Advisories » MGASA-2025-0311

Updated ruby-rack packages fix security vulnerabilities

Publication date: 24 Nov 2025
Modification date: 24 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-25184 , CVE-2025-27111 , CVE-2025-27610

Description

Possible Log Injection in Rack::CommonLogger. (CVE-2025-25184)
Escape Sequence Injection vulnerability in Rack lead to Possible Log
Injection. (CVE-2025-27111)
Local File Inclusion in Rack::Static. (CVE-2025-27610)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34135
• https://ubuntu.com/security/notices/USN-7366-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25184
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27111
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27610

SRPMS

9/core

• ruby-rack-2.2.13-1.mga9