Описание
ELSA-2025-23063: ruby:3.3 security update (MODERATE)
ruby [3.3.10-5]
- Upgrade to Ruby 3.3.10. Resolves: RHEL-127912
- Fix possible denial of service in resolv gem (CVE-2025-24294)
- Fix URI Credential Leakage Bypass previous fixes. (CVE-2025-61594)
- Fix REXML denial of service. (CVE-2025-58767) Resolves: RHEL-122015
rubygem-mysql2 rubygem-pg
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
Module ruby:3.3 is enabled
ruby
3.3.10-5.module+el9.7.0+90719+1f3245a0
ruby-bundled-gems
3.3.10-5.module+el9.7.0+90719+1f3245a0
ruby-default-gems
3.3.10-5.module+el9.7.0+90719+1f3245a0
ruby-devel
3.3.10-5.module+el9.7.0+90719+1f3245a0
ruby-doc
3.3.10-5.module+el9.7.0+90719+1f3245a0
ruby-libs
3.3.10-5.module+el9.7.0+90719+1f3245a0
rubygem-bigdecimal
3.1.5-5.module+el9.7.0+90719+1f3245a0
rubygem-bundler
2.5.22-5.module+el9.7.0+90719+1f3245a0
rubygem-io-console
0.7.1-5.module+el9.7.0+90719+1f3245a0
rubygem-irb
1.13.1-5.module+el9.7.0+90719+1f3245a0
rubygem-json
2.7.2-5.module+el9.7.0+90719+1f3245a0
rubygem-minitest
5.20.0-5.module+el9.7.0+90719+1f3245a0
rubygem-mysql2
0.5.5-3.module+el9.7.0+90719+1f3245a0
rubygem-mysql2-doc
0.5.5-3.module+el9.7.0+90719+1f3245a0
rubygem-power_assert
2.0.3-5.module+el9.7.0+90719+1f3245a0
rubygem-psych
5.1.2-5.module+el9.7.0+90719+1f3245a0
rubygem-racc
1.7.3-5.module+el9.7.0+90719+1f3245a0
rubygem-rake
13.1.0-5.module+el9.7.0+90719+1f3245a0
rubygem-rbs
3.4.0-5.module+el9.7.0+90719+1f3245a0
rubygem-rdoc
6.6.3.1-5.module+el9.7.0+90719+1f3245a0
rubygem-rexml
3.4.4-5.module+el9.7.0+90719+1f3245a0
rubygem-rss
0.3.1-5.module+el9.7.0+90719+1f3245a0
rubygem-test-unit
3.6.1-5.module+el9.7.0+90719+1f3245a0
rubygem-typeprof
0.21.9-5.module+el9.7.0+90719+1f3245a0
rubygems
3.5.22-5.module+el9.7.0+90719+1f3245a0
rubygems-devel
3.5.22-5.module+el9.7.0+90719+1f3245a0
rubygem-pg
1.5.4-1.module+el9.4.0+90257+8524dee7
rubygem-pg-doc
1.5.4-1.module+el9.4.0+90257+8524dee7
Oracle Linux x86_64
Module ruby:3.3 is enabled
ruby
3.3.10-5.module+el9.7.0+90719+1f3245a0
ruby-bundled-gems
3.3.10-5.module+el9.7.0+90719+1f3245a0
ruby-default-gems
3.3.10-5.module+el9.7.0+90719+1f3245a0
ruby-devel
3.3.10-5.module+el9.7.0+90719+1f3245a0
ruby-doc
3.3.10-5.module+el9.7.0+90719+1f3245a0
ruby-libs
3.3.10-5.module+el9.7.0+90719+1f3245a0
rubygem-bigdecimal
3.1.5-5.module+el9.7.0+90719+1f3245a0
rubygem-bundler
2.5.22-5.module+el9.7.0+90719+1f3245a0
rubygem-io-console
0.7.1-5.module+el9.7.0+90719+1f3245a0
rubygem-irb
1.13.1-5.module+el9.7.0+90719+1f3245a0
rubygem-json
2.7.2-5.module+el9.7.0+90719+1f3245a0
rubygem-minitest
5.20.0-5.module+el9.7.0+90719+1f3245a0
rubygem-mysql2
0.5.5-3.module+el9.7.0+90719+1f3245a0
rubygem-mysql2-doc
0.5.5-3.module+el9.7.0+90719+1f3245a0
rubygem-pg
1.5.4-1.module+el9.4.0+90257+8524dee7
rubygem-pg-doc
1.5.4-1.module+el9.4.0+90257+8524dee7
rubygem-power_assert
2.0.3-5.module+el9.7.0+90719+1f3245a0
rubygem-psych
5.1.2-5.module+el9.7.0+90719+1f3245a0
rubygem-racc
1.7.3-5.module+el9.7.0+90719+1f3245a0
rubygem-rake
13.1.0-5.module+el9.7.0+90719+1f3245a0
rubygem-rbs
3.4.0-5.module+el9.7.0+90719+1f3245a0
rubygem-rdoc
6.6.3.1-5.module+el9.7.0+90719+1f3245a0
rubygem-rexml
3.4.4-5.module+el9.7.0+90719+1f3245a0
rubygem-rss
0.3.1-5.module+el9.7.0+90719+1f3245a0
rubygem-test-unit
3.6.1-5.module+el9.7.0+90719+1f3245a0
rubygem-typeprof
0.21.9-5.module+el9.7.0+90719+1f3245a0
rubygems
3.5.22-5.module+el9.7.0+90719+1f3245a0
rubygems-devel
3.5.22-5.module+el9.7.0+90719+1f3245a0
Связанные CVE
Связанные уязвимости
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.