Security
Security
Multiple vulnerabilities have been found in Rack, the worst of which allow execution of arbitrary code.
| Package | dev-ruby/rack on all architectures |
|---|---|
| Affected versions | < 1.4.5 |
| Unaffected versions | >= 1.4.5 revision >= 1.3.10 revision >= 1.2.8 revision >= 1.1.6 |
Rack is a modular Ruby web server interface.
Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details.
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information.
There is no known workaround at this time.
All Rack 1.4 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.4.5"
All Rack 1.3 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.3.10"
All Rack 1.2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.2.8"
All Rack 1.1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-ruby/rack-1.1.6"