Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: rubygem-rack Critical Denial Of Service Fix 2025-eae2126736

fedora
Calendar Grey November 13, 2025
Dist Fedora Esm H88
Fedora 42 updates rubygem-rack to fix critical denial of service issues affecting web applications and server stability.
Update to Rack 2.2.21

Summary

Rack provides a minimal, modular and adaptable interface for developing

web applications in Ruby. By wrapping HTTP requests and responses in

the simplest way possible, it unifies and distills the API for web

servers, web frameworks, and software in between (the so-called

middleware) into a single method call.

Update Information:

Update to Rack 2.2.21

Topics%20covered

Topics Covered

security advisory denial of service fedora critical DoS rubygem-rack

Change Log

* Tue Nov 4 2025 Vt Ondruch - 1:2.2.21-1 - Update to Rack 2.2.21 - CVE-2024-25126: Denial of Service Vulnerability in Rack Content-Type Parsing Resolves: rhbz#2265596 - CVE-2024-26141: Possible DoS Vulnerability with Range Header in Rack Resolves: rhbz#2265597 - CVE-2024-26146: Possible Denial of Service Vulnerability in Rack Header Parsing Resolves: rhbz#2265598 - CVE-2025-61780: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass Resolves: rhbz#2403530 - CVE-2025-61919: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion Resolves: rhbz#2403525 - CVE-2025-59830: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters Resolves: rhbz#2402988 - CVE-2025-32441: Rack Session Reuse Vulnerability Resolves: rhbz#2365053 - CVE-2025-46727: Unbounded-Parameter DoS in Rack::QueryParser Resolves: rhbz#2365000

References


[ 1 ] Bug #2164714 - CVE-2022-44571 rubygem-rack: denial of service in Content-Disposition parsing https://bugzilla.redhat.com/show_bug.cgi?id=2164714 [ 2 ] Bug #2164719 - CVE-2022-44570 rubygem-rack: denial of service in Content-Disposition parsing https://bugzilla.redhat.com/show_bug.cgi?id=2164719 [ 3 ] Bug #2164722 - CVE-2022-44572 rubygem-rack: denial of service in Content-Disposition parsing https://bugzilla.redhat.com/show_bug.cgi?id=2164722 [ 4 ] Bug #2176477 - CVE-2023-27530 rubygem-rack: Denial of service in Multipart MIME parsing https://bugzilla.redhat.com/show_bug.cgi?id=2176477 [ 5 ] Bug #2179649 - CVE-2023-27539 rubygem-rack: denial of service in header parsing https://bugzilla.redhat.com/show_bug.cgi?id=2179649 [ 6 ] Bug #2265593 - CVE-2024-25126 rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing https://bugzilla.redhat.com/show_bug.cgi?id=2265593 [ 7 ] Bug #2265594 - CVE-2024-26141...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-eae2126736' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rubygem-rack
Product: Fedora 42
Version: 2.2.21
Release: 9.fc42
URL: https://rack.github.io/
Summary: A modular Ruby webserver interface

Topics%20covered

Topics Covered

security advisory denial of service fedora critical DoS rubygem-rack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here