The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. External Reference: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
Created rubygem-puma tracking bugs for this issue: Affects: fedora-all [bug 1964875]
Upstream issue: https://github.com/puma/puma/issues/2625 Upstream commit: https://github.com/puma/puma/commit/df72887170c7ef3614c941c9bdefb4a1f3546ebf
This issue has been addressed in the following products: Red Hat Satellite 6.10 for RHEL 7 Via RHSA-2021:4702 https://access.redhat.com/errata/RHSA-2021:4702