Ubuntu Security Notice 4561-1 - It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie.
28ef3de904174b649936d692414682a56cecf83d39f38f6439d86a19b7efdea9
==========================================================================
Ubuntu Security Notice USN-4561-1
September 30, 2020
ruby-rack vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Rack could be made to expose sensitive information over the network.
Software Description:
- ruby-rack: modular Ruby webserver interface
Details:
It was discovered that Rack incorrectly handled certain paths. An attacker
could possibly use this issue to obtain sensitive information.
(CVE-2020-8161)
It was discovered that Rack incorrectly validated cookies. An attacker
could possibly use this issue to forge a secure cookie. (CVE-2020-8184)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
ruby-rack 1.6.4-4ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4561-1
CVE-2020-8161, CVE-2020-8184
Package Information:
https://launchpad.net/ubuntu/+source/ruby-rack/1.6.4-4ubuntu0.2