MiracleLinux 9 : pcs-0.11.10-1.el9_7.1.ML.1 (AXSA:2026-257:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-257:03 advisory. rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon- separated parameters CVE-2025-59830 rack: Rack's...

MiracleLinux 8 : pcs-0.10.18-2.el8_10.7.ML.1 (AXSA:2025-11087:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11087:08 advisory. rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon- separated parameters CVE-2025-59830 rack: Rack's...

Oracle Linux 9 : pcs (ELSA-2025-20962)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20962 advisory. - Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack Resolves: RHEL-120945,...

Fedora: Security Advisory (FEDORA-2025-eae2126736)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters CVE-2025-59830 rack: Rack's unbounded multipart preamble...

RLSA-2025:19512 Important: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters CVE-2025-59830 rack: Rack's unbounded multipart preamble...

pcs security update

0.11.9-2.el96.2 - Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack Resolves: RHEL-120943, RHEL-121036, RHEL-123631, RHEL-123644, RHEL-124942...

Debian dla-4357 : ruby-rack - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4357 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4357-1 [email protected]...

Linux Distros Unpatched Vulnerability : CVE-2025-61771

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a...

Ruby Rack < 2.2.19 / 3.1.x < 3.1.17 / 3.2.x < 3.2.2 Multiple Vulnerabilities

The version of the Rack Ruby library installed on the remote host is prior to 2.2.19, 3.1.x prior to 3.1.17, or 3.2.x prior to 3.2.2. It is, therefore, affected by multiple vulnerabilities: - Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory...

CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...