ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0123
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0123)
Resumen:	The remote host is missing an update for the 'ruby-rack' package(s) announced via the MGASA-2024-0123 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ruby-rack' package(s) announced via the MGASA-2024-0123 advisory. Vulnerability Insight: Carefully crafted content type headers can cause Rack's media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). (CVE-2024-25126) Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). (CVE-2024-26141) Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. (CVE-2024-26146) Affected Software/OS: 'ruby-rack' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-25126 https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462 https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49 https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2024-26141 https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9 https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml Common Vulnerability Exposure (CVE) ID: CVE-2024-26146 https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716 https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582 https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.