Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-61919 (GCVE-0-2025-61919)
Vulnerability from cvelistv5 – Published: 2025-10-10 19:22 – Updated: 2025-10-10 20:48
VLAI
EPSS
Title
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
Summary
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/rack/rack/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/rack/rack/commit/4e2c903991a79… | x_refsource_MISC |
| https://github.com/rack/rack/commit/cbd541e8a3d0c… | x_refsource_MISC |
| https://github.com/rack/rack/commit/e179614c4a653… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T20:48:10.264464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T20:48:20.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rack",
"vendor": "rack",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.20"
},
{
"status": "affected",
"version": "\u003e= 3.0, \u003c 3.1.18"
},
{
"status": "affected",
"version": "\u003e= 3.2, \u003c 3.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T19:22:42.454Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm"
},
{
"name": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881"
},
{
"name": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db"
},
{
"name": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f"
}
],
"source": {
"advisory": "GHSA-6xw4-3v39-52mm",
"discovery": "UNKNOWN"
},
"title": "Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61919",
"datePublished": "2025-10-10T19:22:42.454Z",
"dateReserved": "2025-10-03T22:21:59.615Z",
"dateUpdated": "2025-10-10T20:48:20.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-61919",
"date": "2026-06-26",
"epss": "0.00591",
"percentile": "0.43823"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-61919\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-10-10T20:15:37.730\",\"lastModified\":\"2025-11-03T19:28:04.420\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*\",\"versionEndExcluding\":\"2.2.20\",\"matchCriteriaId\":\"2077D030-4BE1-4CB4-8C9B-ACCA0B01BB0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.1.18\",\"matchCriteriaId\":\"52554FFF-7EF2-473A-8686-6D029CC8F6EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*\",\"versionStartIncluding\":\"3.2.0\",\"versionEndExcluding\":\"3.2.3\",\"matchCriteriaId\":\"AA3F6ADB-DBDD-4C26-A019-D5AE5961F3CC\"}]}]}],\"references\":[{\"url\":\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\",\"Mitigation\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61919\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-10T20:48:10.264464Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-10T20:48:15.513Z\"}}], \"cna\": {\"title\": \"Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing\", \"source\": {\"advisory\": \"GHSA-6xw4-3v39-52mm\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"rack\", \"product\": \"rack\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.2.20\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.0, \u003c 3.1.18\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.2, \u003c 3.2.3\"}]}], \"references\": [{\"url\": \"https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm\", \"name\": \"https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\", \"name\": \"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db\", \"name\": \"https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f\", \"name\": \"https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-10-10T19:22:42.454Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-61919\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-10T20:48:20.240Z\", \"dateReserved\": \"2025-10-03T22:21:59.615Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-10-10T19:22:42.454Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:19856
Vulnerability from csaf_redhat - Published: 2025-11-06 02:27 - Updated: 2026-06-25 11:10Summary
Red Hat Security Advisory: Satellite 6.15.5.6 Async Update
Severity
Important
Notes
Topic: An update is now available for Red Hat Satellite 6.15 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security Fix(es):
* rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters (CVE-2025-59830)
* rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)
* foreman: OS command injection via ct_location and fcct_location parameters (CVE-2025-10622)
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.
8.0 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
Threats
Impact
Important
An unsafe default behavior in Rack::QueryParser allows bypass of the params_limit parameter count restriction when query string parameters are delimited by semicolons (;) rather than ampersands (&). The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, an attacker can supply a crafted HTTP query using ; delimiters to exceed the intended parameter count, potentially causing performance degradation or exhaustion of resources (denial of service).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
Threats
Impact
Moderate
A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::Request#POST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing denial of service (DoS) through memory exhaustion. Even with configured parsing limits, the issue occurs before those limits are enforced, allowing unbounded memory allocation proportional to request size.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch | — |
Workaround
|
Threats
Impact
Important
References
25 references
Acknowledgments
stmcyber.pl
Michał Bartoszuk
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Satellite 6.15 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations\nto configure and maintain their systems without the necessity to provide\npublic Internet access to their servers or other client systems. It\nperforms provisioning and configuration management of predefined standard\noperating environments.\n\nSecurity Fix(es):\n\n* rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters (CVE-2025-59830)\n\n* rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)\n\n* foreman: OS command injection via ct_location and fcct_location parameters (CVE-2025-10622)\n\nUsers of Red Hat Satellite are advised to upgrade to these updated\npackages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19856",
"url": "https://access.redhat.com/errata/RHSA-2025:19856"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2396020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396020"
},
{
"category": "external",
"summary": "2398167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398167"
},
{
"category": "external",
"summary": "2403180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19856.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.15.5.6 Async Update",
"tracking": {
"current_release_date": "2026-06-25T11:10:03+00:00",
"generator": {
"date": "2026-06-25T11:10:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.1.0"
}
},
"id": "RHSA-2025:19856",
"initial_release_date": "2025-11-06T02:27:41+00:00",
"revision_history": [
{
"date": "2025-11-06T02:27:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-06T02:27:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T11:10:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.15::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.15::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.15::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.9.1.13-1.el8sat.src",
"product": {
"name": "foreman-0:3.9.1.13-1.el8sat.src",
"product_id": "foreman-0:3.9.1.13-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.9.1.13-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.15.5.6-1.el8sat.src",
"product": {
"name": "satellite-0:6.15.5.6-1.el8sat.src",
"product_id": "satellite-0:6.15.5.6-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.15.5.6-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-0:2.2.20-1.el8sat.src",
"product": {
"name": "rubygem-rack-0:2.2.20-1.el8sat.src",
"product_id": "rubygem-rack-0:2.2.20-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack@2.2.20-1.el8sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-pcp@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-redis@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-service-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"product_id": "foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.9.1.13-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.15.5.6-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.15.5.6-1.el8sat.noarch",
"product_id": "satellite-0:6.15.5.6-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.15.5.6-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.15.5.6-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.15.5.6-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.15.5.6-1.el8sat.noarch",
"product_id": "satellite-common-0:6.15.5.6-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.15.5.6-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.15.5.6-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-0:2.2.20-1.el8sat.noarch",
"product": {
"name": "rubygem-rack-0:2.2.20-1.el8sat.noarch",
"product_id": "rubygem-rack-0:2.2.20-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack@2.2.20-1.el8sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.13-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src"
},
"product_reference": "foreman-0:3.9.1.13-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-pcp-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.20-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch"
},
"product_reference": "rubygem-rack-0:2.2.20-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.20-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src"
},
"product_reference": "rubygem-rack-0:2.2.20-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.5.6-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src"
},
"product_reference": "satellite-0:6.15.5.6-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.15.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.15.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.15.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.13-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src"
},
"product_reference": "foreman-0:3.9.1.13-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.5.6-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src"
},
"product_reference": "satellite-0:6.15.5.6-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.15.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.13-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src"
},
"product_reference": "foreman-0:3.9.1.13-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-pcp-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.9.1.13-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.20-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch"
},
"product_reference": "rubygem-rack-0:2.2.20-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.20-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src"
},
"product_reference": "rubygem-rack-0:2.2.20-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.15.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.5.6-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src"
},
"product_reference": "satellite-0:6.15.5.6-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.15.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.15.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.15.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Micha\u0142 Bartoszuk"
],
"organization": "stmcyber.pl"
}
],
"cve": "CVE-2025-10622",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-09-17T09:07:39.743000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396020"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "foreman: OS command injection via ct_location and fcct_location parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat Satellite due to an OS command injection flaw in the Foreman component. An authenticated user with `edit_settings` permissions can bypass client-side whitelisting for `ct_location` and `fcct_location` parameters, leading to arbitrary command execution on the underlying operating system. This affects Red Hat Satellite versions 6.15, 6.16, 6.17, and 6.18.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-10622"
},
{
"category": "external",
"summary": "RHBZ#2396020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396020"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-10622",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10622"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-10622",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10622"
},
{
"category": "external",
"summary": "https://theforeman.org/security.html#2025-10622",
"url": "https://theforeman.org/security.html#2025-10622"
}
],
"release_date": "2025-11-01T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T02:27:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19856"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "foreman: OS command injection via ct_location and fcct_location parameters"
},
{
"cve": "CVE-2025-59830",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-25T15:01:07.627558+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2398167"
}
],
"notes": [
{
"category": "description",
"text": "An unsafe default behavior in Rack::QueryParser allows bypass of the params_limit parameter count restriction when query string parameters are delimited by semicolons (;) rather than ampersands (\u0026). The parser counts only \u0026 when enforcing the limit, while still splitting on both \u0026 and ;. As a result, an attacker can supply a crafted HTTP query using ; delimiters to exceed the intended parameter count, potentially causing performance degradation or exhaustion of resources (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The overall severity of this flaw is Moderate, because most Rack applications are not directly impacted. The vulnerability primarily affects applications or middleware that invoke Rack::QueryParser directly using its default configuration, which accepts both \u0026 and ; as parameter delimiters. This behavior can lead to excessive CPU or memory consumption, resulting only a limited denial-of-service condition.\n\nFor typical applications using Rack::Request, the default request-handling flow applies safe parsing logic and does not exhibit the vulnerable behavior.\n\nIn summary, while the theoretical severity is High, the practical impact is generally Moderate to Low for standard configurations.\n\n```\nAffectedness:\n\nIt should be noted that starting from Rack v3.x, the framework no longer splits query parameters on semicolons. This change was introduced in commit ef1fc0c44e6a4b77c8fcf9b4f3bfa09f04ae8482, effectively mitigating this issue in newer releases.\n\nRack 1.x is also not affected by this vulnerability. The vulnerable parsing logic was introduced in Rack 2.x; earlier versions use a simpler query parsing mechanism that does not expose the same resource exhaustion risk.\n```\n\n~~~\nAdditionally, Ruby 2.x and 3.x versions shipped with Red Hat Enterprise Linux are not affected, as they do not bundle the rack RubyGem by default. Rack is a third-party gem that must be installed separately.\n~~~",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59830"
