You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ruby-rack

Sigurnosni nedostaci programskog paketa ruby-rack

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4561-1
September 30, 2020

ruby-rack vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Rack could be made to expose sensitive information over the network.

Software Description:
– ruby-rack: modular Ruby webserver interface

Details:

It was discovered that Rack incorrectly handled certain paths. An attacker
could possibly use this issue to obtain sensitive information.
(CVE-2020-8161)

It was discovered that Rack incorrectly validated cookies. An attacker
could possibly use this issue to forge a secure cookie. (CVE-2020-8184)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
ruby-rack 1.6.4-4ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4561-1
CVE-2020-8161, CVE-2020-8184

Package Information:
https://launchpad.net/ubuntu/+source/ruby-rack/1.6.4-4ubuntu0.2
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAl904zIACgkQkGeI6zGn
N//2+w//UaYgbeNCuoU+LlJegxru954NfOdX5tdhmH/n+4MMzcsdkANM/CPsMe7C
/raSun/geyffXK7NDd9P/uie1ATcNdB0Wi4WZPLmYBU4LQKuqkjTQM3f7dANQW1E
wXIfLsbw6eH/CmVkW4LyfRfcwsaEMzBZHx0qYZic7EFx76MprYafUyII0XtLM2IY
IbHSAuP5M0WqGlOsIJ6CM7AghHdFPCegsLdhPCh+aTSDjB6xvreRJA9JKgdmZ/Ob
UrnZ1Tz3zmn5MzfJMWgQDgEobkJreFKCWG12MeDokKB42OripqUP9B3vY1DPKxAk
KmyCpYzEbAlAKknG79OFM3zafsqkSdb+J2alkFNxm0kR18RjX+bToScm7mSfmy1f
C0pqzox/YTN2mgOg2nDUVR75INDQ1IdQLHBRChgkJHMYAlS6W/v5PtVWG8Vm71Le
Tactcw/0SjskBi5MmomySvSISRbuMwRrgTohfQ56xlVq/UBAUfQkhOLZYSptr7F6
a3GI6SMhtjoxorVqPdkI6Iw70PUfdjLOwd6gY0F/yheJsV0A4kHtqGajMo/Z9K56
q9mAczAQvQ337EddGwzOArw4oG5Eg1hvSn/5xxc6AWZ1PF85XlXCsnROcslSE53A
8MYBk8TVb8Zo9zRhtMPjkLvcRW18JjnV3ATrV0xudIwlPtdIw0s=
=dAWF
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2020-10-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa ruby-gon

Otkriven je sigurnosni nedostatak programske biblioteke ruby-gon za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje XSS napada. Savjetuje...

Close