Ubuntu 25.10: Rack Critical DoS Risk Fix USN-7960-1 CVE-2025-59830
Jan 15, 2026
•
LinuxSecurity Advisories
2 - 3 min read
Several security issues were fixed in Rack.
==========================================================================
Ubuntu Security Notice USN-7960-1
January 14, 2026
ruby-rack vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Rack.
Software Description:
- ruby-rack: modular Ruby webserver interface
Details:
It was discovered that Rack incorrectly handled certain query parameters.
An attacker could possibly use this issue to cause a limited denial of
service. This issue was only addressed in Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2025-59830)
It was discovered that Rack did not properly handle certain multipart
form data. An attacker could possibly use this issue to cause memory
exhaustion, leading to a denial of service. This issue was only addressed
in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2025-61770, CVE-2025-61772)
It was discovered that Rack did not properly handle certain form fields.
An attacker could possibly use this issue to cause memory exhaustion,
leading to a denial of service. This issue was only addressed in Ubuntu
22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61771)
It was discovered that Rack did not properly handle certain headers. An
attacker could possibly use this issue to bypass proxy access
restrictions and obtain sensitive information. (CVE-2025-61780)
Tomoya Yamashita discovered that Rack did not properly manage memory
under certain circumstances. An attacker could possibly use this issue to
cause memory exhaustion, leading to a denial of service. This issue was
only addressed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS
and Ubuntu 25.10. (CVE-2025-61919)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
ruby-rack 3.1.16-0.1ubuntu0.1
Ubuntu 24.04 LTS
ruby-rack 2.2.7-1ubuntu0.5
Ubuntu 22.04 LTS
ruby-rack 2.1.4-5ubuntu1.2
Ubuntu 20.04 LTS
ruby-rack 2.0.7-2ubuntu0.1+esm8
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ruby-rack 1.6.4-4ubuntu0.2+esm9
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ruby-rack 1.6.4-3ubuntu0.2+esm9
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7960-1
CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772,
CVE-2025-61780, CVE-2025-61919
Package Information:
https://launchpad.net/ubuntu/+source/ruby-rack/3.1.16-0.1ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1ubuntu0.5
https://launchpad.net/ubuntu/+source/ruby-rack/2.1.4-5ubuntu1.2
PREVIOUS
NEXT
Ubuntu 25.10: Rack Critical DoS Risk Fix USN-7960-1 CVE-2025-59830
ubuntu
January 15, 2026
Several security issues were fixed in Rack.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Rack. Software Description: - ruby-rack: modular Ruby webserver interface Details: It was discovered that Rack incorrectly handled certain query parameters. An attacker could possibly use this issue to cause a limited denial of service. This issue was only addressed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2025-59830) It was discovered that Rack did not properly handle certain multipart form data. An attacker could possibly use this issue to cause memory exhaustion, leading to a denial of service. This issue was only addressed in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61770, CVE-2025-61772) It was discovered that Rack did not properly handle certain form fields. An attacker could possibly use this issue to cause memory e...
Read the Full AdvisoryUpdate Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 ruby-rack 3.1.16-0.1ubuntu0.1 Ubuntu 24.04 LTS ruby-rack 2.2.7-1ubuntu0.5 Ubuntu 22.04 LTS ruby-rack 2.1.4-5ubuntu1.2 Ubuntu 20.04 LTS ruby-rack 2.0.7-2ubuntu0.1+esm8 Available with Ubuntu Pro Ubuntu 18.04 LTS ruby-rack 1.6.4-4ubuntu0.2+esm9 Available with Ubuntu Pro Ubuntu 16.04 LTS ruby-rack 1.6.4-3ubuntu0.2+esm9 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7960-1
CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772,
CVE-2025-61780, CVE-2025-61919
Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-7960-1
Package Information
https://launchpad.net/ubuntu/+source/ruby-rack/3.1.16-0.1ubuntu0.1 https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1ubuntu0.5 https://launchpad.net/ubuntu/+source/ruby-rack/2.1.4-5ubuntu1.2
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!