},
{
"category": "external",
"summary": "RHBZ#2398167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59830",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59830"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71",
"url": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm",
"url": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm"
}
],
"release_date": "2025-09-25T14:37:06.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T02:27:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19856"
},
{
"category": "workaround",
"details": "No action is required for typical Rack applications that use the framework\u2019s default request-handling mechanisms, as these are not impacted.\n\nFor custom implementations or middleware that directly invoke Rack::QueryParser, administrators should:\n\nUse explicit delimiters: Configure QueryParser to use a specific delimiter (e.g. \u0026) rather than accepting both \u0026 and ;.\n\nLimit request size and parameters: Enforce request size and parameter count limits at upstream layers (such as a web server, reverse proxy, or WAF) to prevent excessive resource consumption.\n\nPrefer safe APIs: Use Rack::Request or other higher-level request parsing APIs, which apply safe defaults and avoid this vulnerability.",
"product_ids": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters"
},
{
"cve": "CVE-2025-61919",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-10T20:01:19.001907+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403180"
}
],
"notes": [
{
"category": "description",
"text": "A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::Request#POST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing denial of service (DoS) through memory exhaustion. Even with configured parsing limits, the issue occurs before those limits are enforced, allowing unbounded memory allocation proportional to request size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "~~~\n\nAffectedness:\n\nRack 1.x, including 1.6.x, is not affected by this vulnerability. The issue exists only in Rack 2.x and 3.x, where request parsing was refactored into the QueryParser component. Since Rack 1.x does not include this component, it does not contain the vulnerable logic.\n\nRuby 2.x and 3.x versions shipped with Red Hat Enterprise Linux, Red Hat Openshift Core OS (RHOCS) and Red Hat In-Vehicle OS (RHIVOS) are not affected, as they do not bundle the rack RubyGem by default. Rack is a third-party gem that must be installed separately.\n\n~~~",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61919"
},
{
"category": "external",
"summary": "RHBZ#2403180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881",
"url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db",
"url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f",
"url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm",
"url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm"
}
],
"release_date": "2025-10-10T19:22:42.454000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T02:27:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19856"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability beyond these configuration-based workarounds.",
"product_ids": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.13-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.13-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.noarch",
"8Base-satellite-6.15:rubygem-rack-0:2.2.20-1.el8sat.src",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.6-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.6-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.6-1.el8sat.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion"
}
]
}
RHSA-2025:19948
Vulnerability from csaf_redhat - Published: 2025-11-10 01:37 - Updated: 2026-06-25 05:08Summary
Red Hat Security Advisory: pcs security update
Severity
Important
Notes
Topic: An update for pcs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters (CVE-2025-59830)
* rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)
* rack: Rack's multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771)
* rack: Rack memory exhaustion denial of service (CVE-2025-61772)
* rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An unsafe default behavior in Rack::QueryParser allows bypass of the params_limit parameter count restriction when query string parameters are delimited by semicolons (;) rather than ampersands (&). The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, an attacker can supply a crafted HTTP query using ; delimiters to exceed the intended parameter count, potentially causing performance degradation or exhaustion of resources (denial of service).
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Rack where the Rack::Multipart::Parser buffers the multipart preamble memory without size limits. A remote attacker can send a crafted multipart/form-data request with a very large preamble before its first boundary, causing excessive memory consumption and denial of service crash due to out-of-memory issue.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of service crash due to out-of-memory issue.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A denial of service flaw has been found in the rubygems rack package. `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).
5.3 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::Request#POST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing denial of service (DoS) through memory exhaustion. Even with configured parsing limits, the issue occurs before those limits are enforced, allowing unbounded memory allocation proportional to request size.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pcs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters (CVE-2025-59830)\n\n* rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)\n\n* rack: Rack\u0027s multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771)\n\n* rack: Rack memory exhaustion denial of service (CVE-2025-61772)\n\n* rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19948",
"url": "https://access.redhat.com/errata/RHSA-2025:19948"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2398167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398167"
},
{
"category": "external",
"summary": "2402174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174"
},
{
"category": "external",
"summary": "2402175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175"
},
{
"category": "external",
"summary": "2402200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402200"
},
{
"category": "external",
"summary": "2403180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19948.json"
}
],
"title": "Red Hat Security Advisory: pcs security update",
"tracking": {
"current_release_date": "2026-06-25T05:08:53+00:00",
"generator": {
"date": "2026-06-25T05:08:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2025:19948",
"initial_release_date": "2025-11-10T01:37:06+00:00",
"revision_history": [
{
"date": "2025-11-10T01:37:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-10T01:37:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T05:08:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux High Availability AUS (v.8.4)",
"product_id": "HighAvailability-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::highavailability"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)",
"product_id": "HighAvailability-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.8-1.el8_4.8.src",
"product": {
"name": "pcs-0:0.10.8-1.el8_4.8.src",
"product_id": "pcs-0:0.10.8-1.el8_4.8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.8-1.el8_4.8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.8-1.el8_4.8.x86_64",
"product": {
"name": "pcs-0:0.10.8-1.el8_4.8.x86_64",
"product_id": "pcs-0:0.10.8-1.el8_4.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.8-1.el8_4.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"product": {
"name": "pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"product_id": "pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.10.8-1.el8_4.8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.8-1.el8_4.8.src as a component of Red Hat Enterprise Linux High Availability AUS (v.8.4)",
"product_id": "HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src"
},
"product_reference": "pcs-0:0.10.8-1.el8_4.8.src",
"relates_to_product_reference": "HighAvailability-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.8-1.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux High Availability AUS (v.8.4)",
"product_id": "HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64"
},
"product_reference": "pcs-0:0.10.8-1.el8_4.8.x86_64",
"relates_to_product_reference": "HighAvailability-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.8-1.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux High Availability AUS (v.8.4)",
"product_id": "HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
},
"product_reference": "pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"relates_to_product_reference": "HighAvailability-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.8-1.el8_4.8.src as a component of Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)",
"product_id": "HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src"
},
"product_reference": "pcs-0:0.10.8-1.el8_4.8.src",
"relates_to_product_reference": "HighAvailability-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.8-1.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)",
"product_id": "HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64"
},
"product_reference": "pcs-0:0.10.8-1.el8_4.8.x86_64",
"relates_to_product_reference": "HighAvailability-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.8-1.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)",
"product_id": "HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
},
"product_reference": "pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"relates_to_product_reference": "HighAvailability-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-59830",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-25T15:01:07.627558+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2398167"
}
],
"notes": [
{
"category": "description",
"text": "An unsafe default behavior in Rack::QueryParser allows bypass of the params_limit parameter count restriction when query string parameters are delimited by semicolons (;) rather than ampersands (\u0026). The parser counts only \u0026 when enforcing the limit, while still splitting on both \u0026 and ;. As a result, an attacker can supply a crafted HTTP query using ; delimiters to exceed the intended parameter count, potentially causing performance degradation or exhaustion of resources (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The overall severity of this flaw is Moderate, because most Rack applications are not directly impacted. The vulnerability primarily affects applications or middleware that invoke Rack::QueryParser directly using its default configuration, which accepts both \u0026 and ; as parameter delimiters. This behavior can lead to excessive CPU or memory consumption, resulting only a limited denial-of-service condition.\n\nFor typical applications using Rack::Request, the default request-handling flow applies safe parsing logic and does not exhibit the vulnerable behavior.\n\nIn summary, while the theoretical severity is High, the practical impact is generally Moderate to Low for standard configurations.\n\n```\nAffectedness:\n\nIt should be noted that starting from Rack v3.x, the framework no longer splits query parameters on semicolons. This change was introduced in commit ef1fc0c44e6a4b77c8fcf9b4f3bfa09f04ae8482, effectively mitigating this issue in newer releases.\n\nRack 1.x is also not affected by this vulnerability. The vulnerable parsing logic was introduced in Rack 2.x; earlier versions use a simpler query parsing mechanism that does not expose the same resource exhaustion risk.\n```\n\n~~~\nAdditionally, Ruby 2.x and 3.x versions shipped with Red Hat Enterprise Linux are not affected, as they do not bundle the rack RubyGem by default. Rack is a third-party gem that must be installed separately.\n~~~",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59830"
},
{
"category": "external",
"summary": "RHBZ#2398167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59830",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59830"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71",
"url": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm",
"url": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm"
}
],
"release_date": "2025-09-25T14:37:06.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-10T01:37:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19948"
},
{
"category": "workaround",
"details": "No action is required for typical Rack applications that use the framework\u2019s default request-handling mechanisms, as these are not impacted.\n\nFor custom implementations or middleware that directly invoke Rack::QueryParser, administrators should:\n\nUse explicit delimiters: Configure QueryParser to use a specific delimiter (e.g. \u0026) rather than accepting both \u0026 and ;.\n\nLimit request size and parameters: Enforce request size and parameter count limits at upstream layers (such as a web server, reverse proxy, or WAF) to prevent excessive resource consumption.\n\nPrefer safe APIs: Use Rack::Request or other higher-level request parsing APIs, which apply safe defaults and avoid this vulnerability.",
"product_ids": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters"
},
{
"cve": "CVE-2025-61770",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-07T15:01:10.718770+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402174"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rack where the Rack::Multipart::Parser buffers the multipart preamble memory without size limits. A remote attacker can send a crafted multipart/form-data request with a very large preamble before its first boundary, causing excessive memory consumption and denial of service crash due to out-of-memory issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is IMPORTANT because the vulnerability can be exploited over a network and can cause denial of service on such applications that run the vulnerable Rack code. By sending multipart requests with large preambles, an attacker can exhaust memory resources or crash worker processes, leading to service downtime.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61770"
},
{
"category": "external",
"summary": "RHBZ#2402174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
"url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
"url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
"url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp",
"url": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp"
}
],
"release_date": "2025-10-07T14:30:04.552000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-10T01:37:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion)"
},
{
"cve": "CVE-2025-61771",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2025-10-07T15:01:16.223161+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402175"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of service crash due to out-of-memory issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rack: Rack\u0027s multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is IMPORTANT because this happens over a network and causes a denial of service. Large non-file fields are buffered in memory instead of being streamed or capped, leading to memory exhaustion and worker crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61771"
},
{
"category": "external",
"summary": "RHBZ#2402175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
"url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
"url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
"url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw",
"url": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw"
}
],
"release_date": "2025-10-07T14:42:53.366000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-10T01:37:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rack: Rack\u0027s multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion)"
},
{
"cve": "CVE-2025-61772",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-07T16:01:57.118202+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402200"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been found in the rubygems rack package. `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part\u2019s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rack: Rack memory exhaustion denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability risk to Red Hat systems is limited to the application which has integrated rack. The host operating system availability is not at risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61772"
},
{
"category": "external",
"summary": "RHBZ#2402200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
"url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
"url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
"url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c",
"url": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c"
}
],
"release_date": "2025-10-07T15:02:09.895000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-10T01:37:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19948"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rack: Rack memory exhaustion denial of service"
},
{
"cve": "CVE-2025-61919",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-10T20:01:19.001907+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403180"
}
],
"notes": [
{
"category": "description",
"text": "A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::Request#POST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing denial of service (DoS) through memory exhaustion. Even with configured parsing limits, the issue occurs before those limits are enforced, allowing unbounded memory allocation proportional to request size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "~~~\n\nAffectedness:\n\nRack 1.x, including 1.6.x, is not affected by this vulnerability. The issue exists only in Rack 2.x and 3.x, where request parsing was refactored into the QueryParser component. Since Rack 1.x does not include this component, it does not contain the vulnerable logic.\n\nRuby 2.x and 3.x versions shipped with Red Hat Enterprise Linux, Red Hat Openshift Core OS (RHOCS) and Red Hat In-Vehicle OS (RHIVOS) are not affected, as they do not bundle the rack RubyGem by default. Rack is a third-party gem that must be installed separately.\n\n~~~",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61919"
},
{
"category": "external",
"summary": "RHBZ#2403180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881",
"url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db",
"url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f",
"url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm",
"url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm"
}
],
"release_date": "2025-10-10T19:22:42.454000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-10T01:37:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19948"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability beyond these configuration-based workarounds.",
"product_ids": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.AUS:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.AUS:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.src",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-0:0.10.8-1.el8_4.8.x86_64",
"HighAvailability-8.4.0.Z.EUS.EXTENSION:pcs-snmp-0:0.10.8-1.el8_4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion"
}
]
}
RHSA-2025:20962
Vulnerability from csaf_redhat - Published: 2025-11-11 15:05 - Updated: 2026-06-25 11:10Summary
Red Hat Security Advisory: pcs security update
Severity
Important
Notes
Topic: An update for pcs is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters (CVE-2025-59830)
* rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)
* rack: Rack's multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771)
* rack: Rack memory exhaustion denial of service (CVE-2025-61772)
* rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An unsafe default behavior in Rack::QueryParser allows bypass of the params_limit parameter count restriction when query string parameters are delimited by semicolons (;) rather than ampersands (&). The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, an attacker can supply a crafted HTTP query using ; delimiters to exceed the intended parameter count, potentially causing performance degradation or exhaustion of resources (denial of service).
7.5 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Rack where the Rack::Multipart::Parser buffers the multipart preamble memory without size limits. A remote attacker can send a crafted multipart/form-data request with a very large preamble before its first boundary, causing excessive memory consumption and denial of service crash due to out-of-memory issue.
7.5 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of service crash due to out-of-memory issue.
7.5 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A denial of service flaw has been found in the rubygems rack package. `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).
5.3 (Medium)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::Request#POST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing denial of service (DoS) through memory exhaustion. Even with configured parsing limits, the issue occurs before those limits are enforced, allowing unbounded memory allocation proportional to request size.
7.5 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pcs is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters (CVE-2025-59830)\n\n* rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)\n\n* rack: Rack\u0027s multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771)\n\n* rack: Rack memory exhaustion denial of service (CVE-2025-61772)\n\n* rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:20962",
"url": "https://access.redhat.com/errata/RHSA-2025:20962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2398167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398167"
},
{
"category": "external",
"summary": "2402174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174"
},
{
"category": "external",
"summary": "2402175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175"
},
{
"category": "external",
"summary": "2402200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402200"
},
{
"category": "external",
"summary": "2403180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_20962.json"
}
],
"title": "Red Hat Security Advisory: pcs security update",
"tracking": {
"current_release_date": "2026-06-25T11:10:11+00:00",
"generator": {
"date": "2026-06-25T11:10:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.1.0"
}
},
"id": "RHSA-2025:20962",
"initial_release_date": "2025-11-11T15:05:08+00:00",
"revision_history": [
{
"date": "2025-11-11T15:05:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-11T15:05:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T11:10:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux High Availability (v. 9)",
"product_id": "HighAvailability-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::highavailability"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Resilient Storage (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux Resilient Storage (v. 9)",
"product_id": "ResilientStorage-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::resilientstorage"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.11.10-1.el9_7.1.src",
"product": {
"name": "pcs-0:0.11.10-1.el9_7.1.src",
"product_id": "pcs-0:0.11.10-1.el9_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.11.10-1.el9_7.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.11.10-1.el9_7.1.ppc64le",
"product": {
"name": "pcs-0:0.11.10-1.el9_7.1.ppc64le",
"product_id": "pcs-0:0.11.10-1.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.11.10-1.el9_7.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"product": {
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"product_id": "pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.11.10-1.el9_7.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.11.10-1.el9_7.1.x86_64",
"product": {
"name": "pcs-0:0.11.10-1.el9_7.1.x86_64",
"product_id": "pcs-0:0.11.10-1.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.11.10-1.el9_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"product": {
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"product_id": "pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.11.10-1.el9_7.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.11.10-1.el9_7.1.s390x",
"product": {
"name": "pcs-0:0.11.10-1.el9_7.1.s390x",
"product_id": "pcs-0:0.11.10-1.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.11.10-1.el9_7.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"product": {
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"product_id": "pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.11.10-1.el9_7.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.11.10-1.el9_7.1.aarch64",
"product": {
"name": "pcs-0:0.11.10-1.el9_7.1.aarch64",
"product_id": "pcs-0:0.11.10-1.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.11.10-1.el9_7.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"product": {
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"product_id": "pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.11.10-1.el9_7.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.11.10-1.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux High Availability (v. 9)",
"product_id": "HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64"
},
"product_reference": "pcs-0:0.11.10-1.el9_7.1.aarch64",
"relates_to_product_reference": "HighAvailability-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.11.10-1.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux High Availability (v. 9)",
"product_id": "HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le"
},
"product_reference": "pcs-0:0.11.10-1.el9_7.1.ppc64le",
"relates_to_product_reference": "HighAvailability-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.11.10-1.el9_7.1.s390x as a component of Red Hat Enterprise Linux High Availability (v. 9)",
"product_id": "HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x"
},
"product_reference": "pcs-0:0.11.10-1.el9_7.1.s390x",
"relates_to_product_reference": "HighAvailability-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.11.10-1.el9_7.1.src as a component of Red Hat Enterprise Linux High Availability (v. 9)",
"product_id": "HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src"
},
"product_reference": "pcs-0:0.11.10-1.el9_7.1.src",
"relates_to_product_reference": "HighAvailability-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.11.10-1.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 9)",
"product_id": "HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64"
},
"product_reference": "pcs-0:0.11.10-1.el9_7.1.x86_64",
"relates_to_product_reference": "HighAvailability-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux High Availability (v. 9)",
"product_id": "HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64"
