Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:02739-2

Опубликовано: 01 сент. 2025
Источник: suse-cvrf

Описание

Security update for ruby2.5

This update for ruby2.5 fixes the following issues:

  • CVE-2025-6442: Fixed read_header HTTP Request Smuggling Vulnerability in WEBrick (bsc#1245254)
  • CVE-2025-27221: Fixed userinfo leakage in URI#join, URI#merge and URI#+ (bsc#1237805)

Список пакетов

Image SLES15-SP5-Azure-3P
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
Image SLES15-SP6
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
Image SLES15-SP6-Azure-3P
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
Image SLES15-SP6-Azure-Standard
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Enterprise Storage 7.1
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Manager Proxy 4.3
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1
SUSE Manager Server 4.3
libruby2_5-2_5-2.5.9-150000.4.46.1
ruby2.5-2.5.9-150000.4.46.1
ruby2.5-devel-2.5.9-150000.4.46.1
ruby2.5-devel-extra-2.5.9-150000.4.46.1
ruby2.5-stdlib-2.5.9-150000.4.46.1

Ссылки

Описание

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

Затронутые продукты
Image SLES15-SP5-Azure-3P:libruby2_5-2_5-2.5.9-150000.4.46.1
Image SLES15-SP5-Azure-3P:ruby2.5-2.5.9-150000.4.46.1
Image SLES15-SP5-Azure-3P:ruby2.5-stdlib-2.5.9-150000.4.46.1
Image SLES15-SP6-Azure-3P:libruby2_5-2_5-2.5.9-150000.4.46.1
Ссылки

Описание

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.

Затронутые продукты
Image SLES15-SP5-Azure-3P:libruby2_5-2_5-2.5.9-150000.4.46.1
Image SLES15-SP5-Azure-3P:ruby2.5-2.5.9-150000.4.46.1
Image SLES15-SP5-Azure-3P:ruby2.5-stdlib-2.5.9-150000.4.46.1
Image SLES15-SP6-Azure-3P:libruby2_5-2_5-2.5.9-150000.4.46.1
Ссылки