ruby3.2-rubygem-actionpack-7.0-7.0.4.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12878 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ruby3.2-rubygem-actionpack-7.0-7.0.4.3-1.1 on GA media These are all security issues fixed in the ruby3.2-rubygem-actionpack-7.0-7.0.4.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12878 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12878 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-23633/ SUSE CVE CVE-2022-23633 page openSUSE Tumbleweed ruby3.2-rubygem-actionpack-7.0-7.0.4.3-1.1 ruby3.2-rubygem-actionpack-7.0-7.0.4.3-1.1 as a component of openSUSE Tumbleweed Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. CVE-2022-23633 openSUSE Tumbleweed:ruby3.2-rubygem-actionpack-7.0-7.0.4.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23633.html CVE-2022-23633 https://bugzilla.suse.com/1196182 SUSE Bug 1196182