Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 43: rubygem-rack Moderate Denial Service Update 2025-b6e0f437b6

fedora
Calendar Grey November 13, 2025
Dist Fedora Esm H88
Update to Rack 3.1.19 on Fedora 43 addresses Denial of Service issues and improves web application security features.
Update to Rack 3.1.19

Summary

Rack provides a minimal, modular and adaptable interface for developing

web applications in Ruby. By wrapping HTTP requests and responses in

the simplest way possible, it unifies and distills the API for web

servers, web frameworks, and software in between (the so-called

middleware) into a single method call.

Update Information:

Update to Rack 3.1.19

Topics%20covered

Topics Covered

security advisory moderate fedora denial service web application rubygem-rack

Change Log

* Tue Nov 4 2025 Vt Ondruch - 1:3.1.19-1 - Update to Rack 3.1.19

References


[ 1 ] Bug #2402174 - CVE-2025-61770 rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) https://bugzilla.redhat.com/show_bug.cgi?id=2402174 [ 2 ] Bug #2402175 - CVE-2025-61771 rack: Rack's multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion) https://bugzilla.redhat.com/show_bug.cgi?id=2402175 [ 3 ] Bug #2402200 - CVE-2025-61772 rack: Rack memory exhaustion denial of service https://bugzilla.redhat.com/show_bug.cgi?id=2402200 [ 4 ] Bug #2403126 - CVE-2025-61780 rubygem-rack: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass https://bugzilla.redhat.com/show_bug.cgi?id=2403126 [ 5 ] Bug #2403180 - CVE-2025-61919 rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion https://bugzilla.redhat.com/show_bug.cgi?id=2403180

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b6e0f437b6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: rubygem-rack
Product: Fedora 43
Version: 3.1.19
Release: 1.fc43
URL: https://github.com/rack/rack
Summary: A modular Ruby webserver interface

Topics%20covered

Topics Covered

security advisory moderate fedora denial service web application rubygem-rack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here