CVE-2012-6109

Common Vulnerabilities and Exposures

Upstream information

CVE-2012-6109 at MITRE

Description

lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 798452

SUSE Security Advisories:

SUSE-SU-2013:0508-1, published Wed, 20 Mar 2013 17:04:42 +0100 (CET)
openSUSE-SU-2013:0338-1, published Mon, 25 Feb 2013 11:06:04 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Studio Extension for System z 1.2 SUSE Studio Onsite 1.2 [Appliance - Studio] SUSE Studio Standard Edition 1.2 WebYaST 1.2	`rubygem-rack >= 1.1.6-0.8.8.1`	Builds SAT Patch Nr: 7389
SUSE Cloud 1.0 SUSE Linux Enterprise Software Development Kit 11 SP2	`rubygem-rack >= 1.1.6-0.9.2`	Builds SAT Patch Nr: 7388
SUSE Linux Enterprise Software Development Kit 11 SP2	`rubygem-rack-1_3 >= 1.3.10-0.5.1`	Builds SAT Patch Nr: 7387
BDK 11 SP2	`rubygem-actionmailer-3_2 >= 3.2.12-0.5.9` `rubygem-actionpack-3_2 >= 3.2.12-0.7.1` `rubygem-activemodel-3_2 >= 3.2.12-0.5.8` `rubygem-activerecord-3_2 >= 3.2.12-0.7.1` `rubygem-activeresource-3_2 >= 3.2.12-0.5.8` `rubygem-rails-3_2 >= 3.2.12-0.5.10` `rubygem-railties-3_2 >= 3.2.12-0.7.9`	Builds SAT Patch Nr: 7617
SUSE Linux Enterprise Software Development Kit 11 SP2	`rubygem-activesupport-3_2 >= 3.2.12-0.5.8` `rubygem-rack-1_4 >= 1.4.5-0.5.8`	Builds SAT Patch Nr: 7617
SUSE Lifecycle Management Server 1.3 SUSE Studio Onsite 1.3 WebYaST 1.3	`rubygem-actionmailer-3_2 >= 3.2.12-0.5.9` `rubygem-actionpack-3_2 >= 3.2.12-0.7.1` `rubygem-activemodel-3_2 >= 3.2.12-0.5.8` `rubygem-activerecord-3_2 >= 3.2.12-0.7.1` `rubygem-activeresource-3_2 >= 3.2.12-0.5.8` `rubygem-activesupport-3_2 >= 3.2.12-0.5.8` `rubygem-rack-1_4 >= 1.4.5-0.5.8` `rubygem-rails-3_2 >= 3.2.12-0.5.10` `rubygem-railties-3_2 >= 3.2.12-0.7.9`	Builds SAT Patch Nr: 7617
SUSE Cloud 1.0	`rubygem-merb-core >= 1.1.3-0.9.1`	Builds SAT Patch Nr: 7405

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy