.1.11.

Затронутые продукты

openSUSE Leap 15.6:ruby2.5-rubygem-rack-1_6-1.6.8-150000.3.6.1

openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-1_6-1.6.8-150000.3.6.1

openSUSE Leap 15.6:ruby2.5-rubygem-rack-testsuite-1_6-1.6.8-150000.3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-27111.html
CVE-2025-27111
https://bugzilla.suse.com/1238607
SUSE Bug 1238607

SUSE-SU-2025:1492-1

Описание

Список пакетов

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-27111

Описание

Затронутые продукты

Ссылки