UBUNTU-CVE-2024-26146

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2024-26146

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-26146.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-26146

Related

Published

2024-02-29T00:15:00Z

Modified

2024-02-29T00:15:00Z

Summary

[none]

Details

Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.

References

Affected packages

Ubuntu:Pro:14.04:LTS / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/ubuntu/ruby-rack@1.5.2-3+deb8u3ubuntu1~esm8?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.2-3+deb8u3ubuntu1~esm8

Affected versions

1.*

1.5.2-1

1.5.2-1ubuntu0.1~esm1

1.5.2-3+deb8u3ubuntu1~esm2

1.5.2-3+deb8u3ubuntu1~esm3

1.5.2-3+deb8u3ubuntu1~esm4

1.5.2-3+deb8u3ubuntu1~esm6

1.5.2-3+deb8u3ubuntu1~esm7

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "ruby-rack": "1.5.2-3+deb8u3ubuntu1~esm8",
            "librack-ruby": "1.5.2-3+deb8u3ubuntu1~esm8",
            "librack-ruby1.8": "1.5.2-3+deb8u3ubuntu1~esm8",
            "librack-ruby1.9.1": "1.5.2-3+deb8u3ubuntu1~esm8"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/ubuntu/ruby-rack@1.6.4-3ubuntu0.2+esm6?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.4-3ubuntu0.2+esm6

Affected versions

1.*

1.5.2-4

1.6.4-2

1.6.4-3

1.6.4-3ubuntu0.1

1.6.4-3ubuntu0.2

1.6.4-3ubuntu0.2+esm1

1.6.4-3ubuntu0.2+esm2

1.6.4-3ubuntu0.2+esm4

1.6.4-3ubuntu0.2+esm5

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "ruby-rack": "1.6.4-3ubuntu0.2+esm6"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/ubuntu/ruby-rack@1.6.4-4ubuntu0.2+esm6?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.4-4ubuntu0.2+esm6

Affected versions

1.*

1.6.4-4

1.6.4-4ubuntu0.1

1.6.4-4ubuntu0.2

1.6.4-4ubuntu0.2+esm1

1.6.4-4ubuntu0.2+esm2

1.6.4-4ubuntu0.2+esm4

1.6.4-4ubuntu0.2+esm5

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "ruby-rack": "1.6.4-4ubuntu0.2+esm6"
        }
    ]
}

Ubuntu:20.04:LTS / ruby-rack

Package

Name: ruby-rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.6-3

2.0.7-2

2.0.7-2ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/ubuntu/ruby-rack@2.0.7-2ubuntu0.1+esm5?arch=src?distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.7-2ubuntu0.1+esm5

Affected versions

2.*

2.0.6-3

2.0.7-2

2.0.7-2ubuntu0.1

2.0.7-2ubuntu0.1+esm1

2.0.7-2ubuntu0.1+esm2

2.0.7-2ubuntu0.1+esm3

2.0.7-2ubuntu0.1+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "ruby-rack": "2.0.7-2ubuntu0.1+esm5"
        }
    ]
}

Ubuntu:22.04:LTS / ruby-rack

Package

Name: ruby-rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.4-3

2.1.4-4

2.1.4-5

2.1.4-5ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:22.04:LTS / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/ubuntu/ruby-rack@2.1.4-5ubuntu1+esm5?arch=src?distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.4-5ubuntu1+esm5

Affected versions

2.*

2.1.4-3

2.1.4-4

2.1.4-5

2.1.4-5ubuntu1

2.1.4-5ubuntu1+esm2

2.1.4-5ubuntu1+esm3

2.1.4-5ubuntu1+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "ruby-rack": "2.1.4-5ubuntu1+esm5"
        }
    ]
}

Ubuntu:24.04:LTS / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/ubuntu/ruby-rack@2.2.7-1ubuntu0.1?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.7-1ubuntu0.1

Affected versions

2.*

2.2.4-3

2.2.7-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "ruby-rack": "2.2.7-1ubuntu0.1"
        }
    ]
}