USN-8190-2: Rack::Session vulnerability
Publication date
28 April 2026
Overview
Rack::Session could allow unintended access to network services.
Releases
Packages
- ruby-rack-session - Session management implementation for Rack
Details
USN-8190-1 fixed a vulnerability in Rack::Session. This update provides the
corresponding update for Ubuntu 26.04 LTS.
Original advisory details:
SeungMyung Lee discovered that Rack::Session did not properly reject
cookies upon decryption failure. A remote attacker could use this issue to
manipulate session contents and possibly gain unauthorized access.
USN-8190-1 fixed a vulnerability in Rack::Session. This update provides the
corresponding update for Ubuntu 26.04 LTS.
Original advisory details:
SeungMyung Lee discovered that Rack::Session did not properly reject
cookies upon decryption failure. A remote attacker could use this issue to
manipulate session contents and possibly gain unauthorized access.
Update instructions
After a standard system update you need to restart ruby-rack-session to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 26.04 LTS resolute | ruby-rack-session – 2.1.1-0.1ubuntu0.26.04.1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.