Security update for rubygem-puma
This update for rubygem-puma to version 4.3.5 fixes the following issues:
- CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage (bsc#1172175).
- CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header (bsc#1172176).
- Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Dario Maiocchi (dmaiocchi)
Fixed bugs
bnc#1172175
VUL-1: CVE-2020-11077: rubygem-puma: client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client
bnc#1172176
VUL-1: CVE-2020-11076: rubygem-puma: attacker could smuggle an HTTP response, by using an invalid transfer-encoding header
