Packages
- ruby-rack - modular Ruby webserver interface
Details
It was discovered that Rack incorrectly handled certain query parameters.
An attacker could possibly use this issue to cause a limited denial of
service. This issue was only addressed in Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2025-59830)
It was discovered that Rack did not properly handle certain multipart
form data. An attacker could possibly use this issue to cause memory
exhaustion, leading to a denial of service. This issue was only addressed
in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2025-61770, CVE-2025-61772)
It was discovered that Rack did not properly handle certain form fields.
An attacker could possibly use this issue to cause memory exhaustion,
leading to a denial of service. This issue was only addressed in Ubuntu
22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (
It was discovered that Rack incorrectly handled certain query parameters.
An attacker could possibly use this issue to cause a limited denial of
service. This issue was only addressed in Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2025-59830)
It was discovered that Rack did not properly handle certain multipart
form data. An attacker could possibly use this issue to cause memory
exhaustion, leading to a denial of service. This issue was only addressed
in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2025-61770, CVE-2025-61772)
It was discovered that Rack did not properly handle certain form fields.
An attacker could possibly use this issue to cause memory exhaustion,
leading to a denial of service. This issue was only addressed in Ubuntu
22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61771)
It was discovered that Rack did not properly handle certain headers. An
attacker could possibly use this issue to bypass proxy access
restrictions and obtain sensitive information. (CVE-2025-61780)
Tomoya Yamashita discovered that Rack did not properly manage memory
under certain circumstances. An attacker could possibly use this issue to
cause memory exhaustion, leading to a denial of service. This issue was
only addressed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS
and Ubuntu 25.10. (CVE-2025-61919)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 25.10 questing | ruby-rack – 3.1.16-0.1ubuntu0.1 | ||
| 24.04 LTS noble | ruby-rack – 2.2.7-1ubuntu0.5 | ||
| 22.04 LTS jammy | ruby-rack – 2.1.4-5ubuntu1.2 | ||
| 20.04 LTS focal | ruby-rack – 2.0.7-2ubuntu0.1+esm8 | ||
| 18.04 LTS bionic | ruby-rack – 1.6.4-4ubuntu0.2+esm9 | ||
| 16.04 LTS xenial | ruby-rack – 1.6.4-3ubuntu0.2+esm9 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.