ALSA-2025:4488

[ALSA-2025:4488] Moderate: ruby:3.1 security update

Type:

security

Severity:

moderate

Release date:

2025-05-06

Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.  

Security Fix(es):  

  * rexml: DoS vulnerability in REXML (CVE-2024-39908)
  * rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> (CVE-2024-41123)
  * rexml: DoS vulnerability in REXML (CVE-2024-41946)
  * rexml: DoS vulnerability in REXML (CVE-2024-43398)
  * CGI: ReDoS in CGI::Util#escapeElement (CVE-2025-27220)
  * CGI: Denial of Service in CGI::Cookie.parse (CVE-2025-27219)
  * uri: userinfo leakage in URI#join, URI#merge and URI#+ (CVE-2025-27221)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	rubygem-mysql2-0.5.4-1.module_el9.1.0+8+503f6fbd.aarch64.rpm	4c5252460fea72ded437082819e93b994f278167601c79044ace259273f5c4d0
aarch64	rubygem-pg-1.3.5-1.module_el9.1.0+8+503f6fbd.aarch64.rpm	cfaf5e7863a363dca261c396cb4d88268d91e3a71ecb7e28ed36a2fa92cdb037
noarch	rubygem-mysql2-doc-0.5.4-1.module_el9.1.0+8+503f6fbd.noarch.rpm	47f8869c8adfe2b7eee506473440af3abe2bb171cf60cda4d0dec05db0bc3fb8
noarch	rubygem-pg-doc-1.3.5-1.module_el9.1.0+8+503f6fbd.noarch.rpm	c24489067c5c62f3bb8edd8f47b01171f766eaeb0e96991878c51e5ae4b1b3e4
ppc64le	rubygem-pg-1.3.5-1.module_el9.1.0+8+503f6fbd.ppc64le.rpm	25f3baf573cfcc8d5c67210026207ce30c1c8540d8d22869371943456fe63c71
ppc64le	rubygem-mysql2-0.5.4-1.module_el9.1.0+8+503f6fbd.ppc64le.rpm	f140b9b82287b70b3ad62004723b762d170c43947bf0d3c8f86f789404744497
s390x	rubygem-mysql2-0.5.4-1.module_el9.1.0+8+503f6fbd.s390x.rpm	49b1f8d15c4626c94dbdf369d69aa871b2e1b4909ae4718089f41d7de50396ee
s390x	rubygem-pg-1.3.5-1.module_el9.1.0+8+503f6fbd.s390x.rpm	81af584c5f98cbff30e7733f802c0711cdfb921b4fc268dc21e6e002f4c9a292
x86_64	rubygem-mysql2-0.5.4-1.module_el9.1.0+8+503f6fbd.x86_64.rpm	dab19da2b0c280cf81790d96e39c50f37e61ff0e70a7b591600f76f8cc8d96df
x86_64	rubygem-pg-1.3.5-1.module_el9.1.0+8+503f6fbd.x86_64.rpm	f19ded1c673d7431f2562b768ca31c5d92eba38bb0ec8fe3aaf608b1e63e36d0

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.