It was discovered that HtmlCleaner incorrectly handled certain html
documents. An attacker could possibly use this issue to cause a denial
of service via application crash.
ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-11076)
It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-11077)
Jean Boussier discovered that Puma might not always release resources
properly after handling HTTP requests. A remote attacker could possibly
use this issue to read sensitive information. (CVE-2022-23634)
It was discovered that Puma incorrectly handled certain malformed headers.
A remote attacker could use this issue to perform an HTTP Request Smuggling
attack. (CVE-2022-24790)
Ben Kallus discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could use this issue to perform an HTTP Request Smuggling
attack. (CVE-2023-40175)
Bartek Nowotarski discovered that Puma incorrectly handled parsing certain
encoded content. A remote attacker could possibly use this to cause a
denial of service. (CVE-2024-21647)
Update to 3.3.0
Remove network-scripts subpackage starting from Fedora 40
Backport a simple fix to avoid “SSL db: implementation” test to fail
It also indirectly fix CVE-2023-3966 and CVE-2023-5366
Fix issue with uninitialized variable and DPP encrypt.
Fix issue with Access Point mode and ATTR_MAC validation.
Fix issue with Access Point mode and frequency attributes.
Fix issue with P2P and handling client info description.
Fix issue with P2P and handling parsing of service info.
Fix issue with netconfig and handling domain list.
Add support for forcing a default ECC group.
Fix issue with uninitialized variable and DPP encrypt.
Fix issue with Access Point mode and ATTR_MAC validation.
Fix issue with Access Point mode and frequency attributes.
Fix issue with P2P and handling client info description.
Fix issue with P2P and handling parsing of service info.
Fix issue with netconfig and handling domain list.
Add support for forcing a default ECC group.