|
|
Subscribe / Log in / New account

Ubuntu alert USN-7784-1 (ruby-rack)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7784-1] Rack vulnerability


Date:
              Mon, 29 Sep 2025 19:23:21 +0000


Message-ID:
              <E1v3JSz-0005Pb-4S@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7784-1
September 29, 2025

ruby-rack vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS

Summary:

Rack could be made to crash if it received specially crafted network
traffic.

Software Description:
- ruby-rack: modular Ruby webserver interface

Details:

It was discovered that Rack incorrectly handled limiting the amount of
parameters. An attacker could possibly use this issue to bypass the
params_limit value, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  ruby-rack                       2.2.7-1.1ubuntu0.25.04.3

Ubuntu 24.04 LTS
  ruby-rack                       2.2.7-1ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7784-1
  CVE-2025-59830

Package Information:
  https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1.1u...
  https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1ubu...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmja3GoACgkQcpJm3tlz
hgHwlRAAwr1WhggZsukF73OpGOc0k/NQLIKqPchOmqYsy4k5NnL98AAXDZfOEjg1
rMPMtDc1ulnCvklRg5/KacgVXvrMYZt8SVfA9FtwL9/G2j8WQWbkDwp6SDkLnKSo
01+llSEObpxbSdTD4fOECpgz1cng98bvdKO+Serx1YME2ESe5PEXwIVQNLXlBpFU
2jVCRo6ZVUGTtFxZUNJSN9DMRkTGiE4RazPAj+zrA+BP3B8NjIUa3QwEPhk26wqB
tHB0XizuzKdUMXZf2uPncssbLBdvOByIFUYxHrB+pnlJJEQTG0NNgLQ7MuxO7VeS
il7URGhh9K4pf3pFaDvwwYKZ5Y1MkbjnMUuIinbkD/iw2lR7JcabiSD9zkZHJGQS
mbx9hNcgFyRNZs8lWJwJX5qzk34R9kjp7ClQkGElUphv6zKcUNJuzg5G4gd1A73b
YKryW92DR1Z+92GpVhd3fRl1VDZViU9/FYuB8FpjbT55JRlsZwWH74ja6dB5Zm37
dZfVPuv9wN6xHPnsL2Sjyc4e0dAIhp0vf8Ta4g0MNMZ8+v1pMcw1V57+U/0YEPyJ
n2/AOGGWT3AZX4vzUEf2avV7azq1L3jqXAcI5W5AKdK4c2E47xrfrFJNnUX3c/lH
NhUwGGVTmQ+XMEku2a+20EUhTT3Yydu+xSshLflHLtwnaToaSno=
=Z3Sf
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds