{"id":50712,"date":"2023-10-30T17:02:24","date_gmt":"2023-10-30T14:02:24","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/175399\/glsa-202310-18.txt"},"modified":"2023-10-31T08:42:04","modified_gmt":"2023-10-31T05:12:04","slug":"gentoo-linux-security-advisory-202310-18","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/gentoo-linux-security-advisory-202310-18\/","title":{"rendered":"Gentoo Linux Security Advisory 202310-18"},"content":{"rendered":"

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nGentoo Linux Security Advisory GLSA 202310-18
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nhttps:\/\/security.gentoo.org\/
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>\n

Severity: High
\nTitle: Rack: Multiple Vulnerabilities
\nDate: October 30, 2023
\nBugs: #884795
\nID: 202310-18<\/p>\n

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>\n

Synopsis
\n========<\/p>\n

Multiple vulnerabilities have been discovered in Rack, the worst of
\nwhich can lead to sequence injection in logging compontents.<\/p>\n

Background
\n==========<\/p>\n

Rack is a modular Ruby web server interface.<\/p>\n

Affected packages
\n=================<\/p>\n

Package Vulnerable Unaffected
\n————- ———— ————
\ndev-ruby\/rack < 2.2.3.1 >= 2.2.3.1<\/p>\n

Description
\n===========<\/p>\n

Multiple vulnerabilities have been discovered in Rack. Please review the
\nCVE identifiers referenced below for details.<\/p>\n

Impact
\n======<\/p>\n

A possible denial of service vulnerability was found in the multipart
\nparsing component of Rack.<\/p>\n

A sequence injection vulnerability was found which could allow a
\npossible shell escape in the Lint and CommonLogger components of Rack.<\/p>\n

Workaround
\n==========<\/p>\n

There is no known workaround at this time.<\/p>\n

Resolution
\n==========<\/p>\n

All Rack users should upgrade to the latest version:<\/p>\n

# emerge –sync
\n# emerge –ask –oneshot –verbose “>=dev-ruby\/rack-2.2.3.1”<\/p>\n

References
\n==========<\/p>\n[ 1 ] CVE-2022-30122
\nhttps:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-30122
\n[ 2 ] CVE-2022-30123
\nhttps:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-30123<\/p>\n

Availability
\n============<\/p>\n

This GLSA and any updates to it are available for viewing at
\nthe Gentoo Security Website:<\/p>\n

https:\/\/security.gentoo.org\/glsa\/202310-18<\/p>\n

Concerns?
\n=========<\/p>\n

Security is a primary focus of Gentoo Linux and ensuring the
\nconfidentiality and security of our users’ machines is of utmost
\nimportance to us. Any security concerns should be addressed to
\nsecurity@gentoo.org or alternatively, you may file a bug at
\nhttps:\/\/bugs.gentoo.org.<\/p>\n

License
\n=======<\/p>\n

Copyright 2023 Gentoo Foundation, Inc; referenced text
\nbelongs to its owner(s).<\/p>\n

The contents of this document are licensed under the
\nCreative Commons – Attribution \/ Share Alike license.<\/p>\n

https:\/\/creativecommons.org\/licenses\/by-sa\/2.5<\/p>\n","protected":false},"excerpt":{"rendered":"

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Gentoo Linux Security Advisory GLSA 202310-18 – – – – – – – – – – – – – …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-50712","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/50712","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=50712"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/50712\/revisions"}],"predecessor-version":[{"id":50753,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/50712\/revisions\/50753"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=50712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=50712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=50712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}