Debian 10261 Published by

A ruby-rack security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue that possibly resulting in a denial of service attack vector.



ELA-936-1 ruby-rack security update

Package : ruby-rack
Version : 1.6.4-4+deb9u5 (stretch)

Related CVEs :
CVE-2023-27539

It was found out that a carefully crafted input can cause header parsing in
Rack, a modular Ruby webserver interface, to take an unexpected amount of time,
possibly resulting in a denial of service attack vector. Any applications that
parse headers using Rack (virtually all Rails applications) are impacted.

ELA-936-1 ruby-rack security update