Описание
Security update for ruby2.5
This update for ruby2.5 fixes the following issues:
- CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse (bsc#1237804)
- CVE-2025-27220: Fixed ReDoS in CGI::Util#escapeElement (bsc#1237806)
Other fixes:
- Improved fix for CVE-2024-47220 (bsc#1230930, bsc#1235773)
Список пакетов
Container bci/ruby:latest
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
Container suse/rmt-server:latest
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
Image SLES15-SP4-SAP-BYOS
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
Image SLES15-SP4-SAP-BYOS-EC2
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Enterprise Storage 7.1
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Manager Proxy 4.3
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
SUSE Manager Server 4.3
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
openSUSE Leap 15.6
libruby2_5-2_5-2.5.9-150000.4.41.1
ruby2.5-2.5.9-150000.4.41.1
ruby2.5-devel-2.5.9-150000.4.41.1
ruby2.5-devel-extra-2.5.9-150000.4.41.1
ruby2.5-doc-2.5.9-150000.4.41.1
ruby2.5-doc-ri-2.5.9-150000.4.41.1
ruby2.5-stdlib-2.5.9-150000.4.41.1
Ссылки
- Link for SUSE-SU-2025:1369-1
- E-Mail link for SUSE-SU-2025:1369-1
- SUSE Security Ratings
- SUSE Bug 1230930
- SUSE Bug 1235773
- SUSE Bug 1237804
- SUSE Bug 1237806
- SUSE CVE CVE-2024-47220 page
- SUSE CVE CVE-2025-27219 page
- SUSE CVE CVE-2025-27220 page
Описание
** DISPUTED ** An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
Затронутые продукты
Container bci/ruby:latest:libruby2_5-2_5-2.5.9-150000.4.41.1
Container bci/ruby:latest:ruby2.5-2.5.9-150000.4.41.1
Container bci/ruby:latest:ruby2.5-devel-2.5.9-150000.4.41.1
Container bci/ruby:latest:ruby2.5-stdlib-2.5.9-150000.4.41.1
Ссылки
- CVE-2024-47220
- SUSE Bug 1230930
Описание
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
Затронутые продукты
Container bci/ruby:latest:libruby2_5-2_5-2.5.9-150000.4.41.1
Container bci/ruby:latest:ruby2.5-2.5.9-150000.4.41.1
Container bci/ruby:latest:ruby2.5-devel-2.5.9-150000.4.41.1
Container bci/ruby:latest:ruby2.5-stdlib-2.5.9-150000.4.41.1
Ссылки
- CVE-2025-27219
- SUSE Bug 1237804
Описание
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
Затронутые продукты
Container bci/ruby:latest:libruby2_5-2_5-2.5.9-150000.4.41.1
Container bci/ruby:latest:ruby2.5-2.5.9-150000.4.41.1
Container bci/ruby:latest:ruby2.5-devel-2.5.9-150000.4.41.1
Container bci/ruby:latest:ruby2.5-stdlib-2.5.9-150000.4.41.1
Ссылки
- CVE-2025-27220
- SUSE Bug 1237806