ALSA-2026:20606

[ALSA-2026:20606] Important: ruby4.0 security update

Type:

security

Severity:

important

Release date:

2026-06-04

Description:

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible.  

Security Fix(es):  

  * ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection (CVE-2026-33210)
  * erb: ERB: Arbitrary code execution via deserialization bypass (CVE-2026-41316)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	ruby4.0-rubygem-mysql2-0.5.7-34.el10_2.aarch64.rpm	18ca330f83238da58fc078acc46979360699475074916dbc2a59bed32ecd5d4d
aarch64	ruby4.0-rubygem-pg-1.6.3-34.el10_2.aarch64.rpm	6f590165530c2170bfe7b915a49040bd334de446c02d13529a489f5006ff6514
aarch64	ruby4.0-4.0.3-34.el10_2.aarch64.rpm	85cbd6ba0673f47d87af0811b1e80b2cdfc938d3f0c5b88e7872c5147c397873
aarch64	ruby4.0-devel-4.0.3-34.el10_2.aarch64.rpm	eb7d33e20fa1b0e0999f8c23b448239c7216fd5dbc392f1a525f71d6a08f6398
noarch	ruby4.0-doc-4.0.3-34.el10_2.noarch.rpm	911ec6ffa66042849dff4c20c6e9c57e452e38797a2d1cb88fb1289d50cb3f4c
ppc64le	ruby4.0-rubygem-mysql2-0.5.7-34.el10_2.ppc64le.rpm	668b4f32e4acc427b4dfa6e2bf55cd6ede81f51d22d7cb8d13c8d0989ed1efd8
ppc64le	ruby4.0-rubygem-pg-1.6.3-34.el10_2.ppc64le.rpm	670bffc43f632f650ba46ed7ede66f3b2ea470a61023aafe8b4a2612637fef06
ppc64le	ruby4.0-devel-4.0.3-34.el10_2.ppc64le.rpm	8d6187608c7f9a6138f513fc083c25792b799bb0f9d5276e4c8993f9ae92f455
ppc64le	ruby4.0-4.0.3-34.el10_2.ppc64le.rpm	9d6e38f327b2ce7c2b57fafc339aaf3ed8cabac7981bb7555cb763a5ef6f0280
s390x	ruby4.0-rubygem-mysql2-0.5.7-34.el10_2.s390x.rpm	3a6283d7c3aa38fdf4fb7ffacdb86e45dfd316cc3de7bbc63674af727dddb48d
s390x	ruby4.0-devel-4.0.3-34.el10_2.s390x.rpm	d08f60f12e19daf32d23c29100eae2256705b94b7156815a4fbbea82d897dcfb
s390x	ruby4.0-4.0.3-34.el10_2.s390x.rpm	e07cc1c12f36687114b405b936c3f7fc21390f55ce669a868346a3d38425687f
s390x	ruby4.0-rubygem-pg-1.6.3-34.el10_2.s390x.rpm	e492ac20feffd666d69a6a614abbb6735951a1189b52f5074c6482a12d517039
x86_64	ruby4.0-4.0.3-34.el10_2.x86_64.rpm	5dfc9420bf129a7360045e7311d5d5894fe8048692c68094eaedd7a48292a159
x86_64	ruby4.0-rubygem-mysql2-0.5.7-34.el10_2.x86_64.rpm	6ba090e1344a07de7a1020980f5954d4eb369e2f76979f22d91d7c9f1493e76c
x86_64	ruby4.0-rubygem-pg-1.6.3-34.el10_2.x86_64.rpm	91196d5689b51e27522e96f59dc022f84c67583951e5afab27d63033ac5d7c24
x86_64	ruby4.0-devel-4.0.3-34.el10_2.x86_64.rpm	fb7962b02c51276b445d1373cc1cd0894c3a399b2c95202c193c4252e88d1e32
x86_64_v2	ruby4.0-4.0.3-34.el10_2.x86_64_v2.rpm	041fb07a7b2a10c55b9c69107eace9bb0c7cc2ec524f1d091ebcb5b616eb5738
x86_64_v2	ruby4.0-devel-4.0.3-34.el10_2.x86_64_v2.rpm	44800d7b1e9c94b2171a870b707c3d1ae8fa0800a7caba1a24699a739684a6c5
x86_64_v2	ruby4.0-rubygem-mysql2-0.5.7-34.el10_2.x86_64_v2.rpm	8d0e2b0ef952af4a77fed2ef76b2c359e4b2e286cc254204ba768cef8624f613
x86_64_v2	ruby4.0-rubygem-pg-1.6.3-34.el10_2.x86_64_v2.rpm	f769db38e639a1fb446e29a898c8ae7d0b64c7ac00cdc1671871a83e7042079a

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.