},
"product_reference": "pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"relates_to_product_reference": "HighAvailability-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux High Availability (v. 9)",
"product_id": "HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le"
},
"product_reference": "pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"relates_to_product_reference": "HighAvailability-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.s390x as a component of Red Hat Enterprise Linux High Availability (v. 9)",
"product_id": "HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x"
},
"product_reference": "pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"relates_to_product_reference": "HighAvailability-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 9)",
"product_id": "HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
},
"product_reference": "pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"relates_to_product_reference": "HighAvailability-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.11.10-1.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)",
"product_id": "ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le"
},
"product_reference": "pcs-0:0.11.10-1.el9_7.1.ppc64le",
"relates_to_product_reference": "ResilientStorage-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.11.10-1.el9_7.1.s390x as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)",
"product_id": "ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x"
},
"product_reference": "pcs-0:0.11.10-1.el9_7.1.s390x",
"relates_to_product_reference": "ResilientStorage-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.11.10-1.el9_7.1.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)",
"product_id": "ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src"
},
"product_reference": "pcs-0:0.11.10-1.el9_7.1.src",
"relates_to_product_reference": "ResilientStorage-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.11.10-1.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)",
"product_id": "ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64"
},
"product_reference": "pcs-0:0.11.10-1.el9_7.1.x86_64",
"relates_to_product_reference": "ResilientStorage-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)",
"product_id": "ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le"
},
"product_reference": "pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"relates_to_product_reference": "ResilientStorage-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.s390x as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)",
"product_id": "ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x"
},
"product_reference": "pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"relates_to_product_reference": "ResilientStorage-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.11.10-1.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)",
"product_id": "ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
},
"product_reference": "pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"relates_to_product_reference": "ResilientStorage-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-59830",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-25T15:01:07.627558+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2398167"
}
],
"notes": [
{
"category": "description",
"text": "An unsafe default behavior in Rack::QueryParser allows bypass of the params_limit parameter count restriction when query string parameters are delimited by semicolons (;) rather than ampersands (\u0026). The parser counts only \u0026 when enforcing the limit, while still splitting on both \u0026 and ;. As a result, an attacker can supply a crafted HTTP query using ; delimiters to exceed the intended parameter count, potentially causing performance degradation or exhaustion of resources (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The overall severity of this flaw is Moderate, because most Rack applications are not directly impacted. The vulnerability primarily affects applications or middleware that invoke Rack::QueryParser directly using its default configuration, which accepts both \u0026 and ; as parameter delimiters. This behavior can lead to excessive CPU or memory consumption, resulting only a limited denial-of-service condition.\n\nFor typical applications using Rack::Request, the default request-handling flow applies safe parsing logic and does not exhibit the vulnerable behavior.\n\nIn summary, while the theoretical severity is High, the practical impact is generally Moderate to Low for standard configurations.\n\n```\nAffectedness:\n\nIt should be noted that starting from Rack v3.x, the framework no longer splits query parameters on semicolons. This change was introduced in commit ef1fc0c44e6a4b77c8fcf9b4f3bfa09f04ae8482, effectively mitigating this issue in newer releases.\n\nRack 1.x is also not affected by this vulnerability. The vulnerable parsing logic was introduced in Rack 2.x; earlier versions use a simpler query parsing mechanism that does not expose the same resource exhaustion risk.\n```\n\n~~~\nAdditionally, Ruby 2.x and 3.x versions shipped with Red Hat Enterprise Linux are not affected, as they do not bundle the rack RubyGem by default. Rack is a third-party gem that must be installed separately.\n~~~",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59830"
},
{
"category": "external",
"summary": "RHBZ#2398167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59830",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59830"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71",
"url": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm",
"url": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm"
}
],
"release_date": "2025-09-25T14:37:06.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-11T15:05:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:20962"
},
{
"category": "workaround",
"details": "No action is required for typical Rack applications that use the framework\u2019s default request-handling mechanisms, as these are not impacted.\n\nFor custom implementations or middleware that directly invoke Rack::QueryParser, administrators should:\n\nUse explicit delimiters: Configure QueryParser to use a specific delimiter (e.g. \u0026) rather than accepting both \u0026 and ;.\n\nLimit request size and parameters: Enforce request size and parameter count limits at upstream layers (such as a web server, reverse proxy, or WAF) to prevent excessive resource consumption.\n\nPrefer safe APIs: Use Rack::Request or other higher-level request parsing APIs, which apply safe defaults and avoid this vulnerability.",
"product_ids": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters"
},
{
"cve": "CVE-2025-61770",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-07T15:01:10.718770+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402174"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rack where the Rack::Multipart::Parser buffers the multipart preamble memory without size limits. A remote attacker can send a crafted multipart/form-data request with a very large preamble before its first boundary, causing excessive memory consumption and denial of service crash due to out-of-memory issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is IMPORTANT because the vulnerability can be exploited over a network and can cause denial of service on such applications that run the vulnerable Rack code. By sending multipart requests with large preambles, an attacker can exhaust memory resources or crash worker processes, leading to service downtime.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61770"
},
{
"category": "external",
"summary": "RHBZ#2402174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
"url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
"url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
"url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp",
"url": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp"
}
],
"release_date": "2025-10-07T14:30:04.552000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-11T15:05:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:20962"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion)"
},
{
"cve": "CVE-2025-61771",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2025-10-07T15:01:16.223161+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402175"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of service crash due to out-of-memory issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rack: Rack\u0027s multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is IMPORTANT because this happens over a network and causes a denial of service. Large non-file fields are buffered in memory instead of being streamed or capped, leading to memory exhaustion and worker crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61771"
},
{
"category": "external",
"summary": "RHBZ#2402175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
"url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
"url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
"url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw",
"url": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw"
}
],
"release_date": "2025-10-07T14:42:53.366000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-11T15:05:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:20962"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rack: Rack\u0027s multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion)"
},
{
"cve": "CVE-2025-61772",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-07T16:01:57.118202+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402200"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been found in the rubygems rack package. `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part\u2019s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rack: Rack memory exhaustion denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability risk to Red Hat systems is limited to the application which has integrated rack. The host operating system availability is not at risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61772"
},
{
"category": "external",
"summary": "RHBZ#2402200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
"url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
"url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
"url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c",
"url": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c"
}
],
"release_date": "2025-10-07T15:02:09.895000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-11T15:05:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:20962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rack: Rack memory exhaustion denial of service"
},
{
"cve": "CVE-2025-61919",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-10T20:01:19.001907+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403180"
}
],
"notes": [
{
"category": "description",
"text": "A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::Request#POST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing denial of service (DoS) through memory exhaustion. Even with configured parsing limits, the issue occurs before those limits are enforced, allowing unbounded memory allocation proportional to request size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "~~~\n\nAffectedness:\n\nRack 1.x, including 1.6.x, is not affected by this vulnerability. The issue exists only in Rack 2.x and 3.x, where request parsing was refactored into the QueryParser component. Since Rack 1.x does not include this component, it does not contain the vulnerable logic.\n\nRuby 2.x and 3.x versions shipped with Red Hat Enterprise Linux, Red Hat Openshift Core OS (RHOCS) and Red Hat In-Vehicle OS (RHIVOS) are not affected, as they do not bundle the rack RubyGem by default. Rack is a third-party gem that must be installed separately.\n\n~~~",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61919"
},
{
"category": "external",
"summary": "RHBZ#2403180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881",
"url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db",
"url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f",
"url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm",
"url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm"
}
],
"release_date": "2025-10-10T19:22:42.454000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-11T15:05:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:20962"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability beyond these configuration-based workarounds.",
"product_ids": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"HighAvailability-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.aarch64",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"HighAvailability-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.src",
"ResilientStorage-9.7.0.Z.MAIN:pcs-0:0.11.10-1.el9_7.1.x86_64",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.ppc64le",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.s390x",
"ResilientStorage-9.7.0.Z.MAIN:pcs-snmp-0:0.11.10-1.el9_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion"
}
]
}
RHSA-2025:21036
Vulnerability from csaf_redhat - Published: 2025-11-11 19:52 - Updated: 2026-06-25 05:08Summary
Red Hat Security Advisory: pcs security update
Severity
Important
Notes
Topic: An update for pcs is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters (CVE-2025-59830)
* rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)
* rack: Rack's multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771)
* rack: Rack memory exhaustion denial of service (CVE-2025-61772)
* rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An unsafe default behavior in Rack::QueryParser allows bypass of the params_limit parameter count restriction when query string parameters are delimited by semicolons (;) rather than ampersands (&). The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, an attacker can supply a crafted HTTP query using ; delimiters to exceed the intended parameter count, potentially causing performance degradation or exhaustion of resources (denial of service).
