Debian Security Advisory

DLA-254-1 librack-ruby -- LTS security update

Date Reported:
26 Jun 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-3225.
More information:

There is a potential denial of service vulnerability in Rack, a modular Ruby webserver interface.

Carefully crafted requests can cause a `SystemStackError` and cause a denial of service attack by exploiting the lack of a sensible depth check when doing parameter normalization.

We recommend that you update your librack-ruby packages.