Explore top 10 tips to secure your open-source projects now. Read More
×
This update has improvements to generate more secure session IDs (CVE-2026-8503).. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e8ef64b8d3 2026-05-23 15:47:52.432930+00:00 -------------------------------------------------------------------------------- Name : perl-Apache-Session-Browseable Product : Fedora 43 Version : 1.3.19 Release : 1.fc43 URL : https://metacpan.org/release/Apache-Session-Browseable Summary : Add index and search methods to Apache::Session Description : A virtual Apache::Session back-end providing some class methods to manipulate all sessions and add the capability to index some fields to make re-search faster. -------------------------------------------------------------------------------- Update Information: This update has improvements to generate more secure session IDs (CVE-2026-8503). -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2026 Paul Howarth - 1.3.19-1 - Update to 1.3.19 (rhbz#2477392) - Apache::Session::Generate::SHA256 used a low-entropy seed (time, PID, rand, stringified hash ref) to derive session identifiers; use Crypt::URandom to generate session ids from a cryptographically secure source, falling back to the previous hashing method only if Crypt::URandom is unavailable (CVE-2026-8503, similar in scope to CVE-2025-40931 and CVE-2025-40932) - Fix Redis indexes: never cleaned before - Improve resilience and reliability of Patroni driver * Thu Apr 9 2026 Xavier Bachelot - 1.3.18-4 - BR: perl(DBD::Cassandra) to improve test coverage * Fri Jan 16 2026 Fedora Release Engineering - 1.3.18-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2477392 - perl-Apache-Session-Browseable-1.3.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=2477392 [ 2 ] Bug #2477847 - CVE-2026-8503 perl-Apache-Session-Browseable: perl-Apache-Session-Browseable: Predictable session IDs allow unauthorized system access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2477847 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e8ef64b8d3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Rack::Session could allow unintended access to network services.. ========================================================================== Ubuntu Security Notice USN-8190-2 April 28, 2026 ruby-rack-session vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS Summary: Rack::Session could allow unintended access to network services. Software Description: - ruby-rack-session: Session management implementation for Rack Details: USN-8190-1 fixed a vulnerability in Rack::Session. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS ruby-rack-session 2.1.1-0.1ubuntu0.26.04.1 After a standard system update you need to restart ruby-rack-session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8190-2 https://ubuntu.com/security/notices/USN-8190-1 CVE-2026-39324 Package Information: https://launchpad.net/ubuntu/+source/ruby-rack-session/2.1.1-0.1ubuntu0.26.04.1 . Update for Rack::Session vulnerability in Ubuntu 26.04 LTS ensuring session integrity.. Ubuntu Security Notice, session management, unauthorized access, ruby-rack-session, security update. . Severity: Important. LinuxSecurity.com Team
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-7988-2 January 29, 2026 linux-aws-fips, linux-fips vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS - linux-fips: Linux kernel with FIPS Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - NVME drivers; - File systems infrastructure; - Timer subsystem; - Memory management; - Packet sockets; (CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195, CVE-2024-56606, CVE-2024-56756, CVE-2025-39993) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS linux-image-4.15.0-1143-fips 4.15.0-1143.155 Available with Ubuntu Pro linux-image-4.15.0-2126-aws-fips 4.15.0-2126.132 Available with Ubuntu Pro linux-image-aws-fips 4.15.0.2126.120 Available with Ubuntu Pro linux-image-aws-fips-4.15 4.15.0.2126.120 Available with Ubuntu Pro linux-image-fips 4.15.0.1143.140 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might haveinstalled. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7988-2 https://ubuntu.com/security/notices/USN-7988-1 CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195, CVE-2024-56606, CVE-2024-56756, CVE-2025-39993 Package Information: . Discover important updates addressing multiple Linux kernel security flaws in Ubuntu 18.04 and AWS systems for enhanced protection.. Linux Kernel, Ubuntu Security, System Update, AWS FIPS, Ubuntu 18.04. . Severity: Critical. LinuxSecurity.com Team
