USN-7036-1: Rack vulnerabilities

Read Time:1 Minute, 58 Second

It was discovered that Rack was not properly parsing data when processing
multipart POST requests. If a user or automated system were tricked into
sending a specially crafted multipart POST request to an application using
Rack, a remote attacker could possibly use this issue to cause a denial of
service. (CVE-2022-30122)

It was discovered that Rack was not properly escaping untrusted data when
performing logging operations, which could cause shell escaped sequences
to be written to a terminal. If a user or automated system were tricked
into sending a specially crafted request to an application using Rack, a
remote attacker could possibly use this issue to execute arbitrary code in
the machine running the application. (CVE-2022-30123)

It was discovered that Rack did not properly structure regular expressions
in some of its parsing components, which could result in uncontrolled
resource consumption if an application using Rack received specially
crafted input. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-44570, CVE-2022-44571)

It was discovered that Rack did not properly structure regular expressions
in its multipart parsing component, which could result in uncontrolled
resource consumption if an application using Rack to parse multipart posts
received specially crafted input. A remote attacker could possibly use
this issue to cause a denial of service. (CVE-2022-44572)

It was discovered that Rack incorrectly handled Multipart MIME parsing.
A remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2023-27530)

It was discovered that Rack incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
Rack to consume resources, leading to a denial of service.
(CVE-2023-27539)

It was discovered that Rack incorrectly parsed certain media types. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-25126)

It was discovered that Rack incorrectly handled certain Range headers. A
remote attacker could possibly use this issue to cause Rack to create
large responses, leading to a denial of service. (CVE-2024-26141)

It was discovered that Rack incorrectly handled certain crafted headers. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-26146)

Man Arrested Over UK Railway Station Wi-Fi Hack

Russian Hackers Target Ukrainian Servicemen via Messaging Apps

Data Breach at MC2 Data Leaves 100 Million at Risk of Fraud

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

When UK rail stations’ Wi-Fi was defaced by hackers the only casualty was the truth

Over a Third of Employees Secretly Sharing Work Info with AI

CISA warns hackers targeting industrial systems with “unsophisticated methods” as claims made of Lebanon water hack

Cybercriminals Hack UK Rail Network Wi-Fi

First Mobile Crypto Drainer Found on Google Play

aws-2020-12.1.fc39

aws-2020-16.1.fc40

Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)

cups-2.4.10-7.fc39 cups-browsed-2.0.1-3.fc39 libcupsfilters-2.1~b1-3.fc39 libppd-2.1~b1-2.fc39

cups-2.4.10-7.fc40 cups-browsed-2.0.1-3.fc40 libcupsfilters-2.1~b1-3.fc40 libppd-2.1~b1-2.fc40

cups-2.4.10-7.fc41 cups-browsed-2.0.1-3.fc41 libcupsfilters-2.1~b1-3.fc41 libppd-2.1~b1-2.fc41