Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Mageia 9: ruby-rack Important DoS Threat Advisory MGASA-2025-0334

mageia
Calendar Grey December 29, 2025
Dist Mageia Esm H88
Updated ruby-rack packages in Mageia address critical DoS threats and enhance application security.
MGASA-2025-0334 - Updated ruby-rack packages fix security vulnerabilities

Summary

Description: Unbounded-Parameter DoS in Rack::QueryParser. (CVE-2025-46727) ReDoS Vulnerability in Rack::Multipart handle_mime_head. (CVE-2025-49007) Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters. (CVE-2025-59830) Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion). (CVE-2025-61770) Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion). (CVE-2025-61771) Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion). (CVE-2025-61772) Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing. (CVE-2025-61919) Rack has Possible Information Disclosure Vulnerability. (CVE-2025-61780)

References

- https://bugs.mageia.org/show_bug.cgi?id=34755

- https://rack.github.io/rack/3.2/CHANGELOG_md.html

- https://www.cve.org/CVERecord?id=CVE-2025-46727

- https://www.cve.org/CVERecord?id=CVE-2025-49007

- https://www.cve.org/CVERecord?id=CVE-2025-59830

- https://www.cve.org/CVERecord?id=CVE-2025-61770

- https://www.cve.org/CVERecord?id=CVE-2025-61771

- https://www.cve.org/CVERecord?id=CVE-2025-61772

- https://www.cve.org/CVERecord?id=CVE-2025-61919

- https://www.cve.org/CVERecord?id=CVE-2025-61780

Resolution

SRPMS

- 9/core/ruby-rack-2.2.21-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 29 Dec 2025
URL: https://advisories.mageia.org/MGASA-2025-0334.html
Type: security
CVE: CVE-2025-46727, CVE-2025-49007, CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919, CVE-2025-61780

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here