Bugzilla – Bug 1220239
VUL-0: CVE-2024-25126: rubygem-rack,rubygem-rack-1_4,rubygem-rack-1_6: rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing
Last modified: 2024-04-08 12:31:20 UTC
There is a possible denial of service vulnerability in the content type parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2024-25126. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-25126 https://bugzilla.redhat.com/show_bug.cgi?id=2265593 Patch: https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49
Tracking as affected: - openSUSE:Factory/rubygem-rack - SUSE:SLE-15:Update/rubygem-rack
(In reply to Andrea Mattiazzo from comment #1) > Tracking as affected: > - openSUSE:Factory/rubygem-rack > - SUSE:SLE-15:Update/rubygem-rack Tracking also as affected: - SUSE:SLE-12:Update/rubygem-rack-1_4 - SUSE:SLE-12:Update/rubygem-rack Additional reference: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941
Submit into devel project: https://build.opensuse.org/request/show/1152288
Submitted for 15,12/rubygem-rack and 12/rubygem-rack-1_4. I believe all fixed.
SUSE-SU-2024:0765-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1220239, 1220242, 1220248 CVE References: CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 Sources used: openSUSE Leap 15.5 (src): rubygem-rack-2.0.8-150000.3.21.2 SUSE Linux Enterprise High Availability Extension 15 SP2 (src): rubygem-rack-2.0.8-150000.3.21.2 SUSE Linux Enterprise High Availability Extension 15 SP3 (src): rubygem-rack-2.0.8-150000.3.21.2 SUSE Linux Enterprise High Availability Extension 15 SP4 (src): rubygem-rack-2.0.8-150000.3.21.2 SUSE Linux Enterprise High Availability Extension 15 SP5 (src): rubygem-rack-2.0.8-150000.3.21.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0946-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1220239, 1220242, 1220248 CVE References: CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 Maintenance Incident: [SUSE:Maintenance:33004](https://smelt.suse.de/incident/33004/) Sources used: Containers Module 12 (src): rubygem-rack-1_4-1.4.5-9.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1131-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1220239, 1220242, 1220248 CVE References: CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 Maintenance Incident: [SUSE:Maintenance:32805](https://smelt.suse.de/incident/32805/) Sources used: SUSE OpenStack Cloud Crowbar 8 (src): rubygem-rack-1.6.13-3.22.1 SUSE OpenStack Cloud Crowbar 9 (src): rubygem-rack-1.6.13-3.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.