Описание
Security update for ruby2.5
This update for ruby2.5 fixes the following issues:
- CVE-2024-35221: Fixed remote DoS via YAML manifest (bsc#1225905)
- CVE-2024-47220: Fixed HTTP request smuggling in WEBrick (bsc#1230930)
- CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 (bsc#1232440)
- CVE-2025-24294: Fixed denial of service (DoS) caused by an insufficient check on the length of a decompressed domain name within a DNS packet in resolv gem (bsc#1246430)
- CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse (bsc#1237804)
- CVE-2025-27220: Fixed ReDoS in CGI::Util#escapeElement (bsc#1237806)
- CVE-2025-27221: Fixed userinfo leakage in URI#join, URI#merge and URI#+ (bsc#1237805)
- CVE-2025-6442: Fixed ruby WEBrick read_header HTTP request smuggling vulnerability (bsc#1245254)
Список пакетов
Container bci/ruby:2
SUSE Linux Enterprise Module for Basesystem 15 SP7
Ссылки
- Link for SUSE-SU-2025:4264-1
- E-Mail link for SUSE-SU-2025:4264-1
- SUSE Security Ratings
- SUSE Bug 1225905
- SUSE Bug 1230930
- SUSE Bug 1232440
- SUSE Bug 1235773
- SUSE Bug 1237804
- SUSE Bug 1237805
- SUSE Bug 1237806
- SUSE Bug 1245254
- SUSE Bug 1246430
- SUSE CVE CVE-2024-35221 page
- SUSE CVE CVE-2024-47220 page
- SUSE CVE CVE-2024-49761 page
- SUSE CVE CVE-2025-24294 page
- SUSE CVE CVE-2025-27219 page
- SUSE CVE CVE-2025-27220 page
- SUSE CVE CVE-2025-27221 page
- SUSE CVE CVE-2025-6442 page
Описание
Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-based metadata of a gem. YAML aliases allow for Denial of Service attacks with so-called `YAML-bombs` (comparable to Billion laughs attacks). This was patched. There is is no action required by users. This issue is also tracked as GHSL-2024-001 and was discovered by the GitHub security lab.
Затронутые продукты
Ссылки
- CVE-2024-35221
- SUSE Bug 1225905
Описание
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
Затронутые продукты
Ссылки
- CVE-2024-47220
- SUSE Bug 1230930
Описание
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
Затронутые продукты
Ссылки
- CVE-2024-49761
- SUSE Bug 1232440
Описание
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
Затронутые продукты
Ссылки
- CVE-2025-24294
- SUSE Bug 1246430
Описание
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
Затронутые продукты
Ссылки
- CVE-2025-27219
- SUSE Bug 1237804
Описание
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
Затронутые продукты
Ссылки
- CVE-2025-27220
- SUSE Bug 1237806
Описание
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
Затронутые продукты
Ссылки
- CVE-2025-27221
- SUSE Bug 1237805
Описание
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.
Затронутые продукты
Ссылки
- CVE-2025-6442
- SUSE Bug 1245252