Advisories » MGASA-2015-0346

Updated ruby-rack packages fix CVE-2015-3225

Publication date: 08 Sep 2015
Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3225

Description

Updated ruby-rack packages fix security vulnerability:

lib/rack/utils.rb in Rack before 1.5.4 allows remote attackers to cause a
denial of service (SystemStackError) via a request with a large parameter
depth (CVE-2015-3225).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16220
• https://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225

SRPMS

5/core

• ruby-rack-1.5.2-7.1.mga5

4/core

• ruby-rack-1.5.2-5.1.mga4