Ubuntu alert USN-8190-2 (ruby-rack-session) [LWN.net]


From:
               noreply+usn-bot@canonical.com
To:
               ubuntu-security-announce@lists.ubuntu.com
Subject:
               [USN-8190-2] Rack::Session vulnerability
Date:
               Tue, 28 Apr 2026 14:24:46 +0000
Message-ID:
               <E1wHjMk-0000KJ-T4@lists.ubuntu.com>
==========================================================================
Ubuntu Security Notice USN-8190-2
April 28, 2026

ruby-rack-session vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS

Summary:

Rack::Session could allow unintended access to network services.

Software Description:
- ruby-rack-session: Session management implementation for Rack

Details:

USN-8190-1 fixed a vulnerability in Rack::Session. This update provides the
corresponding update for Ubuntu 26.04 LTS.

Original advisory details:

 SeungMyung Lee discovered that Rack::Session did not properly reject
 cookies upon decryption failure. A remote attacker could use this issue to
 manipulate session contents and possibly gain unauthorized access.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  ruby-rack-session               2.1.1-0.1ubuntu0.26.04.1

After a standard system update you need to restart ruby-rack-session to
make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8190-2
  https://ubuntu.com/security/notices/USN-8190-1
  CVE-2026-39324

Package Information:
  https://launchpad.net/ubuntu/+source/ruby-rack-session/2....


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnwwegACgkQcpJm3tlz
hgHb+Q//RQQNk96aee+E3EHoXMlnLUSQbVdKTZYnNBhkCvEB3TAt961LOl/0+o0i
NGxX7Kddiso3EiBvZGkBka7oQyDAJb3vU72fPwX3K6gDyrn9iaaygQRQTmAiRG6i
ST0Zozoy1Vi1KTjTHgHr37JfUSbTdXAqpthsDiODpvJpkxVl555tUGa0+viQqn67
2BFVeI/iiaFpFx8DrkG34Z3duwAUuxIlzCZTZN0qCNgoH34M5rI4G1uf8Fd6IUot
AgbQntpPRCMOcv1is17G6N2GmmjkTX/gRqUkrB52K8WxmIh+D8/Evs8M1Iu6PoEe
rtPBvpDWqWQQ3LM4f414DaiVRAkUDlVniBU3sIDp6Gm3kbXcuFJiLGZDzmaKazTp
mlNiprYdS0e8I2cYQUeSSWovBxNuqxL2mrQxcAuGKN/lCGwmY50Yf4+87z8ltaXe
oHcivgNoonVmvEvsJJIE8YenvG1ILBqUqqZL2JD4zjJPQuGVZN9dK0raLxjD4vGw
lDuzF57eRnmLc3M34EcJLto4zIkqpR64zSkncapRHaYdqIMoWQgxAFSXeiHiHJZM
cV5s4zRqXLbEwDTqTKpqUTdWYvPk2VPRvZooSkA3QvqtFDdN5NaqlZSZ4lfnlzeL
phmxWJIz7qatc5/zsb6l8jLvuQmG2cPXL83WGYW10uMRpUkXt7A=
=FMzs
-----END PGP SIGNATURE-----
From:		noreply+usn-bot@canonical.com
To:		ubuntu-security-announce@lists.ubuntu.com
Subject:		[USN-8190-2] Rack::Session vulnerability
Date:		Tue, 28 Apr 2026 14:24:46 +0000
Message-ID:		<E1wHjMk-0000KJ-T4@lists.ubuntu.com>