Debian Security Advisory
DLA-254-1 librack-ruby -- LTS security update
- Date Reported:
- 26 Jun 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-3225.
- More information:
There is a potential denial of service vulnerability in Rack, a modular Ruby webserver interface.
Carefully crafted requests can cause a `SystemStackError` and cause a denial of service attack by exploiting the lack of a sensible depth check when doing parameter normalization.
We recommend that you update your librack-ruby packages.