USN-4561-2

See a problem?

Source

https://ubuntu.com/security/notices/USN-4561-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4561-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-4561-2

Related

Published

2021-04-06T11:13:44.383235Z

Modified

2021-04-06T11:13:44.383235Z

Summary

ruby-rack vulnerabilities

Details

USN-4561-1 fixed vulnerabilities in Rack. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10.

Original advisory details:

It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8161)

It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie. (CVE-2020-8184)

References

Affected packages

Ubuntu:16.04:LTS / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/ubuntu/ruby-rack@1.6.4-3ubuntu0.2?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.4-3ubuntu0.2

Affected versions

1.*

1.5.2-4

1.6.4-2

1.6.4-3

1.6.4-3ubuntu0.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "ruby-rack": "1.6.4-3ubuntu0.2"
        }
    ]
}

Ubuntu:20.04:LTS / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/ubuntu/ruby-rack@2.0.7-2ubuntu0.1?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.7-2ubuntu0.1

Affected versions

2.*

2.0.6-3

2.0.7-2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "ruby-rack": "2.0.7-2ubuntu0.1"
        }
    ]
}