发布于3月6日3月6日 Members CentOS Linux: CVE-2022-44572: Important: Satellite 6.14 security and bug fix update (CESA-2023:6818) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/28/2025 Description A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Solution(s) centos-upgrade-foreman-cli centos-upgrade-python39-pulp_manifest centos-upgrade-rubygem-amazing_print centos-upgrade-rubygem-apipie-bindings centos-upgrade-rubygem-clamp centos-upgrade-rubygem-domain_name centos-upgrade-rubygem-fast_gettext centos-upgrade-rubygem-ffi centos-upgrade-rubygem-ffi-debuginfo centos-upgrade-rubygem-ffi-debugsource centos-upgrade-rubygem-foreman_maintain centos-upgrade-rubygem-gssapi centos-upgrade-rubygem-hammer_cli centos-upgrade-rubygem-hammer_cli_foreman centos-upgrade-rubygem-hammer_cli_foreman_admin centos-upgrade-rubygem-hammer_cli_foreman_ansible centos-upgrade-rubygem-hammer_cli_foreman_azure_rm centos-upgrade-rubygem-hammer_cli_foreman_bootdisk centos-upgrade-rubygem-hammer_cli_foreman_discovery centos-upgrade-rubygem-hammer_cli_foreman_google centos-upgrade-rubygem-hammer_cli_foreman_openscap centos-upgrade-rubygem-hammer_cli_foreman_remote_execution centos-upgrade-rubygem-hammer_cli_foreman_tasks centos-upgrade-rubygem-hammer_cli_foreman_templates centos-upgrade-rubygem-hammer_cli_foreman_virt_who_configure centos-upgrade-rubygem-hammer_cli_foreman_webhooks centos-upgrade-rubygem-hammer_cli_katello centos-upgrade-rubygem-hashie centos-upgrade-rubygem-highline centos-upgrade-rubygem-http-accept centos-upgrade-rubygem-http-cookie centos-upgrade-rubygem-jwt centos-upgrade-rubygem-little-plugger centos-upgrade-rubygem-locale centos-upgrade-rubygem-logging centos-upgrade-rubygem-mime-types centos-upgrade-rubygem-mime-types-data centos-upgrade-rubygem-multi_json centos-upgrade-rubygem-netrc centos-upgrade-rubygem-oauth centos-upgrade-rubygem-oauth-tty centos-upgrade-rubygem-powerbar centos-upgrade-rubygem-rest-client centos-upgrade-rubygem-snaky_hash centos-upgrade-rubygem-unf centos-upgrade-rubygem-unf_ext centos-upgrade-rubygem-unf_ext-debuginfo centos-upgrade-rubygem-unf_ext-debugsource centos-upgrade-rubygem-unicode centos-upgrade-rubygem-unicode-debuginfo centos-upgrade-rubygem-unicode-debugsource centos-upgrade-rubygem-unicode-display_width centos-upgrade-rubygem-version_gem centos-upgrade-satellite-cli centos-upgrade-satellite-clone centos-upgrade-satellite-maintain References DSA-5530 CVE-2022-44572
