Описание
ELSA-2025-23141: ruby security update (MODERATE)
[3.3.10-11]
- Upgrade to Ruby 3.3.10. Resolves: RHEL-130160
- Fix possible denial of service in resolv gem (CVE-2025-24294)
- Fix URI Credential Leakage Bypass previous fixes. (CVE-2025-61594)
- Fix REXML denial of service. (CVE-2025-58767) Resolves: RHEL-122028
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
ruby
3.3.10-11.el10_1
ruby-bundled-gems
3.3.10-11.el10_1
ruby-default-gems
3.3.10-11.el10_1
ruby-devel
3.3.10-11.el10_1
ruby-doc
3.3.10-11.el10_1
ruby-libs
3.3.10-11.el10_1
rubygem-bigdecimal
3.1.5-11.el10_1
rubygem-bundler
2.5.22-11.el10_1
rubygem-io-console
0.7.1-11.el10_1
rubygem-irb
1.13.1-11.el10_1
rubygem-json
2.7.2-11.el10_1
rubygem-minitest
5.20.0-11.el10_1
rubygem-power_assert
2.0.3-11.el10_1
rubygem-psych
5.1.2-11.el10_1
rubygem-racc
1.7.3-11.el10_1
rubygem-rake
13.1.0-11.el10_1
rubygem-rbs
3.4.0-11.el10_1
rubygem-rdoc
6.6.3.1-11.el10_1
rubygem-rexml
3.4.4-11.el10_1
rubygem-rss
0.3.1-11.el10_1
rubygem-test-unit
3.6.1-11.el10_1
rubygem-typeprof
0.21.9-11.el10_1
rubygems
3.5.22-11.el10_1
rubygems-devel
3.5.22-11.el10_1
Oracle Linux x86_64
ruby
3.3.10-11.el10_1
ruby-bundled-gems
3.3.10-11.el10_1
ruby-default-gems
3.3.10-11.el10_1
ruby-devel
3.3.10-11.el10_1
ruby-doc
3.3.10-11.el10_1
ruby-libs
3.3.10-11.el10_1
rubygem-bigdecimal
3.1.5-11.el10_1
rubygem-bundler
2.5.22-11.el10_1
rubygem-io-console
0.7.1-11.el10_1
rubygem-irb
1.13.1-11.el10_1
rubygem-json
2.7.2-11.el10_1
rubygem-minitest
5.20.0-11.el10_1
rubygem-power_assert
2.0.3-11.el10_1
rubygem-psych
5.1.2-11.el10_1
rubygem-racc
1.7.3-11.el10_1
rubygem-rake
13.1.0-11.el10_1
rubygem-rbs
3.4.0-11.el10_1
rubygem-rdoc
6.6.3.1-11.el10_1
rubygem-rexml
3.4.4-11.el10_1
rubygem-rss
0.3.1-11.el10_1
rubygem-test-unit
3.6.1-11.el10_1
rubygem-typeprof
0.21.9-11.el10_1
rubygems
3.5.22-11.el10_1
rubygems-devel
3.5.22-11.el10_1
Связанные CVE
Связанные уязвимости
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.