Ubuntu alert USN-8190-1 (ruby-rack-session)

From:
             
 
noreply+usn-bot@canonical.com
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-8190-1] Rack::Session vulnerability
Date:
             
 
Thu, 23 Apr 2026 12:01:52 +0000
Message-ID:
             
 
<E1wFski-0005xf-8t@lists.ubuntu.com>
==========================================================================
Ubuntu Security Notice USN-8190-1
April 20, 2026

ruby-rack-session vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10

Summary:

Rack::Session could allow unintended access to network services.

Software Description:
- ruby-rack-session: Session management implementation for Rack

Details:

SeungMyung Lee discovered that Rack::Session did not properly reject
cookies upon decryption failure. A remote attacker could use this issue to
manipulate session contents and possibly gain unauthorized access.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  ruby-rack-session               2.1.1-0.1ubuntu0.1

After a standard system update you need to restart ruby-rack-session to
make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8190-1
  CVE-2026-39324

Package Information:
  https://launchpad.net/ubuntu/+source/ruby-rack-session/2....


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnmRlgACgkQcpJm3tlz
hgEnRw/+JfQXVoKlqZFxYr/LKfZW9at3KrVmH2QYgcoDk0ly6MzmtO49Kv6QLnbo
wbWrvjsWhKkCUnlyXuvhzfnODFxkstttsldeLB3nS2VNxyN/G/YLJg9yPW2NEgqK
9JiJ5GitGUFiTBpTHrGrrYEF5jo+TCoh2sV1nTnbO5FtuY6vc5iJBs4Ygb9pXgwz
qMYwJTmCEvHB3O5c/oJFT5/AJV4gW9bn1izYcKMfmN1DS0eYSzPredameObqmcbJ
aS1HrfoQKPn+4zReMPv+NQTBH2ZbVSiFrFt5AlMC6p8AE+p0XWnrR0rCQ6tVLAp/
6Nce+oPnPURYkq2Fh135dsCyxwSYMhsn6vZxStDu00ajMG0ShN6HKBJOAzuXRDQF
/9ue1rIEFS/g0KPFsp1BHRsFa0v5oOUD5RRwXSSYAzs7AgJ4QT8WtUFqIlrOKBVZ
VihBf1GeYIETaKGSU6h0fGbbsnU2e26Kb80blYMoCSXiQkER3mkoiAIqutUbOUtk
xqWLcYu2dVsvX3ZJWM1cdsBKaNFeWP/Q6KDc0ffMzm8P+zFviJDOli6GMYU4Kixs
PTqOPfVit6+sS9QSWDwgDc9vB8WHZr79Q81b0Gp44dBTPUydK6ACIK0ZxWDkbUKB
S3OHcLp559pCaaqwrAmcFurCOIroRK7QTTv0ucDYq/QB4kGtJd8=
=vamA
-----END PGP SIGNATURE-----