Описание
ELSA-2025-4493: ruby:3.3 security update (MODERATE)
ruby [3.3.8-4]
- Upgrade to Ruby 3.3.8. Resolves: RHEL-86933
- Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186)
- Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219) Resolves: RHEL-87182
- Fix userinfo leakage in URI#join, URI#merge and URI#+. (CVE-2025-27221)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
Module ruby:3.3 is enabled
ruby
3.3.8-4.module+el9.5.0+90562+4bc8f111
ruby-bundled-gems
3.3.8-4.module+el9.5.0+90562+4bc8f111
ruby-default-gems
3.3.8-4.module+el9.5.0+90562+4bc8f111
ruby-devel
3.3.8-4.module+el9.5.0+90562+4bc8f111
ruby-doc
3.3.8-4.module+el9.5.0+90562+4bc8f111
ruby-libs
3.3.8-4.module+el9.5.0+90562+4bc8f111
rubygem-bigdecimal
3.1.5-4.module+el9.5.0+90562+4bc8f111
rubygem-bundler
2.5.22-4.module+el9.5.0+90562+4bc8f111
rubygem-io-console
0.7.1-4.module+el9.5.0+90562+4bc8f111
rubygem-irb
1.13.1-4.module+el9.5.0+90562+4bc8f111
rubygem-json
2.7.2-4.module+el9.5.0+90562+4bc8f111
rubygem-minitest
5.20.0-4.module+el9.5.0+90562+4bc8f111
rubygem-power_assert
2.0.3-4.module+el9.5.0+90562+4bc8f111
rubygem-psych
5.1.2-4.module+el9.5.0+90562+4bc8f111
rubygem-racc
1.7.3-4.module+el9.5.0+90562+4bc8f111
rubygem-rake
13.1.0-4.module+el9.5.0+90562+4bc8f111
rubygem-rbs
3.4.0-4.module+el9.5.0+90562+4bc8f111
rubygem-rdoc
6.6.3.1-4.module+el9.5.0+90562+4bc8f111
rubygem-rexml
3.3.9-4.module+el9.5.0+90562+4bc8f111
rubygem-rss
0.3.1-4.module+el9.5.0+90562+4bc8f111
rubygem-test-unit
3.6.1-4.module+el9.5.0+90562+4bc8f111
rubygem-typeprof
0.21.9-4.module+el9.5.0+90562+4bc8f111
rubygems
3.5.22-4.module+el9.5.0+90562+4bc8f111
rubygems-devel
3.5.22-4.module+el9.5.0+90562+4bc8f111
rubygem-mysql2
0.5.5-1.module+el9.4.0+90257+8524dee7
rubygem-mysql2-doc
0.5.5-1.module+el9.4.0+90257+8524dee7
rubygem-pg
1.5.4-1.module+el9.4.0+90257+8524dee7
rubygem-pg-doc
1.5.4-1.module+el9.4.0+90257+8524dee7
Oracle Linux x86_64
Module ruby:3.3 is enabled
ruby
3.3.8-4.module+el9.5.0+90562+4bc8f111
ruby-bundled-gems
3.3.8-4.module+el9.5.0+90562+4bc8f111
ruby-default-gems
3.3.8-4.module+el9.5.0+90562+4bc8f111
ruby-devel
3.3.8-4.module+el9.5.0+90562+4bc8f111
ruby-doc
3.3.8-4.module+el9.5.0+90562+4bc8f111
ruby-libs
3.3.8-4.module+el9.5.0+90562+4bc8f111
rubygem-bigdecimal
3.1.5-4.module+el9.5.0+90562+4bc8f111
rubygem-bundler
2.5.22-4.module+el9.5.0+90562+4bc8f111
rubygem-io-console
0.7.1-4.module+el9.5.0+90562+4bc8f111
rubygem-irb
1.13.1-4.module+el9.5.0+90562+4bc8f111
rubygem-json
2.7.2-4.module+el9.5.0+90562+4bc8f111
rubygem-minitest
5.20.0-4.module+el9.5.0+90562+4bc8f111
rubygem-mysql2-doc
0.5.5-1.module+el9.4.0+90257+8524dee7
rubygem-pg
1.5.4-1.module+el9.4.0+90257+8524dee7
rubygem-pg-doc
1.5.4-1.module+el9.4.0+90257+8524dee7
rubygem-power_assert
2.0.3-4.module+el9.5.0+90562+4bc8f111
rubygem-psych
5.1.2-4.module+el9.5.0+90562+4bc8f111
rubygem-racc
1.7.3-4.module+el9.5.0+90562+4bc8f111
rubygem-rake
13.1.0-4.module+el9.5.0+90562+4bc8f111
rubygem-rbs
3.4.0-4.module+el9.5.0+90562+4bc8f111
rubygem-rdoc
6.6.3.1-4.module+el9.5.0+90562+4bc8f111
rubygem-rexml
3.3.9-4.module+el9.5.0+90562+4bc8f111
rubygem-rss
0.3.1-4.module+el9.5.0+90562+4bc8f111
rubygem-test-unit
3.6.1-4.module+el9.5.0+90562+4bc8f111
rubygem-typeprof
0.21.9-4.module+el9.5.0+90562+4bc8f111
rubygems
3.5.22-4.module+el9.5.0+90562+4bc8f111
rubygems-devel
3.5.22-4.module+el9.5.0+90562+4bc8f111
rubygem-mysql2
0.5.5-1.module+el9.4.0+90257+8524dee7
Связанные CVE
Связанные уязвимости
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.