Debian 10261 Published by

A ruby-excon security update has been released for Debian GNU/Linux 8 LTS to address a race condition around persistent connections.



Package : ruby-excon
Version : 0.33.0-2+deb8u1
CVE ID : CVE-2019-16779
Debian Bug : 946904

In RubyGem excon before 0.71.0, there was a race condition around
persistent connections, where a connection which is interrupted (such
as by a timeout) would leave data on the socket. Subsequent requests
would then read this data, returning content from the previous response.

For Debian 8 "Jessie", this problem has been fixed in version
0.33.0-2+deb8u1.

We recommend that you upgrade your ruby-excon packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:   https://wiki.debian.org/LTS