A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "ruby-rack": "1.5.2-3+deb8u3ubuntu1~esm6", "librack-ruby": "1.5.2-3+deb8u3ubuntu1~esm6", "librack-ruby1.8": "1.5.2-3+deb8u3ubuntu1~esm6", "librack-ruby1.9.1": "1.5.2-3+deb8u3ubuntu1~esm6" } ] }