ruby3.1-rubygem-rack-3.0.4.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12633-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ruby3.1-rubygem-rack-3.0.4.1-1.1 on GA media These are all security issues fixed in the ruby3.1-rubygem-rack-3.0.4.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12633 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-44570/ SUSE CVE CVE-2022-44570 page https://www.suse.com/security/cve/CVE-2022-44571/ SUSE CVE CVE-2022-44571 page https://www.suse.com/security/cve/CVE-2022-44572/ SUSE CVE CVE-2022-44572 page openSUSE Tumbleweed ruby3.1-rubygem-rack-3.0.4.1-1.1 ruby3.1-rubygem-rack-3.0.4.1-1.1 as a component of openSUSE Tumbleweed A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. CVE-2022-44570 openSUSE Tumbleweed:ruby3.1-rubygem-rack-3.0.4.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-44570.html CVE-2022-44570 https://bugzilla.suse.com/1207597 SUSE Bug 1207597 There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted. CVE-2022-44571 openSUSE Tumbleweed:ruby3.1-rubygem-rack-3.0.4.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-44571.html CVE-2022-44571 https://bugzilla.suse.com/1207599 SUSE Bug 1207599 A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. CVE-2022-44572 openSUSE Tumbleweed:ruby3.1-rubygem-rack-3.0.4.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-44572.html CVE-2022-44572 https://bugzilla.suse.com/1207596 SUSE Bug 1207596