Stay Secure with the Latest Linux Advisories

security advisorydenial of serviceUbuntu

Ubuntu 25.10: Rack Critical DoS Risk Fix USN-7960-1 CVE-2025-59830

Several security issues were fixed in Rack.. ========================================================================== Ubuntu Security Notice USN-7960-1 January 14, 2026 ruby-rack vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Rack. Software Description: - ruby-rack: modular Ruby webserver interface Details: It was discovered that Rack incorrectly handled certain query parameters. An attacker could possibly use this issue to cause a limited denial of service. This issue was only addressed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2025-59830) It was discovered that Rack did not properly handle certain multipart form data. An attacker could possibly use this issue to cause memory exhaustion, leading to a denial of service. This issue was only addressed in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61770, CVE-2025-61772) It was discovered that Rack did not properly handle certain form fields. An attacker could possibly use this issue to cause memory exhaustion, leading to a denial of service. This issue was only addressed in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61771) It was discovered that Rack did not properly handle certain headers. An attacker could possibly use this issue to bypass proxy access restrictions and obtain sensitive information. (CVE-2025-61780) Tomoya Yamashita discovered that Rack did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause memory exhaustion, leading to a denial of service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61919) Update instructions: The problem can be corrected by updating your system to the following packageversions: Ubuntu 25.10 ruby-rack 3.1.16-0.1ubuntu0.1 Ubuntu 24.04 LTS ruby-rack 2.2.7-1ubuntu0.5 Ubuntu 22.04 LTS ruby-rack 2.1.4-5ubuntu1.2 Ubuntu 20.04 LTS ruby-rack 2.0.7-2ubuntu0.1+esm8 Available with Ubuntu Pro Ubuntu 18.04 LTS ruby-rack 1.6.4-4ubuntu0.2+esm9 Available with Ubuntu Pro Ubuntu 16.04 LTS ruby-rack 1.6.4-3ubuntu0.2+esm9 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7960-1 CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61780, CVE-2025-61919 Package Information: https://launchpad.net/ubuntu/+source/ruby-rack/3.1.16-0.1ubuntu0.1 https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1ubuntu0.5 https://launchpad.net/ubuntu/+source/ruby-rack/2.1.4-5ubuntu1.2 . Several security issues in Rack were fixed for multiple Ubuntu releases with potential denial of service and memory exhaustion risks.. rack vulnerabilities, ruby webserver, ubuntu security, denial of service, memory management. . Severity: Important. LinuxSecurity.com Team

Jan 15, 2026 •Important Ubuntu