|
|
Subscribe / Log in / New account

Ubuntu alert USN-7057-2 (ruby-webrick)



From:
              Marc Deslauriers <marc.deslauriers@canonical.com>


To:
              "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>


Subject:
              [USN-7057-2] WEBrick vulnerability


Date:
              Tue, 08 Oct 2024 12:40:54 -0400


Message-ID:
              <4d94e8d0-b990-4dfc-bb0b-ccc8bc2cc669@canonical.com>


==========================================================================
Ubuntu Security Notice USN-7057-2
October 08, 2024

ruby-webrick vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

WEBrick could allow a HTTP request smuggling attack.

Software Description:
- ruby-webrick: HTTP server toolkit in Ruby

Details:

USN-7057-1 fixed a vulnerability in WEBrick. This update provides the
corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

  It was discovered that WEBrick incorrectly handled having both a Content-
  Length header and a Transfer-Encoding header. A remote attacker could
  possibly use this issue to perform a HTTP request smuggling attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   ruby-webrick                    1.7.0-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7057-2
   https://ubuntu.com/security/notices/USN-7057-1
   CVE-2024-47220

Package Information:
   https://launchpad.net/ubuntu/+source/ruby-webrick/1.7.0-3...





Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmcFYJkACgkQZWnYVadE
vpNPcQ//VHl8ZF7BSXHNB78S24JuLI2c5kAVdDDs1fh0uq8QfsY3XLxjNuydvMOD
BgwOZA3pkUaey//20cx900+qolTL81nVh0ZXlelUEpd81BSz+BEFnGJTu2a2AUbp
RMdoRhucOifiLLg8nk5QjFSuSegr/zdwJ+PKN7k+fZ7Ll5SnYm3YaujImOrNtW/B
318LbWwzZ36X8yDD80UQKJ7j6l4kq/IWa0zB9nHbP/1eSgtWuERpN0MnBOIaGlJR
kz095SnqHsiBb3AYsRuLH5D6rsAoCKCLeo0L2VgN4d52BAeG+kskymGeSdl/WQjq
/9nszZ0SYzzBiBgkZOaQAakvz4jMxBwVO6m2mXTBXfSgJ1FTXcQbFH9QAI2PSlYE
OR3w/zk48ToyrdgnOKi1I41GjTJkpfnhvNqkXETlzGTFZa9rwbZcx3nd5H/Ryj1P
Kk0/ISymQHqsPwpVL38Ab6JmtgDXjFs+cUAPDm39YPqSJSSslXrPIwU6tH/8kYwc
PclMdjg7IxeH/m52psdzWIcvxdpoW+hQvnHC3kIW/oRVCZo019bnNUNS9eHQLzUJ
QHo2cJ8EsSDU2GRVUmxoCwi57AsQ1D33Ed+XPrsWSbnKgsN+VDQnU/YG1nA3iCxk
5WDKU9GNnYv9ow93hgyR1nrZBd2zN3vB8v3eZ4HktA8dtgy34m4=
=c9/6
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds