RHEL 8 : pcs (RHSA-2023:3403)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3403 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Denial ...

pcs security and bug fix update

An update is available for pcs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The pcs packages provide a command-line configuration system for the Pacemaker an...

RLSA-2023:2652 Important: pcs security and bug fix update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: webpack: Regression of CVE-2023-28154 fixes in the Rocky Linux CVE-2023-2319 rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 rubygem-rack: denial of...

RLSA-2023:3082 Moderate: pcs security and bug fix update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 rubygem-rack: denial of service in header parsing CVE-2023-27539 For more details about the security...

rubygem-rack: denial of service in header parsing

A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service...

RHEL 9 : pcs (RHSA-2023:2652)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2652 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: webpack:...

Important: Red Hat Security Advisory: pcs security and bug fix update

An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Important: pcs security and bug fix update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: webpack: Regression of CVE-2023-28154 fixes in the AlmaLinux CVE-2023-2319 rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 rubygem-rack: denial of...

Moderate: Red Hat Security Advisory: Logging Subsystem 5.6.5 - Red Hat OpenShift security update

Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...

rubygem-rack: denial of service in header parsing

A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service...

Moderate: Red Hat Security Advisory: pcs security and bug fix update

An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: pcs security and bug fix update

An update for pcs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SUSE-SU-2023:1869-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2023-27539: Fixed denial of service in header parsing bsc1209503...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2023:1685-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1685-1 advisory. - The Ruby on Rails advisory describes this vulnerability as follows: CVE-2023-27539 Note that Nessus has not tested for this issue but ha...

SUSE-SU-2023:1685-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2023-27539: Fixed denial of service in header parsing bsc1209503...

RHEL 7 : Red Hat Gluster Storage web-admin-build (RHSA-2023:1486)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1486 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Django is a high-level Python...

CVE-2023-27539

A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service. Mitigation Setting Regexp.timeout in Ruby 3.2 is a possible workaround...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2023:0725-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0725-1 advisory. - A DoS vulnerability exists in Rack v3.0.4.2, v2.2.6.3, v2.1.4.3 and v2.0.9.3 within in the Multipart MIME parsing code in which could...

SUSE-SU-2023:0725-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2023-27530: Fixed denial of service in Multipart MIME parsing bsc1209095...

CVE-2023-27530

A flaw was found in rubygem-rack. This issue occurs in the Multipart MIME parsing code in Rack, which limits the number of file parts but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than...