UbuntuUpdates.org

Package "ruby-webrick"

Name: ruby-webrick

Description:

HTTP server toolkit in Ruby
Latest version: 1.7.0-3ubuntu0.2
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://github.com/ruby/webrick

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ruby-webrick"

All arch deb package
APT INSTALL

Other versions of "ruby-webrick" in Jammy

Repository Area Version
updates main 1.7.0-3ubuntu0.2

Changelog

Version: 1.7.0-3ubuntu0.2 2025-08-21 17:43:02 UTC

  ruby-webrick (1.7.0-3ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: read_header HTTP Request Smuggling Vulnerability
    - debian/patches/CVE-2025-6442-pre1.patch: fix ReDoS parse_header in
      lib/webrick/httputils.rb.
    - debian/patches/CVE-2025-6442-pre2.patch: fix ReDoS split_header_value
      in lib/webrick/httputils.rb.
    - debian/patches/CVE-2025-6442-pre3.patch: merge multiple cookie
      headers, preserving semantic correctness in
      lib/webrick/httprequest.rb, lib/webrick/httputils.rb,
      test/webrick/test_httprequest.rb.
    - debian/patches/CVE-2025-6442.patch: require CRLF line endings in
      request line and headers in lib/webrick/httprequest.rb,
      lib/webrick/httputils.rb, test/webrick/test_filehandler.rb,
      test/webrick/test_httprequest.rb.
    - CVE-2025-6442

 -- Marc Deslauriers <email address hidden> Thu, 14 Aug 2025 14:52:45 -0400
Source diff to previous version
CVE-2025-6442 Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affec

Version: 1.7.0-3ubuntu0.1 2024-10-08 13:07:00 UTC

  ruby-webrick (1.7.0-3ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP request smuggling via both a Content-Length
    header and a Transfer-Encoding header
    - debian/patches/CVE-2024-47220.patch: check for both headers in
      lib/webrick/httprequest.rb, test/webrick/test_httprequest.rb.
    - CVE-2024-47220

 -- Marc Deslauriers <email address hidden> Fri, 04 Oct 2024 07:57:18 -0400
CVE-2024-47220 An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and


About   -   Send Feedback to @ubuntu_updates