[SECURITY] Fedora 28 Update: rubygem-rack-2.0.4-4.fc28

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-02e965a729 2018-11-28 02:44:22.549689 -------------------------------------------------------------------------------- Name : rubygem-rack Product : Fedora 28 Version : 2.0.4 Release : 4.fc28 URL : http://rack.github.io/ Summary : A modular Ruby webserver interface Description : Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call. -------------------------------------------------------------------------------- Update Information: * Buffer size in multipart parser allows for denial of service (CVE-2018-16470). * Cross-site scripting (XSS) via `scheme` method on `Rack::Request` (CVE-2018-16471). -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 12 2018 V��t Ondruch <vondruch(a)redhat.com&gt; - 1:2.0.4-4 - Buffer size in multipart parser allows for denial of service (CVE-2018-16470). - Cross-site scripting (XSS) via `scheme` method on `Rack::Request` (CVE-2018-16471). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1646814 - CVE-2018-16470 rubygem-rack: Buffer size in multipart parser allows for denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1646814 [ 2 ] Bug #1646818 - CVE-2018-16471 rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request` https://bugzilla.redhat.com/show_bug.cgi?id=1646818 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-02e965a729' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------