[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 254-1] librack-ruby security update

Package        : librack-ruby
Version        : 1.1.0-4+squeeze3
CVE ID         : CVE-2015-3225

There is a potential denial of service vulnerability in Rack, a modular
Ruby webserver interface.

Carefully crafted requests can cause a `SystemStackError` and cause a
denial of service attack by exploiting the lack of a sensible depth
check when doing parameter normalization.

We recommend that you update your librack-ruby packages.

Attachment: signature.asc
Description: Digital signature

Reply to: