Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-254-1 librack-ruby

Debian Security Advisory

DLA-254-1 librack-ruby -- LTS security update

Date Reported:

26 Jun 2015

Affected Packages:

librack-ruby

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-3225.

More information:

There is a potential denial of service vulnerability in Rack, a modular Ruby webserver interface.

Carefully crafted requests can cause a `SystemStackError` and cause a denial of service attack by exploiting the lack of a sensible depth check when doing parameter normalization.

We recommend that you update your librack-ruby packages.