Several security issues were fixed in Rack.
Software Description:
- ruby-rack: modular Ruby webserver interface
Details:
It was discovered that Rack incorrectly handled certain query parameters.
An attacker could possibly use this issue to cause a limited denial of
service. This issue was only addressed in Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2025-59830)
It was discovered that Rack did not properly handle certain multipart
form data. An attacker could possibly use this issue to cause memory
exhaustion, leading to a denial of service. This issue was only addressed
in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2025-61770, CVE-2025-61772)
It was discovered that Rack did not properly handle certain form fields.
An attacker could possibly use this issue to cause memory exhaustion,
leading to a denial of service. This issue was only addressed in Ubuntu
22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61771)
It was discovered that Rack did not properly h...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
ruby-rack 3.1.16-0.1ubuntu0.1
Ubuntu 24.04 LTS
ruby-rack 2.2.7-1ubuntu0.5
Ubuntu 22.04 LTS
ruby-rack 2.1.4-5ubuntu1.2
Ubuntu 20.04 LTS
ruby-rack 2.0.7-2ubuntu0.1+esm8
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ruby-rack 1.6.4-4ubuntu0.2+esm9
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ruby-rack 1.6.4-3ubuntu0.2+esm9
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7960-1
CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772,
CVE-2025-61780, CVE-2025-61919
Get the latest Linux and open source security news straight to your inbox.