- Vulnerability/
- USN-6597-1
USN-6597-1: Puma vulnerability
First published: Thu Jan 25 2024(Updated: )
It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to consume resources, leading to a denial of service.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/puma | <5.6.5-4ubuntu2.1 | 5.6.5-4ubuntu2.1 |
| Ubuntu Linux | =23.10 | |
| All of | ||
| ubuntu/puma | <5.6.5-3ubuntu1.2 | 5.6.5-3ubuntu1.2 |
| Ubuntu Linux | =23.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of USN-6597-1?
USN-6597-1 is classified as a denial of service vulnerability which allows remote attackers to consume resources.
How do I fix USN-6597-1?
To fix USN-6597-1, upgrade to Puma version 5.6.5-4ubuntu2.1 or 5.6.5-3ubuntu1.2 depending on your Ubuntu version.
What systems are affected by USN-6597-1?
USN-6597-1 affects Ubuntu 23.10 and 23.04 using Puma versions up to 5.6.5-4ubuntu2.1 and 5.6.5-3ubuntu1.2 respectively.
Can USN-6597-1 lead to data breaches?
While USN-6597-1 primarily results in denial of service, it does not directly lead to data breaches as it does not intend to expose sensitive data.
How can I mitigate the risk of USN-6597-1?
To mitigate the risk of USN-6597-1, ensure your Puma installation is updated to the latest patched version.
- agent/severity
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/softwarecombine
- agent/type
- agent/description
- agent/event
- agent/references
- agent/trending
- agent/source
- agent/tags
- collector/usn
- source/Ubuntu
- anchor-related/USN-6682-1
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu linux
- version/ubuntu linux/23.10
- version/ubuntu linux/23.04