Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:8131

Опубликовано: 03 окт. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

  • net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion (CVE-2025-25186)

  • CGI: Denial of Service in CGI::Cookie.parse (CVE-2025-27219)

  • uri: userinfo leakage in URI#join, URI#merge and URI#+ (CVE-2025-27221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 10

НаименованиеАрхитектураРелизRPM
rubyx86_6410.el10_0ruby-3.3.8-10.el10_0.x86_64.rpm
ruby-bundled-gemsx86_6410.el10_0ruby-bundled-gems-3.3.8-10.el10_0.x86_64.rpm
ruby-default-gemsnoarch10.el10_0ruby-default-gems-3.3.8-10.el10_0.noarch.rpm
ruby-develx86_6410.el10_0ruby-devel-3.3.8-10.el10_0.x86_64.rpm
rubygem-bigdecimalx86_6410.el10_0rubygem-bigdecimal-3.1.5-10.el10_0.x86_64.rpm
rubygem-bundlernoarch10.el10_0rubygem-bundler-2.5.22-10.el10_0.noarch.rpm
rubygem-io-consolex86_6410.el10_0rubygem-io-console-0.7.1-10.el10_0.x86_64.rpm
rubygem-irbnoarch10.el10_0rubygem-irb-1.13.1-10.el10_0.noarch.rpm
rubygem-jsonx86_6410.el10_0rubygem-json-2.7.2-10.el10_0.x86_64.rpm
rubygem-minitestnoarch10.el10_0rubygem-minitest-5.20.0-10.el10_0.noarch.rpm

Показывать по

Связанные CVE

CVE-2025-25186
CVE-2025-27219
CVE-2025-27221

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2025-8131

oracle-oval
4 месяца назад

ELSA-2025-8131: ruby security update (MODERATE)

oracle-oval логотип

ELSA-2025-4493

oracle-oval
6 месяцев назад

ELSA-2025-4493: ruby:3.3 security update (MODERATE)

oracle-oval логотип

ELSA-2025-10217

oracle-oval
4 месяца назад

ELSA-2025-10217: ruby:3.3 security update (MODERATE)

ubuntu логотип

CVE-2025-25186

CVSS3: 6.5
ubuntu
9 месяцев назад

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.

redhat логотип

CVE-2025-25186

CVSS3: 6.5
redhat
9 месяцев назад

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.