Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-10217

Опубликовано: 03 июл. 2025
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2025-10217: ruby:3.3 security update (MODERATE)

ruby [3.3.8-4]

  • Upgrade to Ruby 3.3.8. Resolves: RHEL-68632
  • Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186)
  • Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219)
  • Fix userinfo leakage in URI#join, URI#merge and URI#+. (CVE-2025-27221)

rubygem-abrt [0.4.0-1]

  • Update to abrt 0.4.0. Resolves: rhbz#1842476

rubygem-mysql2 [0.5.5-1]

  • Upgrade to mysql2 0.5.5. Related: RHEL-17090

rubygem-pg [1.5.4-1]

  • Upgrade to pg 1.5.4. Related: RHEL-17090

[1.3.2-1]

  • Update to pg 1.3.2 by merging Fedora rawhide branch (commit: 39bbd1b) Resolves: rhbz#2063772

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module ruby:3.3 is enabled

ruby

3.3.8-4.module+el8.10.0+90625+b4030d02

ruby-bundled-gems

3.3.8-4.module+el8.10.0+90625+b4030d02

ruby-default-gems

3.3.8-4.module+el8.10.0+90625+b4030d02

ruby-devel

3.3.8-4.module+el8.10.0+90625+b4030d02

ruby-doc

3.3.8-4.module+el8.10.0+90625+b4030d02

ruby-libs

3.3.8-4.module+el8.10.0+90625+b4030d02

rubygem-abrt

0.4.0-1.module+el8.10.0+90287+d51aa4ed

rubygem-abrt-doc

0.4.0-1.module+el8.10.0+90287+d51aa4ed

rubygem-bigdecimal

3.1.5-4.module+el8.10.0+90625+b4030d02

rubygem-bundler

2.5.22-4.module+el8.10.0+90625+b4030d02

rubygem-io-console

0.7.1-4.module+el8.10.0+90625+b4030d02

rubygem-irb

1.13.1-4.module+el8.10.0+90625+b4030d02

rubygem-json

2.7.2-4.module+el8.10.0+90625+b4030d02

rubygem-minitest

5.20.0-4.module+el8.10.0+90625+b4030d02

rubygem-mysql2

0.5.5-1.module+el8.10.0+90287+d51aa4ed

rubygem-mysql2-doc

0.5.5-1.module+el8.10.0+90287+d51aa4ed

rubygem-pg

1.5.4-1.module+el8.10.0+90287+d51aa4ed

rubygem-pg-doc

1.5.4-1.module+el8.10.0+90287+d51aa4ed

rubygem-power_assert

2.0.3-4.module+el8.10.0+90625+b4030d02

rubygem-psych

5.1.2-4.module+el8.10.0+90625+b4030d02

rubygem-racc

1.7.3-4.module+el8.10.0+90625+b4030d02

rubygem-rake

13.1.0-4.module+el8.10.0+90625+b4030d02

rubygem-rbs

3.4.0-4.module+el8.10.0+90625+b4030d02

rubygem-rdoc

6.6.3.1-4.module+el8.10.0+90625+b4030d02

rubygem-rexml

3.3.9-4.module+el8.10.0+90625+b4030d02

rubygem-rss

0.3.1-4.module+el8.10.0+90625+b4030d02

rubygem-test-unit

3.6.1-4.module+el8.10.0+90625+b4030d02

rubygem-typeprof

0.21.9-4.module+el8.10.0+90625+b4030d02

rubygems

3.5.22-4.module+el8.10.0+90625+b4030d02

rubygems-devel

3.5.22-4.module+el8.10.0+90625+b4030d02

Oracle Linux x86_64

Module ruby:3.3 is enabled

ruby

3.3.8-4.module+el8.10.0+90625+b4030d02

ruby-bundled-gems

3.3.8-4.module+el8.10.0+90625+b4030d02

ruby-default-gems

3.3.8-4.module+el8.10.0+90625+b4030d02

ruby-devel

3.3.8-4.module+el8.10.0+90625+b4030d02

ruby-doc

3.3.8-4.module+el8.10.0+90625+b4030d02

ruby-libs

3.3.8-4.module+el8.10.0+90625+b4030d02

rubygem-abrt

0.4.0-1.module+el8.10.0+90287+d51aa4ed

rubygem-abrt-doc

0.4.0-1.module+el8.10.0+90287+d51aa4ed

rubygem-bigdecimal

3.1.5-4.module+el8.10.0+90625+b4030d02

rubygem-bundler

2.5.22-4.module+el8.10.0+90625+b4030d02

rubygem-io-console

0.7.1-4.module+el8.10.0+90625+b4030d02

rubygem-irb

1.13.1-4.module+el8.10.0+90625+b4030d02

rubygem-json

2.7.2-4.module+el8.10.0+90625+b4030d02

rubygem-minitest

5.20.0-4.module+el8.10.0+90625+b4030d02

rubygem-mysql2

0.5.5-1.module+el8.10.0+90287+d51aa4ed

rubygem-mysql2-doc

0.5.5-1.module+el8.10.0+90287+d51aa4ed

rubygem-pg

1.5.4-1.module+el8.10.0+90287+d51aa4ed

rubygem-pg-doc

1.5.4-1.module+el8.10.0+90287+d51aa4ed

rubygem-power_assert

2.0.3-4.module+el8.10.0+90625+b4030d02

rubygem-psych

5.1.2-4.module+el8.10.0+90625+b4030d02

rubygem-racc

1.7.3-4.module+el8.10.0+90625+b4030d02

rubygem-rake

13.1.0-4.module+el8.10.0+90625+b4030d02

rubygem-rbs

3.4.0-4.module+el8.10.0+90625+b4030d02

rubygem-rdoc

6.6.3.1-4.module+el8.10.0+90625+b4030d02

rubygem-rexml

3.3.9-4.module+el8.10.0+90625+b4030d02

rubygem-rss

0.3.1-4.module+el8.10.0+90625+b4030d02

rubygem-test-unit

3.6.1-4.module+el8.10.0+90625+b4030d02

rubygem-typeprof

0.21.9-4.module+el8.10.0+90625+b4030d02

rubygems

3.5.22-4.module+el8.10.0+90625+b4030d02

rubygems-devel

3.5.22-4.module+el8.10.0+90625+b4030d02

Связанные уязвимости

oracle-oval
около 1 месяца назад

ELSA-2025-8131: ruby security update (MODERATE)

oracle-oval
3 месяца назад

ELSA-2025-4493: ruby:3.3 security update (MODERATE)

oracle-oval
3 месяца назад

ELSA-2025-4488: ruby:3.1 security update (MODERATE)

oracle-oval
4 месяца назад

ELSA-2025-4063: ruby:3.1 security update (MODERATE)

CVSS3: 5.8
ubuntu
5 месяцев назад

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.