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Rack where the Rack::Multipart::Parser buffers the multipart preamble memory without size limits. A remote attacker can send a crafted multipart/form-data request with a very large preamble before its first boundary, causing excessive memory consumption and denial of service crash due to out-of-memory issue.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of service crash due to out-of-memory issue.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A denial of service flaw has been found in the rubygems rack package. `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).
5.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::Request#POST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing denial of service (DoS) through memory exhaustion. Even with configured parsing limits, the issue occurs before those limits are enforced, allowing unbounded memory allocation proportional to request size.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pcs is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters (CVE-2025-59830)\n\n* rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)\n\n* rack: Rack\u0027s multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771)\n\n* rack: Rack memory exhaustion denial of service (CVE-2025-61772)\n\n* rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:21036",
"url": "https://access.redhat.com/errata/RHSA-2025:21036"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2398167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398167"
},
{
"category": "external",
"summary": "2402174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174"
},
{
"category": "external",
"summary": "2402175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175"
},
{
"category": "external",
"summary": "2402200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402200"
},
{
"category": "external",
"summary": "2403180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21036.json"
}
],
"title": "Red Hat Security Advisory: pcs security update",
"tracking": {
"current_release_date": "2026-06-25T05:08:55+00:00",
"generator": {
"date": "2026-06-25T05:08:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2025:21036",
"initial_release_date": "2025-11-11T19:52:06+00:00",
"revision_history": [
{
"date": "2025-11-11T19:52:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-11T19:52:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T05:08:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux High Availability (v. 10)",
"product_id": "HighAvailability-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"product": {
"name": "cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"product_id": "cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cockpit-ha-cluster@0.12.1-1.el10_1.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.12.1-1.el10_1.1.src",
"product": {
"name": "pcs-0:0.12.1-1.el10_1.1.src",
"product_id": "pcs-0:0.12.1-1.el10_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.12.1-1.el10_1.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.12.1-1.el10_1.1.aarch64",
"product": {
"name": "pcs-0:0.12.1-1.el10_1.1.aarch64",
"product_id": "pcs-0:0.12.1-1.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.12.1-1.el10_1.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"product": {
"name": "pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"product_id": "pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.12.1-1.el10_1.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.12.1-1.el10_1.1.ppc64le",
"product": {
"name": "pcs-0:0.12.1-1.el10_1.1.ppc64le",
"product_id": "pcs-0:0.12.1-1.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.12.1-1.el10_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"product": {
"name": "pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"product_id": "pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.12.1-1.el10_1.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.12.1-1.el10_1.1.s390x",
"product": {
"name": "pcs-0:0.12.1-1.el10_1.1.s390x",
"product_id": "pcs-0:0.12.1-1.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.12.1-1.el10_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"product": {
"name": "pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"product_id": "pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.12.1-1.el10_1.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.12.1-1.el10_1.1.x86_64",
"product": {
"name": "pcs-0:0.12.1-1.el10_1.1.x86_64",
"product_id": "pcs-0:0.12.1-1.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.12.1-1.el10_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.12.1-1.el10_1.1.x86_64",
"product": {
"name": "pcs-snmp-0:0.12.1-1.el10_1.1.x86_64",
"product_id": "pcs-snmp-0:0.12.1-1.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.12.1-1.el10_1.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch as a component of Red Hat Enterprise Linux High Availability (v. 10)",
"product_id": "HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch"
},
"product_reference": "cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"relates_to_product_reference": "HighAvailability-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.12.1-1.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux High Availability (v. 10)",
"product_id": "HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64"
},
"product_reference": "pcs-0:0.12.1-1.el10_1.1.aarch64",
"relates_to_product_reference": "HighAvailability-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.12.1-1.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux High Availability (v. 10)",
"product_id": "HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le"
},
"product_reference": "pcs-0:0.12.1-1.el10_1.1.ppc64le",
"relates_to_product_reference": "HighAvailability-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.12.1-1.el10_1.1.s390x as a component of Red Hat Enterprise Linux High Availability (v. 10)",
"product_id": "HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x"
},
"product_reference": "pcs-0:0.12.1-1.el10_1.1.s390x",
"relates_to_product_reference": "HighAvailability-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.12.1-1.el10_1.1.src as a component of Red Hat Enterprise Linux High Availability (v. 10)",
"product_id": "HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src"
},
"product_reference": "pcs-0:0.12.1-1.el10_1.1.src",
"relates_to_product_reference": "HighAvailability-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.12.1-1.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 10)",
"product_id": "HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64"
},
"product_reference": "pcs-0:0.12.1-1.el10_1.1.x86_64",
"relates_to_product_reference": "HighAvailability-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.12.1-1.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux High Availability (v. 10)",
"product_id": "HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64"
},
"product_reference": "pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"relates_to_product_reference": "HighAvailability-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux High Availability (v. 10)",
"product_id": "HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le"
},
"product_reference": "pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"relates_to_product_reference": "HighAvailability-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.12.1-1.el10_1.1.s390x as a component of Red Hat Enterprise Linux High Availability (v. 10)",
"product_id": "HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x"
},
"product_reference": "pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"relates_to_product_reference": "HighAvailability-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.12.1-1.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 10)",
"product_id": "HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
},
"product_reference": "pcs-snmp-0:0.12.1-1.el10_1.1.x86_64",
"relates_to_product_reference": "HighAvailability-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-59830",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-25T15:01:07.627558+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2398167"
}
],
"notes": [
{
"category": "description",
"text": "An unsafe default behavior in Rack::QueryParser allows bypass of the params_limit parameter count restriction when query string parameters are delimited by semicolons (;) rather than ampersands (\u0026). The parser counts only \u0026 when enforcing the limit, while still splitting on both \u0026 and ;. As a result, an attacker can supply a crafted HTTP query using ; delimiters to exceed the intended parameter count, potentially causing performance degradation or exhaustion of resources (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The overall severity of this flaw is Moderate, because most Rack applications are not directly impacted. The vulnerability primarily affects applications or middleware that invoke Rack::QueryParser directly using its default configuration, which accepts both \u0026 and ; as parameter delimiters. This behavior can lead to excessive CPU or memory consumption, resulting only a limited denial-of-service condition.\n\nFor typical applications using Rack::Request, the default request-handling flow applies safe parsing logic and does not exhibit the vulnerable behavior.\n\nIn summary, while the theoretical severity is High, the practical impact is generally Moderate to Low for standard configurations.\n\n```\nAffectedness:\n\nIt should be noted that starting from Rack v3.x, the framework no longer splits query parameters on semicolons. This change was introduced in commit ef1fc0c44e6a4b77c8fcf9b4f3bfa09f04ae8482, effectively mitigating this issue in newer releases.\n\nRack 1.x is also not affected by this vulnerability. The vulnerable parsing logic was introduced in Rack 2.x; earlier versions use a simpler query parsing mechanism that does not expose the same resource exhaustion risk.\n```\n\n~~~\nAdditionally, Ruby 2.x and 3.x versions shipped with Red Hat Enterprise Linux are not affected, as they do not bundle the rack RubyGem by default. Rack is a third-party gem that must be installed separately.\n~~~",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59830"
},
{
"category": "external",
"summary": "RHBZ#2398167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59830",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59830"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71",
"url": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm",
"url": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm"
}
],
"release_date": "2025-09-25T14:37:06.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-11T19:52:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21036"
},
{
"category": "workaround",
"details": "No action is required for typical Rack applications that use the framework\u2019s default request-handling mechanisms, as these are not impacted.\n\nFor custom implementations or middleware that directly invoke Rack::QueryParser, administrators should:\n\nUse explicit delimiters: Configure QueryParser to use a specific delimiter (e.g. \u0026) rather than accepting both \u0026 and ;.\n\nLimit request size and parameters: Enforce request size and parameter count limits at upstream layers (such as a web server, reverse proxy, or WAF) to prevent excessive resource consumption.\n\nPrefer safe APIs: Use Rack::Request or other higher-level request parsing APIs, which apply safe defaults and avoid this vulnerability.",
"product_ids": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters"
},
{
"cve": "CVE-2025-61770",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-07T15:01:10.718770+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402174"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rack where the Rack::Multipart::Parser buffers the multipart preamble memory without size limits. A remote attacker can send a crafted multipart/form-data request with a very large preamble before its first boundary, causing excessive memory consumption and denial of service crash due to out-of-memory issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is IMPORTANT because the vulnerability can be exploited over a network and can cause denial of service on such applications that run the vulnerable Rack code. By sending multipart requests with large preambles, an attacker can exhaust memory resources or crash worker processes, leading to service downtime.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61770"
},
{
"category": "external",
"summary": "RHBZ#2402174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
"url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
"url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
"url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp",
"url": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp"
}
],
"release_date": "2025-10-07T14:30:04.552000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-11T19:52:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21036"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion)"
},
{
"cve": "CVE-2025-61771",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2025-10-07T15:01:16.223161+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402175"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of service crash due to out-of-memory issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rack: Rack\u0027s multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is IMPORTANT because this happens over a network and causes a denial of service. Large non-file fields are buffered in memory instead of being streamed or capped, leading to memory exhaustion and worker crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61771"
},
{
"category": "external",
"summary": "RHBZ#2402175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
"url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
"url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
"url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw",
"url": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw"
}
],
"release_date": "2025-10-07T14:42:53.366000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-11T19:52:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21036"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rack: Rack\u0027s multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion)"
},
{
"cve": "CVE-2025-61772",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-07T16:01:57.118202+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402200"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been found in the rubygems rack package. `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part\u2019s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rack: Rack memory exhaustion denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability risk to Red Hat systems is limited to the application which has integrated rack. The host operating system availability is not at risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61772"
},
{
"category": "external",
"summary": "RHBZ#2402200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
"url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
"url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
"url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c",
"url": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c"
}
],
"release_date": "2025-10-07T15:02:09.895000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-11T19:52:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21036"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rack: Rack memory exhaustion denial of service"
},
{
"cve": "CVE-2025-61919",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-10T20:01:19.001907+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403180"
}
],
"notes": [
{
"category": "description",
"text": "A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::Request#POST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing denial of service (DoS) through memory exhaustion. Even with configured parsing limits, the issue occurs before those limits are enforced, allowing unbounded memory allocation proportional to request size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "~~~\n\nAffectedness:\n\nRack 1.x, including 1.6.x, is not affected by this vulnerability. The issue exists only in Rack 2.x and 3.x, where request parsing was refactored into the QueryParser component. Since Rack 1.x does not include this component, it does not contain the vulnerable logic.\n\nRuby 2.x and 3.x versions shipped with Red Hat Enterprise Linux, Red Hat Openshift Core OS (RHOCS) and Red Hat In-Vehicle OS (RHIVOS) are not affected, as they do not bundle the rack RubyGem by default. Rack is a third-party gem that must be installed separately.\n\n~~~",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61919"
},
{
"category": "external",
"summary": "RHBZ#2403180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881",
"url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db",
"url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f",
"url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm",
"url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm"
}
],
"release_date": "2025-10-10T19:22:42.454000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-11T19:52:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21036"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability beyond these configuration-based workarounds.",
"product_ids": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-10.1.Z:cockpit-ha-cluster-0:0.12.1-1.el10_1.1.noarch",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.src",
"HighAvailability-10.1.Z:pcs-0:0.12.1-1.el10_1.1.x86_64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.aarch64",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.ppc64le",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.s390x",
"HighAvailability-10.1.Z:pcs-snmp-0:0.12.1-1.el10_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion"
}
]
}
RHSA-2025:21696
Vulnerability from csaf_redhat - Published: 2025-11-18 14:42 - Updated: 2026-06-25 05:08Summary
Red Hat Security Advisory: pcs security update
Severity
Important
Notes
Topic: An update for pcs is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)
* rack: Rack's multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771)
* rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Rack where the Rack::Multipart::Parser buffers the multipart preamble memory without size limits. A remote attacker can send a crafted multipart/form-data request with a very large preamble before its first boundary, causing excessive memory consumption and denial of service crash due to out-of-memory issue.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of service crash due to out-of-memory issue.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::Request#POST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing denial of service (DoS) through memory exhaustion. Even with configured parsing limits, the issue occurs before those limits are enforced, allowing unbounded memory allocation proportional to request size.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pcs is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)\n\n* rack: Rack\u0027s multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771)\n\n* rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:21696",
"url": "https://access.redhat.com/errata/RHSA-2025:21696"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2402174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174"
},
{
"category": "external",
"summary": "2402175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175"
},
{
"category": "external",
"summary": "2403180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21696.json"
}
],
"title": "Red Hat Security Advisory: pcs security update",
"tracking": {
"current_release_date": "2026-06-25T05:08:59+00:00",
"generator": {
"date": "2026-06-25T05:08:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2025:21696",
"initial_release_date": "2025-11-18T14:42:26+00:00",
"revision_history": [
{
"date": "2025-11-18T14:42:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-18T14:42:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T05:08:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
"product_id": "7Server-HighAvailability-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
"product_id": "7Server-ResilientStorage-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.169-3.el7_9.5.src",
"product": {
"name": "pcs-0:0.9.169-3.el7_9.5.src",
"product_id": "pcs-0:0.9.169-3.el7_9.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.169-3.el7_9.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.169-3.el7_9.5.x86_64",
"product": {
"name": "pcs-0:0.9.169-3.el7_9.5.x86_64",
"product_id": "pcs-0:0.9.169-3.el7_9.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.169-3.el7_9.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"product": {
"name": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"product_id": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.9.169-3.el7_9.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"product": {
"name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"product_id": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.169-3.el7_9.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.169-3.el7_9.5.ppc64le",
"product": {
"name": "pcs-0:0.9.169-3.el7_9.5.ppc64le",
"product_id": "pcs-0:0.9.169-3.el7_9.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.169-3.el7_9.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"product": {
"name": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"product_id": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.9.169-3.el7_9.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"product": {
"name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"product_id": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.169-3.el7_9.5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.169-3.el7_9.5.ppc64le as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
"product_id": "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le"
},
"product_reference": "pcs-0:0.9.169-3.el7_9.5.ppc64le",
"relates_to_product_reference": "7Server-HighAvailability-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.169-3.el7_9.5.src as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
"product_id": "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src"
},
"product_reference": "pcs-0:0.9.169-3.el7_9.5.src",
"relates_to_product_reference": "7Server-HighAvailability-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.169-3.el7_9.5.x86_64 as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
"product_id": "7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64"
},
"product_reference": "pcs-0:0.9.169-3.el7_9.5.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
"product_id": "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le"
},
"product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"relates_to_product_reference": "7Server-HighAvailability-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64 as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
"product_id": "7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
"product_id": "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le"
},
"product_reference": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"relates_to_product_reference": "7Server-HighAvailability-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64 as a component of Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
"product_id": "7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
},
"product_reference": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.169-3.el7_9.5.ppc64le as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
"product_id": "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le"
},
"product_reference": "pcs-0:0.9.169-3.el7_9.5.ppc64le",
"relates_to_product_reference": "7Server-ResilientStorage-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.169-3.el7_9.5.src as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
"product_id": "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src"
},
"product_reference": "pcs-0:0.9.169-3.el7_9.5.src",
"relates_to_product_reference": "7Server-ResilientStorage-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.169-3.el7_9.5.x86_64 as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
"product_id": "7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64"
},
"product_reference": "pcs-0:0.9.169-3.el7_9.5.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
"product_id": "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le"
},
"product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"relates_to_product_reference": "7Server-ResilientStorage-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64 as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
"product_id": "7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
"product_id": "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le"
},
"product_reference": "pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"relates_to_product_reference": "7Server-ResilientStorage-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64 as a component of Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
"product_id": "7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
},
"product_reference": "pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61770",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-07T15:01:10.718770+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402174"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rack where the Rack::Multipart::Parser buffers the multipart preamble memory without size limits. A remote attacker can send a crafted multipart/form-data request with a very large preamble before its first boundary, causing excessive memory consumption and denial of service crash due to out-of-memory issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is IMPORTANT because the vulnerability can be exploited over a network and can cause denial of service on such applications that run the vulnerable Rack code. By sending multipart requests with large preambles, an attacker can exhaust memory resources or crash worker processes, leading to service downtime.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61770"
},
{
"category": "external",
"summary": "RHBZ#2402174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
"url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
"url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
"url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp",
"url": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp"
}
],
"release_date": "2025-10-07T14:30:04.552000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-18T14:42:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21696"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rack: Rack\u0027s unbounded multipart preamble buffering enables DoS (memory exhaustion)"
},
{
"cve": "CVE-2025-61771",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2025-10-07T15:01:16.223161+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402175"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of service crash due to out-of-memory issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rack: Rack\u0027s multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is IMPORTANT because this happens over a network and causes a denial of service. Large non-file fields are buffered in memory instead of being streamed or capped, leading to memory exhaustion and worker crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61771"
},
{
"category": "external",
"summary": "RHBZ#2402175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e",
"url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e",
"url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd",
"url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw",
"url": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw"
}
],
"release_date": "2025-10-07T14:42:53.366000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-18T14:42:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21696"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rack: Rack\u0027s multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion)"
},
{
"cve": "CVE-2025-61919",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-10T20:01:19.001907+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403180"
}
],
"notes": [
{
"category": "description",
"text": "A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::Request#POST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing denial of service (DoS) through memory exhaustion. Even with configured parsing limits, the issue occurs before those limits are enforced, allowing unbounded memory allocation proportional to request size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "~~~\n\nAffectedness:\n\nRack 1.x, including 1.6.x, is not affected by this vulnerability. The issue exists only in Rack 2.x and 3.x, where request parsing was refactored into the QueryParser component. Since Rack 1.x does not include this component, it does not contain the vulnerable logic.\n\nRuby 2.x and 3.x versions shipped with Red Hat Enterprise Linux, Red Hat Openshift Core OS (RHOCS) and Red Hat In-Vehicle OS (RHIVOS) are not affected, as they do not bundle the rack RubyGem by default. Rack is a third-party gem that must be installed separately.\n\n~~~",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61919"
},
{
"category": "external",
"summary": "RHBZ#2403180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881",
"url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db",
"url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f",
"url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f"
},
{
"category": "external",
"summary": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm",
"url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm"
}
],
"release_date": "2025-10-10T19:22:42.454000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-18T14:42:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21696"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability beyond these configuration-based workarounds.",
"product_ids": [
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-HighAvailability-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-HighAvailability-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.src",
"7Server-ResilientStorage-ELS:pcs-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-debuginfo-0:0.9.169-3.el7_9.5.x86_64",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.ppc64le",
"7Server-ResilientStorage-ELS:pcs-snmp-0:0.9.169-3.el7_9.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion"
}
]
}
SUSE-SU-2025:4273-1
Vulnerability from csaf_suse - Published: 2025-11-27 08:12 - Updated: 2025-11-27 08:12Summary
Security update for rubygem-rack
Severity
Important
Notes
Title of the patch: Security update for rubygem-rack
Description of the patch: This update for rubygem-rack fixes the following issues:
- Update to version 2.2.20 (bsc#1251936)
- CVE-2025-61919: Fixed application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap (bsc#1251936)
- CVE-2025-61780: Fixed improper handling of headers in `Rack::Sendfile` allows for bypass of proxy-level access restrictions (bsc#1253951)
Patchnames: SUSE-2025-4273,SUSE-SLE-Product-HA-15-SP3-2025-4273,SUSE-SLE-Product-HA-15-SP4-2025-4273,SUSE-SLE-Product-HA-15-SP5-2025-4273,SUSE-SLE-Product-HA-15-SP6-2025-4273,SUSE-SLE-Product-HA-15-SP7-2025-4273,openSUSE-SLE-15.6-2025-4273
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.8 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-rack",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rubygem-rack fixes the following issues:\n\n- Update to version 2.2.20 (bsc#1251936)\n- CVE-2025-61919: Fixed application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap (bsc#1251936)\n- CVE-2025-61780: Fixed improper handling of headers in `Rack::Sendfile` allows for bypass of proxy-level access restrictions (bsc#1253951)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4273,SUSE-SLE-Product-HA-15-SP3-2025-4273,SUSE-SLE-Product-HA-15-SP4-2025-4273,SUSE-SLE-Product-HA-15-SP5-2025-4273,SUSE-SLE-Product-HA-15-SP6-2025-4273,SUSE-SLE-Product-HA-15-SP7-2025-4273,openSUSE-SLE-15.6-2025-4273",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4273-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4273-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254273-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4273-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023401.html"
},
{
"category": "self",
"summary": "SUSE Bug 1251936",
"url": "https://bugzilla.suse.com/1251936"
},
{
"category": "self",
"summary": "SUSE Bug 1253951",
"url": "https://bugzilla.suse.com/1253951"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61919 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61919/"
}
],
"title": "Security update for rubygem-rack",
"tracking": {
"current_release_date": "2025-11-27T08:12:25Z",
"generator": {
"date": "2025-11-27T08:12:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4273-1",
"initial_release_date": "2025-11-27T08:12:25Z",
"revision_history": [
{
"date": "2025-11-27T08:12:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"product": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"product_id": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64",
"product": {
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64",
"product_id": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.i586",
"product": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.i586",
"product_id": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.i586",
"product": {
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.i586",
"product_id": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"product": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"product_id": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le",
"product": {
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le",
"product_id": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"product": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"product_id": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x",
"product": {
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x",
"product_id": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"product": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"product_id": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64",
"product": {
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64",
"product_id": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP7",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP5",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61780"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions. When `Rack::Sendfile` received untrusted `x-sendfile-type` or `x-accel-mapping` headers from a client, it would interpret them as proxy configuration directives. This could cause the middleware to send a \"redirect\" response to the proxy, prompting it to reissue a new internal request that was not subject to the proxy\u0027s access controls. An attacker could exploit this by setting a crafted `x-sendfile-type: x-accel-redirect` header, setting a crafted `x-accel-mapping` header, and requesting a path that qualifies for proxy-based acceleration. Attackers could bypass proxy-enforced restrictions and access internal endpoints intended to be protected (such as administrative pages). The vulnerability did not allow arbitrary file reads but could expose sensitive application routes. This issue only affected systems meeting all of the following conditions: The application used `Rack::Sendfile` with a proxy that supports `x-accel-redirect` (e.g., Nginx); the proxy did **not** always set or remove the `x-sendfile-type` and `x-accel-mapping` headers; and the application exposed an endpoint that returned a body responding to `.to_path`. Users should upgrade to Rack versions 2.2.20, 3.1.18, or 3.2.3, which require explicit configuration to enable `x-accel-redirect`. Alternatively, configure the proxy to always set or strip the header, or in Rails applications, disable sendfile completely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61780",
"url": "https://www.suse.com/security/cve/CVE-2025-61780"
},
{
"category": "external",
"summary": "SUSE Bug 1251896 for CVE-2025-61780",
"url": "https://bugzilla.suse.com/1251896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T08:12:25Z",
"details": "moderate"
}
],
"title": "CVE-2025-61780"
},
{
"cve": "CVE-2025-61919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61919"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61919",
"url": "https://www.suse.com/security/cve/CVE-2025-61919"
},
{
"category": "external",
"summary": "SUSE Bug 1251934 for CVE-2025-61919",
"url": "https://bugzilla.suse.com/1251934"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP5:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-2.2.20-150000.3.34.1.x86_64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.aarch64",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.ppc64le",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.s390x",
"openSUSE Leap 15.6:ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T08:12:25Z",
"details": "important"
}
],
"title": "CVE-2025-61919"
}
]
}
SUSE-SU-2026:20091-1
Vulnerability from csaf_suse - Published: 2026-01-13 12:46 - Updated: 2026-01-13 12:46Summary
Security update for hawk2
Severity
Important
Notes
Title of the patch: Security update for hawk2
Description of the patch: This update for hawk2 fixes the following issues:
- Bump ruby gem rack to 3.1.18 (bsc#1251939).
- Bump ruby gem uri to 1.0.4.
- Fix the mtime in manifest.json (bsc#1230275).
- Make builds determinitstic (bsc#1230275).
- Bump rails version from 8.0.2 to 8.0.2.1 (bsc#1248100).
- Require openssl explicitly (bsc#1247899).
Patchnames: SUSE-SLES-HA-16.0-134
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for hawk2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for hawk2 fixes the following issues:\n\n- Bump ruby gem rack to 3.1.18 (bsc#1251939).\n- Bump ruby gem uri to 1.0.4.\n- Fix the mtime in manifest.json (bsc#1230275).\n- Make builds determinitstic (bsc#1230275).\n- Bump rails version from 8.0.2 to 8.0.2.1 (bsc#1248100).\n- Require openssl explicitly (bsc#1247899).",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-HA-16.0-134",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20091-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20091-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620091-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20091-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023809.html"
},
{
"category": "self",
"summary": "SUSE Bug 1230275",
"url": "https://bugzilla.suse.com/1230275"
},
{
"category": "self",
"summary": "SUSE Bug 1247899",
"url": "https://bugzilla.suse.com/1247899"
},
{
"category": "self",
"summary": "SUSE Bug 1248100",
"url": "https://bugzilla.suse.com/1248100"
},
{
"category": "self",
"summary": "SUSE Bug 1251939",
"url": "https://bugzilla.suse.com/1251939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55193 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61919 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61919/"
}
],
"title": "Security update for hawk2",
"tracking": {
"current_release_date": "2026-01-13T12:46:40Z",
"generator": {
"date": "2026-01-13T12:46:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20091-1",
"initial_release_date": "2026-01-13T12:46:40Z",
"revision_history": [
{
"date": "2026-01-13T12:46:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"product": {
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"product_id": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x",
"product": {
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x",
"product_id": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64",
"product": {
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64",
"product_id": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 16.0",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:16.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le"
},
"product_reference": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x as component of SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x"
},
"product_reference": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 16.0",
"product_id": "SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
},
"product_reference": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55193"
}
],
"notes": [
{
"category": "general",
"text": "Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55193",
"url": "https://www.suse.com/security/cve/CVE-2025-55193"
},
{
"category": "external",
"summary": "SUSE Bug 1248099 for CVE-2025-55193",
"url": "https://bugzilla.suse.com/1248099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T12:46:40Z",
"details": "moderate"
}
],
"title": "CVE-2025-55193"
},
{
"cve": "CVE-2025-61919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61919"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61919",
"url": "https://www.suse.com/security/cve/CVE-2025-61919"
},
{
"category": "external",
"summary": "SUSE Bug 1251934 for CVE-2025-61919",
"url": "https://bugzilla.suse.com/1251934"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.s390x",
"SUSE Linux Enterprise High Availability Extension 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T12:46:40Z",
"details": "important"
}
],
"title": "CVE-2025-61919"
}
]
}
SUSE-SU-2026:20093-1
Vulnerability from csaf_suse - Published: 2026-01-13 12:43 - Updated: 2026-01-13 12:43Summary
Security update for hawk2
Severity
Important
Notes
Title of the patch: Security update for hawk2
Description of the patch: This update for hawk2 fixes the following issues:
- Bump ruby gem rack to 3.1.18 (bsc#1251939).
