SUSE-SU-2022:2192-1

Details

This update for rubygem-rack fixes the following issues:

CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS (bsc#1200748)
CVE-2022-30123: Fixed crafted requests can cause shell escape sequences (bsc#1200750)

Affected Packages

SUSE:Linux Enterprise High Availability Extension 15ruby2.5-rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

SUSE:Linux Enterprise High Availability Extension 15rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

SUSE:Linux Enterprise High Availability Extension 15 SP1ruby2.5-rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

SUSE:Linux Enterprise High Availability Extension 15 SP1rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

SUSE:Linux Enterprise High Availability Extension 15 SP2ruby2.5-rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

SUSE:Linux Enterprise High Availability Extension 15 SP2rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

SUSE:Linux Enterprise High Availability Extension 15 SP3ruby2.5-rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

SUSE:Linux Enterprise High Availability Extension 15 SP3rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

SUSE:Linux Enterprise High Availability Extension 15 SP4ruby2.5-rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

SUSE:Linux Enterprise High Availability Extension 15 SP4rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

openSUSE:Leap 15.3ruby2.5-rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

openSUSE:Leap 15.3ruby2.5-rubygem-rack-doc

Fixed in:

2.0.8-150000.3.6.1

openSUSE:Leap 15.3ruby2.5-rubygem-rack-testsuite

Fixed in:

2.0.8-150000.3.6.1

openSUSE:Leap 15.3rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

openSUSE:Leap 15.4ruby2.5-rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

openSUSE:Leap 15.4ruby2.5-rubygem-rack-doc

Fixed in:

2.0.8-150000.3.6.1

openSUSE:Leap 15.4ruby2.5-rubygem-rack-testsuite

Fixed in:

2.0.8-150000.3.6.1

openSUSE:Leap 15.4rubygem-rack

Fixed in:

2.0.8-150000.3.6.1

References

REPORThttps://bugzilla.suse.com/1200748 REPORThttps://bugzilla.suse.com/1200750 WEBhttps://www.suse.com/security/cve/CVE-2022-30122 WEBhttps://www.suse.com/security/cve/CVE-2022-30123 ADVISORYhttps://www.suse.com/support/update/announcement/2022/suse-su-20222192-1/

SUSE-SU-2022:2192-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline