Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 25.10 Rack Session Important Cookie Access Flaw CVE-2026-39324

ubuntu
Calendar Grey April 23, 2026
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-8190-1 addresses a flaw in Rack::Session allowing unauthorized access via manipulated cookies.
Rack::Session could allow unintended access to network services.

Summary

Rack::Session could allow unintended access to network services.

Software Description:

- ruby-rack-session: Session management implementation for Rack

Details:

SeungMyung Lee discovered that Rack::Session did not properly reject

cookies upon decryption failure. A remote attacker could use this issue to

manipulate session contents and possibly gain unauthorized access.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  ruby-rack-session               2.1.1-0.1ubuntu0.1

After a standard system update you need to restart ruby-rack-session to
make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8190-1

CVE-2026-39324

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8190-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here