Unity Linux 20.1060e / 20.1070e Security Update: rubygem-puma (UTSA-2026-017658)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017658 advisory. Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that...

ruby4.0-rubygem-puma-6.4.3-1.5 on GA media (moderate)

ruby4.0-rubygem-puma-6.4.3-1.5 on GA media Announcement ID: openSUSE-SU-2026:10357-1 Rating: moderate Cross-References: CVE-2019-16770 CVE-2020-11076 CVE-2022-23634 CVE-2024-45614 CVSS scores: CVE-2019-16770 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-11076 SUSE : 6.8...

openSUSE Security Advisory (SUSE-SU-2025:03467-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : rubygem-puma (SUSE-SU-2025:03466-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03466-1 advisory. Update to version 5.6.9. - CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to...

SUSE-SU-2025:03467-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: Update to version 5.6.9. - CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to information leaks bsc1230848, fixed in an earlier update. - CVE-2024-21647: unbounded resource...

SUSE-SU-2025:03466-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: Update to version 5.6.9. - CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to information leaks bsc1230848, fixed in an earlier update. - CVE-2024-21647: unbounded resource...

Fedora 38 : rubygem-puma (2022-7bc0f14a13)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-7bc0f14a13 advisory. Automatic update for rubygem-puma-5.6.5-1.fc38. Changelog Thu Aug 25 2022 Vt Ondruch - 5.6.5-1 - Update to Puma 5.6.5. Resolves: rhbz2046576 Resolve...

OPENSUSE-SU-2024:14474-1 ruby3.3-rubygem-puma-6.4.3-1.1 on GA media

These are all security issues fixed in the ruby3.3-rubygem-puma-6.4.3-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-puma (SUSE-SU-2024:3644-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3644-1 advisory. - CVE-2024-45614: Prevent underscores from clobbering hyphen headers bsc1230848. - CVE-2024-21647: Fixed DoS when parsing chunked...

Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: CVE-2024-45614: Prevent underscores from clobbering hyphen headers bsc1230848. CVE-2024-21647: Fixed DoS when parsing chunked Transfer-Encoding bodies bsc1218638. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2024:3644-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: - CVE-2024-45614: Prevent underscores from clobbering hyphen headers bsc1230848. - CVE-2024-21647: Fixed DoS when parsing chunked Transfer-Encoding bodies bsc1218638...

CVE-2024-45614

A flaw was found in rubygem-puma. In affected versions, clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing an underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables are affected. v6.4.3/v5.6.9 now discards any...

Fedora: Security Advisory (FEDORA-2024-c393b8b2fb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2024:12032-1 ruby3.1-rubygem-puma-4-4.3.12-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-puma-4-4.3.12-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13166-1 ruby3.2-rubygem-puma-5-5.6.5-1.7 on GA media

These are all security issues fixed in the ruby3.2-rubygem-puma-5-5.6.5-1.7 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11847-1 ruby3.1-rubygem-puma-5.6.2-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-puma-5.6.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13721-1 ruby3.3-rubygem-puma-5-5.6.8-1.1 on GA media

These are all security issues fixed in the ruby3.3-rubygem-puma-5-5.6.8-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12900-1 ruby3.2-rubygem-puma-6.0.0-2.1 on GA media

These are all security issues fixed in the ruby3.2-rubygem-puma-6.0.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12592-1 ruby3.1-rubygem-puma-5-5.6.5-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-puma-5-5.6.5-1.1 package on the GA media of openSUSE Tumbleweed...

Fedora 40 : rubygem-puma (2024-c393b8b2fb)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c393b8b2fb advisory. Automatic update for rubygem-puma-6.4.2-1.fc40. Changelog Tue Jan 9 2024 Vt Ondruch - 6.4.2-1 - Update to Puma 6.4.2. Resolves: rhbz2134670 Resolves...