USN-7366-1: Rack vulnerabilities

Read Time:25 Second

Nhật Thái Đỗ discovered that Rack incorrectly handled certain usernames. A
remote attacker could possibly use this issue to perform CRLF injection.
(CVE-2025-25184)

Phạm Quang Minh discovered that Rack incorrectly handled certain headers. A
remote attacker could possibly use this issue to perform log injection.
(CVE-2025-27111)

Phạm Quang Minh discovered that Rack did not properly handle relative file
paths. A remote attacker could potentially exploit this to include local
files that should have been inaccessible. (CVE-2025-27610)

Friday Squid Blogging: Two-Man Giant Squid

Cyber Agencies Warn of Fast Flux Threat Bypassing Network Defenses

Troy Hunt Gets Phished

Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise

Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw

Major Online Platform for Child Exploitation Dismantled

CrushFTP Vulnerability Exploited Following Disclosure Issues

HellCat ransomware: what you need to know

Amateur Hacker Leverages Russian Bulletproof Hosting Server to Spread Malware

podman-tui-1.5.0-1.fc42

podman-tui-1.5.0-1.el10_1

podman-tui-1.5.0-1.fc41

rust-below-0.9.0-1.el8

DSA-5894-1 jetty9 – security update

DSA-5893-1 tomcat10 – security update