A ruby-rack security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue that possibly resulting in a denial of service attack vector.
ELA-936-1 ruby-rack security update
Package : ruby-rack
Version : 1.6.4-4+deb9u5 (stretch)
Related CVEs :
CVE-2023-27539
It was found out that a carefully crafted input can cause header parsing in
Rack, a modular Ruby webserver interface, to take an unexpected amount of time,
possibly resulting in a denial of service attack vector. Any applications that
parse headers using Rack (virtually all Rails applications) are impacted.
