ELA-278-1 ruby-rack security update

Debian 9921 Published 2020-09-05 07:16 by Philipp Esselbach

News

A ruby-rack security update has been released for Debian GNU/Linux 8 Extended LTS where an attacker can forge a secure or host-only cookie prefix.

ELA-278-1 ruby-rack security update

Package ruby-rack
Version 1.5.2-3+deb8u4
Related CVEs CVE-2020-8184

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

For Debian 8 jessie, these problems have been fixed in version 1.5.2-3+deb8u4.

We recommend that you upgrade your ruby-rack packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
ELA-278-1 ruby-rack security update

PCLinuxOS Review: This Classic Independent Linux Distribution is Definitely Worth a Look

Contentteller 3.0.1 released

Community

dhamu
Hello Phil, I have a Linux Tutorial website that curre ...
StephanX
Hi friends, i am new in the Linux universe but i try to ...
Philipp
I would try the XanMod kernel: https://xanmod.org I ...

ELA-278-1 ruby-rack security update

Windows

Linux

macOS

Community