SUSE-SU-2025:4273-1

Details

This update for rubygem-rack fixes the following issues:

Update to version 2.2.20 (bsc#1251936)
CVE-2025-61919: Fixed application/x-www-form-urlencoded, calling rack.input.read(nil)` without enforcing a length or cap (bsc#1251936)
CVE-2025-61780: Fixed improper handling of headers in Rack::Sendfile allows for bypass of proxy-level access restrictions (bsc#1253951)

Affected Packages

SUSE:Linux Enterprise High Availability Extension 15 SP3ruby2.5-rubygem-rack

Fixed in:

2.2.20-150000.3.34.1

SUSE:Linux Enterprise High Availability Extension 15 SP3rubygem-rack

Fixed in:

2.2.20-150000.3.34.1

SUSE:Linux Enterprise High Availability Extension 15 SP4ruby2.5-rubygem-rack

Fixed in:

2.2.20-150000.3.34.1

SUSE:Linux Enterprise High Availability Extension 15 SP4rubygem-rack

Fixed in:

2.2.20-150000.3.34.1

SUSE:Linux Enterprise High Availability Extension 15 SP5ruby2.5-rubygem-rack

Fixed in:

2.2.20-150000.3.34.1

SUSE:Linux Enterprise High Availability Extension 15 SP5rubygem-rack

Fixed in:

2.2.20-150000.3.34.1

SUSE:Linux Enterprise High Availability Extension 15 SP6ruby2.5-rubygem-rack

Fixed in:

2.2.20-150000.3.34.1

SUSE:Linux Enterprise High Availability Extension 15 SP6rubygem-rack

Fixed in:

2.2.20-150000.3.34.1

SUSE:Linux Enterprise High Availability Extension 15 SP7ruby2.5-rubygem-rack

Fixed in:

2.2.20-150000.3.34.1

SUSE:Linux Enterprise High Availability Extension 15 SP7rubygem-rack

Fixed in:

2.2.20-150000.3.34.1

openSUSE:Leap 15.6ruby2.5-rubygem-rack

Fixed in:

2.2.20-150000.3.34.1

openSUSE:Leap 15.6ruby2.5-rubygem-rack-doc

Fixed in:

2.2.20-150000.3.34.1

openSUSE:Leap 15.6rubygem-rack

Fixed in:

2.2.20-150000.3.34.1

References

REPORThttps://bugzilla.suse.com/1251936 REPORThttps://bugzilla.suse.com/1253951 WEBhttps://www.suse.com/security/cve/CVE-2025-61780 WEBhttps://www.suse.com/security/cve/CVE-2025-61919 ADVISORYhttps://www.suse.com/support/update/announcement/2025/suse-su-20254273-1/

SUSE-SU-2025:4273-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline