SUSE Security Update: Security update for rubygem-rack
______________________________________________________________________________

Announcement ID:    SUSE-SU-2023:0276-1
Rating:             moderate
References:         #1207596 #1207597 #1207599 
Cross-References:   CVE-2022-44570 CVE-2022-44571 CVE-2022-44572
                   
CVSS scores:
                    CVE-2022-44570 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-44571 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-44572 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Enterprise Storage 6
                    SUSE Enterprise Storage 7
                    SUSE Enterprise Storage 7.1
                    SUSE Linux Enterprise High Availability 15-SP1
                    SUSE Linux Enterprise High Availability 15-SP2
                    SUSE Linux Enterprise High Availability 15-SP3
                    SUSE Linux Enterprise High Availability 15-SP4
                    SUSE Linux Enterprise High Performance Computing 15-SP1
                    SUSE Linux Enterprise High Performance Computing 15-SP2
                    SUSE Linux Enterprise High Performance Computing 15-SP3
                    SUSE Linux Enterprise High Performance Computing 15-SP4
                    SUSE Linux Enterprise Server 15-SP1
                    SUSE Linux Enterprise Server 15-SP2
                    SUSE Linux Enterprise Server 15-SP3
                    SUSE Linux Enterprise Server 15-SP4
                    SUSE Linux Enterprise Server for SAP Applications 15-SP1
                    SUSE Linux Enterprise Server for SAP Applications 15-SP2
                    SUSE Linux Enterprise Server for SAP Applications 15-SP3
                    SUSE Linux Enterprise Server for SAP Applications 15-SP4
                    SUSE Manager Proxy 4.0
                    SUSE Manager Proxy 4.1
                    SUSE Manager Proxy 4.2
                    SUSE Manager Proxy 4.3
                    SUSE Manager Retail Branch Server 4.0
                    SUSE Manager Retail Branch Server 4.1
                    SUSE Manager Retail Branch Server 4.2
                    SUSE Manager Retail Branch Server 4.3
                    SUSE Manager Server 4.0
                    SUSE Manager Server 4.1
                    SUSE Manager Server 4.2
                    SUSE Manager Server 4.3
                    openSUSE Leap 15.4
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for rubygem-rack fixes the following issues:

   - CVE-2022-44570: Fixed a potential denial of service when parsing a
     RFC2183 multipart boundary (bsc#1207597).
   - CVE-2022-44571: Fixed a potential denial of service when parsing a Range
     header (bsc#1207599).
   - CVE-2022-44572: Fixed a potential denial of service when parsing a
     Content-Disposition header (bsc#1207596).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2023-276=1

   - SUSE Linux Enterprise High Availability 15-SP4:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-276=1

   - SUSE Linux Enterprise High Availability 15-SP3:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-276=1

   - SUSE Linux Enterprise High Availability 15-SP2:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-276=1

   - SUSE Linux Enterprise High Availability 15-SP1:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-276=1



Package List:

   - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

      ruby2.5-rubygem-rack-2.0.8-150000.3.12.1
      ruby2.5-rubygem-rack-doc-2.0.8-150000.3.12.1
      ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.12.1

   - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):

      ruby2.5-rubygem-rack-2.0.8-150000.3.12.1

   - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

      ruby2.5-rubygem-rack-2.0.8-150000.3.12.1

   - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):

      ruby2.5-rubygem-rack-2.0.8-150000.3.12.1

   - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):

      ruby2.5-rubygem-rack-2.0.8-150000.3.12.1


References:

   https://www.suse.com/security/cve/CVE-2022-44570.html
   https://www.suse.com/security/cve/CVE-2022-44571.html
   https://www.suse.com/security/cve/CVE-2022-44572.html
   https://bugzilla.suse.com/1207596
   https://bugzilla.suse.com/1207597
   https://bugzilla.suse.com/1207599

openSUSE: 2023:0276-1: moderate: rubygem-rack Security Advisory Update

February 6, 2023
An update that fixes three vulnerabilities is now available.

Description

This update for rubygem-rack fixes the following issues: - CVE-2022-44570: Fixed a potential denial of service when parsing a RFC2183 multipart boundary (bsc#1207597). - CVE-2022-44571: Fixed a potential denial of service when parsing a Range header (bsc#1207599). - CVE-2022-44572: Fixed a potential denial of service when parsing a Content-Disposition header (bsc#1207596).

 

Patch

Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-276=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-276=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-276=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-276=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-276=1


Package List

- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.12.1 ruby2.5-rubygem-rack-doc-2.0.8-150000.3.12.1 ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.12.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.12.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.12.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.12.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.12.1


References

https://www.suse.com/security/cve/CVE-2022-44570.html https://www.suse.com/security/cve/CVE-2022-44571.html https://www.suse.com/security/cve/CVE-2022-44572.html https://bugzilla.suse.com/1207596 https://bugzilla.suse.com/1207597 https://bugzilla.suse.com/1207599


Severity
Announcement ID: SUSE-SU-2023:0276-1
Rating: moderate
Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved