Описание
Security update for ruby2.5
This update for ruby2.5 fixes the following issues:
- CVE-2025-24294: resolv: insufficient checks on the length of a decompressed domain name when processing a DNS packet can lead to a denial of service due to excessive resource consumption (bsc#1246430).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
libruby2_5-2_5-2.5.9-150000.4.54.1
ruby2.5-2.5.9-150000.4.54.1
ruby2.5-devel-2.5.9-150000.4.54.1
ruby2.5-devel-extra-2.5.9-150000.4.54.1
ruby2.5-stdlib-2.5.9-150000.4.54.1
openSUSE Leap 15.6
libruby2_5-2_5-2.5.9-150000.4.54.1
ruby2.5-2.5.9-150000.4.54.1
ruby2.5-devel-2.5.9-150000.4.54.1
ruby2.5-devel-extra-2.5.9-150000.4.54.1
ruby2.5-doc-2.5.9-150000.4.54.1
ruby2.5-doc-ri-2.5.9-150000.4.54.1
ruby2.5-stdlib-2.5.9-150000.4.54.1
Ссылки
- Link for SUSE-SU-2025:3776-1
- E-Mail link for SUSE-SU-2025:3776-1
- SUSE Security Ratings
- SUSE Bug 1246430
- SUSE CVE CVE-2025-24294 page
Описание
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:libruby2_5-2_5-2.5.9-150000.4.54.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:ruby2.5-2.5.9-150000.4.54.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:ruby2.5-devel-2.5.9-150000.4.54.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:ruby2.5-devel-extra-2.5.9-150000.4.54.1
Ссылки
- CVE-2025-24294
- SUSE Bug 1246430