Showing 1 - 2 of 2

CVE-2021-29509

Status Candidate

Overview

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma.

Related Files

Gentoo Linux Security Advisory 202208-28: Posted Aug 15, 2022; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202208-28 - Multiple vulnerabilities have been discovered in Puma, the worst of which could result in denial of service. Versions less than 5.6.4 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2021-29509, CVE-2021-41136, CVE-2022-23634, CVE-2022-24790; SHA-256 | 51d80202b17d26e770c6b888e4b18d99137d5db35b0f58a3e0afac846b11ae46; Download | Favorite | View

Red Hat Security Advisory 2021-4702-01: Posted Nov 17, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-4702-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include XML injection, code execution, denial of service, information leakage, local file inclusion, man-in-the-middle, memory leak, open redirection, password leak, remote file inclusion, remote shell upload, and traversal vulnerabilities.; tags | advisory, remote, denial of service, shell, local, vulnerability, code execution, memory leak, file inclusion; systems | linux, redhat; advisories | CVE-2019-14853, CVE-2019-14859, CVE-2019-25025, CVE-2020-14343, CVE-2020-26247, CVE-2020-8130, CVE-2020-8908, CVE-2021-20256, CVE-2021-21330, CVE-2021-22885, CVE-2021-22902, CVE-2021-22904, CVE-2021-28658, CVE-2021-29509, CVE-2021-31542, CVE-2021-32740, CVE-2021-33203, CVE-2021-33503, CVE-2021-33571, CVE-2021-3413, CVE-2021-3494; SHA-256 | 8add47f95e7029cc9b29e159ddcedaf8b823cd7f438afa063e0aa09ebed5c91a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 235 files
Ubuntu 50 files
Debian 19 files
LiquidWorm 15 files
Apple 9 files
Gentoo 5 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,945)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,987)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CVE-2021-29509

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems