ELA-785-1 ruby-rack security update

ReDoS vulnerability

2023-01-31
Packageruby-rack
Version1.6.4-4+deb9u4 (stretch)
Related CVEs CVE-2022-44570 CVE-2022-44571


A couple of ReDoS vulnerabilities were found in multipart parser and Rack::Utils.byte_ranges in ruby-rack, a modular Ruby webserver interface.



For Debian 9 stretch, these problems have been fixed in version 1.6.4-4+deb9u4.

We recommend that you upgrade your ruby-rack packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.