Ubuntu alert USN-7695-1 (ruby-sidekiq)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7695-1] Sidekiq vulnerabilities | |
| Date: | Thu, 14 Aug 2025 08:25:14 +0000 | |
| Message-ID: | <E1umTGs-0000ua-No@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7695-1 August 14, 2025 ruby-sidekiq vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Sidekiq. Software Description: - ruby-sidekiq: Simple, efficient background processing for Ruby Details: Anas Roubi discovered that Sidekiq did not correctly sanitize certain inputs. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-30151) It was discovered that Sidekiq did not correctly bound certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-23837) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS ruby-sidekiq 6.3.1+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS ruby-sidekiq 5.2.7+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS ruby-sidekiq 5.0.4+dfsg-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7695-1 CVE-2021-30151, CVE-2022-23837
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmidnQsACgkQcpJm3tlz hgH8lQ//Q0tBKKHELKUHd2QoYDLk3+eRhx3msG9d2B6U/bzyhtdH1xdjARo/077n wezXRsYTESzqy8vkHSNu3XQx8UU1x7s53MnqGqHdWEVrx5taiKRDRKVsdChzQbeL LH189YTPOrk4wFZ7Bi+VNfFNGgQcCajRuCuWQzihMifHuBbHUT+Y7i23owg3ZtSH WSTZiTLwoT1hbK4m3NmRZ3t2jjJNPhNEM6y3CkAvAltokc2UKt6gtScbtivl74kP HsVqCkaSbptVWDexrk/QVtexx7sXCrrPOmbhqdEuNGAqGYoRIdhrElgcINq727xB u71r/b0IoNoPgvmrcwT8Ir9Iv+YhADSiUV7puvLrZmhsXXlciviOj6N93WjeTI7j RR6DJpJQ5oExQrMSxeP8SI9NwgWDqe+CHoweYJF79oq1NEU8nsYA/Ep6Mj8atk5+ cxKBD7/r7TOE44fyfPdyhmdlxmp21Wlyrm0a9l/vdUrgKyTZ7RUtURxu63yIH326 QhKwBs1E+oSG9Fk9sj0AJkzUa1zUDQo0fXb8rZID7kfINlU/FMSdbXZn91Q3YP+j h4isuTLAIUvGxWLJvXQ65qynut+Tt9x+miZo006MzZp7J0BaHs9Np3EGRULiWsNH aJVvqHHqvCHmczo1Gsap2NG8pOHqBUReJwYnIlVGR7YGVKYJvs4= =6uRy -----END PGP SIGNATURE-----