Test ID:	1.3.6.1.4.1.25623.1.1.12.2024.6837.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6837-1)
Summary:	The remote host is missing an update for the 'ruby-rack' package(s) announced via the USN-6837-1 advisory.
Description:	Summary: The remote host is missing an update for the 'ruby-rack' package(s) announced via the USN-6837-1 advisory. Vulnerability Insight: It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.10. (CVE-2023-27530) It was discovered that Rack incorrectly parsed certain media types. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. (CVE-2024-25126) It was discovered that Rack incorrectly handled certain Range headers. A remote attacker could possibly use this issue to cause Rack to create large responses, leading to a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-26141) It was discovered that Rack incorrectly handled certain crafted headers. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-26146) Affected Software/OS: 'ruby-rack' package(s) on Ubuntu 23.10, Ubuntu 24.04. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-27530 Debian Security Information: DSA-5530 (Google Search) https://www.debian.org/security/2023/dsa-5530 https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2024-25126 https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462 https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49 https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2024-26141 https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9 https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml Common Vulnerability Exposure (CVE) ID: CVE-2024-26146 https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716 https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582 https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.