Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-27539

Published: 22 March 2023

Possible Denial of Service Vulnerability in Rack’s header parsing

Priority

Medium

Status

Package Release Status
ruby-rack
Launchpad, Ubuntu, Debian 		bionic
Released (1.6.4-4ubuntu0.2+esm5)
Available with Ubuntu Pro
focal
Released (2.0.7-2ubuntu0.1+esm4)
Available with Ubuntu Pro
jammy
Released (2.1.4-5ubuntu1+esm4)
Available with Ubuntu Pro
kinetic Ignored
(end of life, was needs-triage)
lunar Ignored
(end of life, was needs-triage)
mantic
Released (2.2.4-3ubuntu0.1)
noble Not vulnerable
(2.2.7-1)
trusty
Released (1.5.2-3+deb8u3ubuntu1~esm7)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream
Released (2.2.6.4-1)
xenial
Released (1.6.4-3ubuntu0.2+esm5)
Available with Ubuntu Pro
Patches:
upstream: https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c
upstream: https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading