An update for rubygem-rack is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1684 Final 1.0 1.0 2025-06-27 Initial 2025-06-27 2025-06-27 openEuler SA Tool V1.0 2025-06-27 rubygem-rack security update An update for rubygem-rack is now available for openEuler-20.03-LTS-SP4 Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call. Security Fix(es): Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.(CVE-2024-26146) An update for rubygem-rack is now available for openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High rubygem-rack https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1684 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-26146 https://nvd.nist.gov/vuln/detail/CVE-2024-26146 openEuler-20.03-LTS-SP4 rubygem-rack-2.2.3.1-7.oe2003sp4.noarch.rpm rubygem-rack-help-2.2.3.1-7.oe2003sp4.noarch.rpm rubygem-rack-2.2.3.1-7.oe2003sp4.src.rpm Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1. 2025-06-27 CVE-2024-26146 openEuler-20.03-LTS-SP4 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H rubygem-rack security update 2025-06-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1684