- Bump ruby gem uri to 1.0.4.
- Fix the mtime in manifest.json (bsc#1230275).
- Make builds determinitstic (bsc#1230275).
- Bump rails version from 8.0.2 to 8.0.2.1 (bsc#1248100).
- Require openssl explicitly (bsc#1247899).
Patchnames: SUSE-SLES-16.0-134
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for hawk2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for hawk2 fixes the following issues:\n\n- Bump ruby gem rack to 3.1.18 (bsc#1251939).\n- Bump ruby gem uri to 1.0.4.\n- Fix the mtime in manifest.json (bsc#1230275).\n- Make builds determinitstic (bsc#1230275).\n- Bump rails version from 8.0.2 to 8.0.2.1 (bsc#1248100).\n- Require openssl explicitly (bsc#1247899).",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-134",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20093-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20093-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620093-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20093-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023807.html"
},
{
"category": "self",
"summary": "SUSE Bug 1230275",
"url": "https://bugzilla.suse.com/1230275"
},
{
"category": "self",
"summary": "SUSE Bug 1247899",
"url": "https://bugzilla.suse.com/1247899"
},
{
"category": "self",
"summary": "SUSE Bug 1248100",
"url": "https://bugzilla.suse.com/1248100"
},
{
"category": "self",
"summary": "SUSE Bug 1251939",
"url": "https://bugzilla.suse.com/1251939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55193 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61919 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61919/"
}
],
"title": "Security update for hawk2",
"tracking": {
"current_release_date": "2026-01-13T12:43:07Z",
"generator": {
"date": "2026-01-13T12:43:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20093-1",
"initial_release_date": "2026-01-13T12:43:07Z",
"revision_history": [
{
"date": "2026-01-13T12:43:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"product": {
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"product_id": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64",
"product": {
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64",
"product_id": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le"
},
"product_reference": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
},
"product_reference": "hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55193"
}
],
"notes": [
{
"category": "general",
"text": "Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55193",
"url": "https://www.suse.com/security/cve/CVE-2025-55193"
},
{
"category": "external",
"summary": "SUSE Bug 1248099 for CVE-2025-55193",
"url": "https://bugzilla.suse.com/1248099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T12:43:07Z",
"details": "moderate"
}
],
"title": "CVE-2025-55193"
},
{
"cve": "CVE-2025-61919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61919"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61919",
"url": "https://www.suse.com/security/cve/CVE-2025-61919"
},
{
"category": "external",
"summary": "SUSE Bug 1251934 for CVE-2025-61919",
"url": "https://bugzilla.suse.com/1251934"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T12:43:07Z",
"details": "important"
}
],
"title": "CVE-2025-61919"
}
]
}
WID-SEC-W-2025-2482
Vulnerability from csaf_certbund - Published: 2025-11-03 23:00 - Updated: 2026-01-14 23:00Summary
Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM License Metric Tool <9.2.42
IBM / License Metric Tool
|
<9.2.42 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM License Metric Tool <9.2.42
IBM / License Metric Tool
|
<9.2.42 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM License Metric Tool <9.2.42
IBM / License Metric Tool
|
<9.2.42 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM License Metric Tool <9.2.42
IBM / License Metric Tool
|
<9.2.42 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM License Metric Tool <9.2.42
IBM / License Metric Tool
|
<9.2.42 |
References
28 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2482 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2482.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2482 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2482"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19512 vom 2025-11-03",
"url": "https://access.redhat.com/errata/RHSA-2025:19512"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19513 vom 2025-11-03",
"url": "https://access.redhat.com/errata/RHSA-2025:19513"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-19512 vom 2025-11-04",
"url": "https://linux.oracle.com/errata/ELSA-2025-19512.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6048 vom 2025-11-04",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00214.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19647 vom 2025-11-04",
"url": "https://access.redhat.com/errata/RHSA-2025:19647"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19736 vom 2025-11-05",
"url": "https://access.redhat.com/errata/RHSA-2025:19736"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19719 vom 2025-11-04",
"url": "https://access.redhat.com/errata/RHSA-2025:19719"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19733 vom 2025-11-04",
"url": "https://access.redhat.com/errata/RHSA-2025:19733"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19734 vom 2025-11-04",
"url": "https://access.redhat.com/errata/RHSA-2025:19734"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:19719 vom 2025-11-05",
"url": "https://errata.build.resf.org/RLSA-2025:19719"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19855 vom 2025-11-06",
"url": "https://access.redhat.com/errata/RHSA-2025:19855"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19800 vom 2025-11-05",
"url": "https://access.redhat.com/errata/RHSA-2025:19800"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19856 vom 2025-11-06",
"url": "https://access.redhat.com/errata/RHSA-2025:19856"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:19512 vom 2025-11-06",
"url": "https://errata.build.resf.org/RLSA-2025:19512"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19832 vom 2025-11-06",
"url": "https://access.redhat.com/errata/RHSA-2025:19832"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-19719 vom 2025-11-07",
"url": "https://linux.oracle.com/errata/ELSA-2025-19719.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-19513 vom 2025-11-07",
"url": "https://linux.oracle.com/errata/ELSA-2025-19513.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19948 vom 2025-11-10",
"url": "https://access.redhat.com/errata/RHSA-2025:19948"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:20962 vom 2025-11-11",
"url": "https://access.redhat.com/errata/RHSA-2025:20962"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21036 vom 2025-11-11",
"url": "https://access.redhat.com/errata/RHSA-2025:21036"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21696 vom 2025-11-18",
"url": "https://access.redhat.com/errata/RHSA-2025:21696"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:20962 vom 2025-11-21",
"url": "https://errata.build.resf.org/RLSA-2025:20962"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20962 vom 2025-11-26",
"url": "https://linux.oracle.com/errata/ELSA-2025-20962.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-21036 vom 2025-12-04",
"url": "https://linux.oracle.com/errata/ELSA-2025-21036.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7253905 vom 2025-12-09",
"url": "https://www.ibm.com/support/pages/node/7253905"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7960-1 vom 2026-01-15",
"url": "https://ubuntu.com/security/notices/USN-7960-1"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2026-01-14T23:00:00.000+00:00",
"generator": {
"date": "2026-01-15T10:26:19.195+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2482",
"initial_release_date": "2025-11-03T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-03T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-11-04T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-05T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-11-06T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-11-09T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2025-11-11T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-23T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-11-25T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-12-03T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-12-08T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-01-14T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.2.42",
"product": {
"name": "IBM License Metric Tool \u003c9.2.42",
"product_id": "T049203"
}
},
{
"category": "product_version",
"name": "9.2.42",
"product": {
"name": "IBM License Metric Tool 9.2.42",
"product_id": "T049203-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:9.2.42"
}
}
}
],
"category": "product_name",
"name": "License Metric Tool"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T048290",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
},
{
"category": "product_version",
"name": "10",
"product": {
"name": "Red Hat Enterprise Linux 10",
"product_id": "T048293",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-59830",
"product_status": {
"known_affected": [
"T048290",
"2951",
"67646",
"T000126",
"T048293",
"T004914",
"T032255",
"T049203"
]
},
"release_date": "2025-11-03T23:00:00.000+00:00",
"title": "CVE-2025-59830"
},
{
"cve": "CVE-2025-61770",
"product_status": {
"known_affected": [
"T048290",
"2951",
"67646",
"T000126",
"T048293",
"T004914",
"T032255",
"T049203"
]
},
"release_date": "2025-11-03T23:00:00.000+00:00",
"title": "CVE-2025-61770"
},
{
"cve": "CVE-2025-61771",
"product_status": {
"known_affected": [
"T048290",
"2951",
"67646",
"T000126",
"T048293",
"T004914",
"T032255",
"T049203"
]
},
"release_date": "2025-11-03T23:00:00.000+00:00",
"title": "CVE-2025-61771"
},
{
"cve": "CVE-2025-61772",
"product_status": {
"known_affected": [
"T048290",
"2951",
"67646",
"T000126",
"T048293",
"T004914",
"T032255",
"T049203"
]
},
"release_date": "2025-11-03T23:00:00.000+00:00",
"title": "CVE-2025-61772"
},
{
"cve": "CVE-2025-61919",
"product_status": {
"known_affected": [
"T048290",
"2951",
"67646",
"T000126",
"T048293",
"T004914",
"T032255",
"T049203"
]
},
"release_date": "2025-11-03T23:00:00.000+00:00",
"title": "CVE-2025-61919"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…