[SECURITY] [DLA 2719-1] ruby-actionpack-page-caching security update

Fri, 23 Jul 2021 09:24:01 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2719-1                [email protected]
https://www.debian.org/lts/security/                      Sylvain Beucler
July 23, 2021                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ruby-actionpack-page-caching
Version        : 1.0.2-4+deb9u1
CVE ID         : CVE-2020-8159
Debian Bug     : 960680

ooooooo_q discovered that the actionpack_page-caching Ruby gem, a
static page caching module for Rails, allows an attacker to write
arbitrary files to a web server, potentially resulting in remote code
execution if the attacker can write unescaped ERB to a view.

For Debian 9 stretch, this problem has been fixed in version
1.0.2-4+deb9u1.

We recommend that you upgrade your ruby-actionpack-page-caching packages.

For the detailed security status of ruby-actionpack-page-caching please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-actionpack-page-caching

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmD67LUACgkQDTl9HeUl
XjCbwxAAuJXeP99SX0emfKy4NEeUwwwAlTyQEmlQUXnbYL6H6rZYTq8TR5tJk2hd
HhReros/Yl0VwbeyJzD/ulig5FMcY7zNTeDuj8MI8BWvFXB+8Joi7dXoFLmKxmVO
80NMdDtDBAF75/Hw4qT339WKZucU4b1ZMCseHxt+VIq8hJvsZhcCmF/Ib2gILI9V
AA4Ykjkr2K0SmEOIJqg/pmj6+m8gm+xKbxSOO/tUIKdFv0CdU2x0XfUdX+DqN3ww
njefzbzLtaDnNeFX5XZtpp5EOcQQ85LJpwcRovIRpaI7Y9Jeu+n7HVorkaeo1ITp
ZGgn9v0VSbEP0NFq9Y10tdZi26rt5PRUWMe8ZWV/eHVEju7mPwj9pFf3X9McA+Uz
YboNjTRSe6mIZtQMG33uVQyrpel8JxE5MLGTVNe/P7hEa9HTM8ThCFs5oCVuWC9E
SubbNNh+N0aTXpd/Kbmbmje5W21fmqTe6FXjwuTpdvIeAFBuNzt202dUSkVQDWdz
cxiHsHDkJa0X9nGziiQAIIoNNUlLR3G6MPduR8Or/nNbbQpariDNEr9hmzL1XYpF
uS72UuPYAjZMiDAsOFIRkcE1Jx+B6KkJMXuQrKNTQelw18KIJ8r+OblRobZyAxsh
0LdAu4NQ0Fk1tywC2QYz6lH/SBL/AXOxuJx/Uf0iKA7/1P4CLFs=
=+584
-----END PGP SIGNATURE-----

Reply via email to