February 8, 2013: Rack Vulnerabilities CVE-2013-0263/CVE-2013-0262

Friday February 8, 2013 7:39am PST/ 3:39pm UTC

We have now added a Security Forums section so please follow the link here to subscribe (must be logged in):  

https://support.cloud.engineyard.com/forums/21767621-Security-Updates 

The following article has been posted:

https://support.cloud.engineyard.com/entries/23128773-February-8-2013-Rack-Vulnerabilities-CVE-2013-0263-CVE-2013-0262

Rack Vulnerability

It was brought to our attention that there have been two recent Rack Vulnerabilities via http://rack.github.com/.

CVE-2013-0263:

  • Affected Versions: All Previous Versions
  • Fixed Versions: 1.1.6, 1.2.8, 1.3.10, 1.4.5, 1.5.2

CVE-2013-0262:

  • Versions affected: All versions after 1.4.0
  • Versions fixed: 1.4.5, 1.5.2

What should I do?

Check your Gemfile and Gemfile.lock for vulnerable versions of rack, and if you are using one, update it immediately.

You can update each of these by using "bundle update rack".

Comments

0 comments

Article is closed for comments.