This update upgrade the package to version 0.36. This version fixes CVE-2025-40923 by using Crypt::SysRandom to generate secure session IDs.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-ca07c36a0a 2025-09-16 01:14:45.503765+00:00 -------------------------------------------------------------------------------- Name : perl-Plack-Middleware-Session Product : Fedora 42 Version : 0.36 Release : 1.fc42 URL : http://metacpan.org/release/Plack-Middleware-Session Summary : Middleware for session management Description : This is a Plack Middleware component for session management. By default it will use cookies to keep session state and store data in memory. This distribution also comes with other state and store solutions. -------------------------------------------------------------------------------- Update Information: This update upgrade the package to version 0.36. This version fixes CVE-2025-40923 by using Crypt::SysRandom to generate secure session IDs. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 31 2025 Emmanuel Seyman - 0.36-1 - Update to 0.36 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2381421 - CVE-2025-40923 perl-Plack-Middleware-Session: Plack-Middleware-Session insecure session ids [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2381421 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-ca07c36a0a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
This update upgrade the package to version 0.44. This version fixes CVE-2025-40924 by using Crypt::SysRandom to generate properly random session IDs.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-90d5989bee 2025-09-16 01:14:45.503759+00:00 -------------------------------------------------------------------------------- Name : perl-Catalyst-Plugin-Session Product : Fedora 42 Version : 0.44 Release : 1.fc42 URL : https://metacpan.org/release/Catalyst-Plugin-Session Summary : Catalyst generic session plugin Description : This plugin is the base of two related parts of functionality required for session management in web applications. The first part, the State, is getting the browser to repeat back a session key, so that the web application can identify the client and logically string several requests together into a session. The second part, the Store, deals with the actual storage of information about the client. This data is stored so that the it may be revived for every request made by the same client. This plugin links the two pieces together. -------------------------------------------------------------------------------- Update Information: This update upgrade the package to version 0.44. This version fixes CVE-2025-40924 by using Crypt::SysRandom to generate properly random session IDs. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 31 2025 Emmanuel Seyman - 0.44-1 - Update to 0.44 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2381744 - CVE-2025-40924 perl-Catalyst-Plugin-Session: Catalyst::Plugin::Session generates session ids insecurely [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2381744 -------------------------------------------------------------------------------- This update can be installed with the "dnf"update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-90d5989bee' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Several security issues were fixed in tomcat8, tomcat9, tomcat10.. ========================================================================== Ubuntu Security Notice USN-7562-1 June 09, 2025 tomcat vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in tomcat8, tomcat9, tomcat10. Software Description: - tomcat9: Servlet and JSP engine - tomcat10: Servlet and JSP engine - tomcat8: Servlet and JSP engine Details: It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2023-28708) It was discovered that Tomcat incorrectly recycled certain objects, which could lead to information leaking from one request to the next. An attacker could potentially use this issue to leak sensitive information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2023-42795) It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2023-45648) It was discovered that Tomcat incorrectly handled incomplete POST requests, which could cause error responses to contain data from previous requests. An attacker could potentially use this issue to leak sensitive information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2024-21733) It was discovered that Tomcat incorrectly handled socket cleanup, which could lead to websocket connections staying open. An attacker could possibly use this issue to cause a denial of service. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS, tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04, and for tomcat10 on Ubuntu 24.04 LTS. (CVE-2024-23672) It was discovered that Tomcat incorrectly handled HTTP/2 requests that exceeded configured header limits. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-24549) It was discovered that Tomcat incorrectly handled some cases of excessive HTTP headers when processing HTTP/2 streams. This led to miscounting of active streams and incorrect timeout handling. An attacker could possibly use this issue to cause connections to remain open indefinitely, leading to a denial of service. This issue was fixed for tomcat9 on Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04, and for tomcat10 on Ubuntu 24.04 LTS. (CVE-2024-34750) It was discovered that Tomcat incorrectly handled TLS handshake processes under certain configurations. An attacker could possibly use this issue to cause a denial of service. This issue was fixed for tomcat9 on Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04, and for tomcat10 on Ubuntu 24.04 LTS. (CVE-2024-38286) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libtomcat9-java 9.0.70-2ubuntu1.25.04.2 Ubuntu 24.10 libtomcat9-java 9.0.70-2ubuntu1.24.10.2 Ubuntu 24.04 LTS libtomcat10-java 10.1.16-1ubuntu0.1~esm2 Available with Ubuntu Pro libtomcat9-java 9.0.70-2ubuntu0.1+esm2 Available with Ubuntu Pro . Several significant security flaws in Tomcat have been addressed across different Ubuntu releases, safeguarding against potential data breaches and service disruptions.. Tomcat Update, Ubuntu Security Advisory, Web Server Issues. . Severity: Critical. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for rubygem-rack Announcement ID: SUSE-SU-2025:01586-1 Release Date: 2025-05-19T17:23:48Z Rating: important References: * bsc#1242894 * bsc#1242899 Cross-References: * CVE-2025-32441 * CVE-2025-46727 CVSS scores: * CVE-2025-32441 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-32441 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2025-32441 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2025-46727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-46727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-46727 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now beinstalled. ## Description: This update for rubygem-rack fixes the following issues: * CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser (bsc#1242894). * CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool middleware is being used (bsc#1242899). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1586=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2025-1586=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2025-1586=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2025-1586=1 * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2025-1586=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.31.1 * ruby2.5-rubygem-rack-2.0.8-150000.3.31.1 * ruby2.5-rubygem-rack-doc-2.0.8-150000.3.31.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-2.0.8-150000.3.31.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-2.0.8-150000.3.31.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-2.0.8-150000.3.31.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-2.0.8-150000.3.31.1 ## References: * https://www.suse.com/security/cve/CVE-2025-32441.html *https://www.suse.com/security/cve/CVE-2025-46727.html * https://bugzilla.suse.com/show_bug.cgi?id=1242894 * https://bugzilla.suse.com/show_bug.cgi?id=1242899 . The latest update resolves critical security vulnerabilities in rubygem-rack for SUSE systems, bolstering overall system integrity.. rubygem-rack security, openSUSE update, software patch, memory exhaustion fix. . Severity: Important. LinuxSecurity.com Team
* bsc#1242894 * bsc#1242899 Cross-References: * CVE-2025-32441 . # Security update for rubygem-rack Announcement ID: SUSE-SU-2025:01586-1 Release Date: 2025-05-19T17:23:48Z Rating: important References: * bsc#1242894 * bsc#1242899 Cross-References: * CVE-2025-32441 * CVE-2025-46727 CVSS scores: * CVE-2025-32441 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-32441 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2025-32441 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2025-46727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-46727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-46727 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now beinstalled. ## Description: This update for rubygem-rack fixes the following issues: * CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser (bsc#1242894). * CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool middleware is being used (bsc#1242899). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1586=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2025-1586=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2025-1586=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2025-1586=1 * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2025-1586=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.31.1 * ruby2.5-rubygem-rack-2.0.8-150000.3.31.1 * ruby2.5-rubygem-rack-doc-2.0.8-150000.3.31.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-2.0.8-150000.3.31.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-2.0.8-150000.3.31.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-2.0.8-150000.3.31.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-2.0.8-150000.3.31.1 ## References: * https://www.suse.com/security/cve/CVE-2025-32441.html *https://www.suse.com/security/cve/CVE-2025-46727.html * https://bugzilla.suse.com/show_bug.cgi?id=1242894 * https://bugzilla.suse.com/show_bug.cgi?id=1242899 . A patch has been issued for rubygem-rack addressing significant vulnerabilities and enhancing protection across multiple SUSE releases.. rubygem-rack, SUSE security update, memory exhaustion issue, session management fix. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.