Security
Security
A vulnerability was discovered in Thin which may allow local attackers to kill arbitrary processes (denial of service).
| Package | www-servers/thin on all architectures |
|---|---|
| Affected versions | <= 1.7.2 |
| Unaffected versions |
Thin is a small and fast Ruby web server.
It was discovered that Gentoo’s Thin ebuild does not properly handle its temporary runtime directories. This only affects OpenRC systems, as the flaw was exploitable via the init script.
A local attacker could cause denial of service by killing arbitrary processes.
There is no known workaround at this time.
Gentoo has discontinued support for Thin. We recommend that users unmerge Thin:
# emerge --unmerge "www-servers/thin"
NOTE: The Gentoo developer(s) maintaining Thin have discontinued support at this time. It may be possible that a new Gentoo developer will update Thin at a later date. There are many other web servers available in the tree in the www-servers category.
Release date
July 27, 2020
Latest revision
July 27, 2020: 1
Severity
normal
Exploitable
local
Bugzilla entries