Advisories ยป MGASA-2015-0346

Updated ruby-rack packages fix CVE-2015-3225

Publication date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3225

Description

Updated ruby-rack packages fix security vulnerability:

lib/rack/utils.rb in Rack before 1.5.4 allows remote attackers to cause a
denial of service (SystemStackError) via a request with a large parameter
depth (CVE-2015-3225).
                

References

SRPMS

5/core

4/core