ruby-rack-cors vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
* Ubuntu 16.04 LTS
Summary
rack-cors would allow unintended access to files over the network.
Software Description
* ruby-rack-cors - provides support for Cross-Origin Resource
Sharing (CORS) for Rack compatible web applications
Details
It was discovered that rack-cors did not properly handle relative
file paths. An attacker could use this vulnerability to access
arbitrary files.
Update instructions
The problem can be corrected by updating your system to the
following package versions:
Ubuntu 16.04 LTS
ruby-rack-cors - 0.4.0-1+deb9u2build0.16.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary
changes.
References
* CVE-2019-18978
--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)