Moderate: ruby:3.1 security update

🗓️ 22 Apr 2025 00:00:00Reported by AlmaLinuxType

almalinux

almalinux🔗 errata.almalinux.org👁 4 Views

Moderate Ruby security update fixes DoS in REXML and CGI and leakage in URI across several CVEs.

Reporter	Title	Published	Views	Family All 716
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities	21 Oct 202415:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Software Support mobile app is vulnerable to multiple vulnerabilities due to 3rd party software	27 Feb 202519:51	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) may affect IBM watsonx Assistant for IBM Cloud Pak for Data	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool.	17 Sep 202408:56	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) affects IBM Watson CP4D Data Stores	28 Jan 202521:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	15 Apr 202503:11	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities addressed in Cloudera Base on premises Cloudera Runtime 7.3.1.700 SP3 CHF 2	9 Mar 202617:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	2 Mar 202616:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rexml-3.2.8	29 Aug 202418:53	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) affects IBM Watson CP4D Data Stores	28 Jan 202521:51	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
almalinux	8	noarch	rubygem-irb	1.4.1-145.module_el8.10.0+3984+cf55e3df	rubygem-irb-1.4.1-145.module_el8.10.0+3984+cf55e3df.noarch.rpm
almalinux	8	i686	ruby-bundled-gems	3.1.7-145.module_el8.10.0+3984+cf55e3df	ruby-bundled-gems-3.1.7-145.module_el8.10.0+3984+cf55e3df.i686.rpm
almalinux	8	noarch	rubygem-rake	13.0.6-145.module_el8.10.0+3984+cf55e3df	rubygem-rake-13.0.6-145.module_el8.10.0+3984+cf55e3df.noarch.rpm
almalinux	8	i686	rubygem-psych	4.0.4-145.module_el8.10.0+3984+cf55e3df	rubygem-psych-4.0.4-145.module_el8.10.0+3984+cf55e3df.i686.rpm
almalinux	8	noarch	rubygem-typeprof	0.21.3-145.module_el8.10.0+3984+cf55e3df	rubygem-typeprof-0.21.3-145.module_el8.10.0+3984+cf55e3df.noarch.rpm
almalinux	8	i686	ruby	3.1.7-145.module_el8.10.0+3984+cf55e3df	ruby-3.1.7-145.module_el8.10.0+3984+cf55e3df.i686.rpm
almalinux	8	noarch	ruby-doc	3.1.7-145.module_el8.10.0+3984+cf55e3df	ruby-doc-3.1.7-145.module_el8.10.0+3984+cf55e3df.noarch.rpm
almalinux	8	noarch	ruby-default-gems	3.1.7-145.module_el8.10.0+3984+cf55e3df	ruby-default-gems-3.1.7-145.module_el8.10.0+3984+cf55e3df.noarch.rpm
almalinux	8	noarch	rubygem-abrt-doc	0.4.0-1.module_el8.10.0+3854+02eaa59a	rubygem-abrt-doc-0.4.0-1.module_el8.10.0+3854+02eaa59a.noarch.rpm
almalinux	8	noarch	rubygem-rss	0.3.1-145.module_el8.10.0+3984+cf55e3df	rubygem-rss-0.3.1-145.module_el8.10.0+3984+cf55e3df.noarch.rpm

Source	Link
access	www.access.redhat.com/errata/RHSA-2025:4063
access	www.access.redhat.com/security/cve/CVE-2024-39908
access	www.access.redhat.com/security/cve/CVE-2024-41123
access	www.access.redhat.com/security/cve/CVE-2024-41946
access	www.access.redhat.com/security/cve/CVE-2024-43398
access	www.access.redhat.com/security/cve/CVE-2025-27219
access	www.access.redhat.com/security/cve/CVE-2025-27220
access	www.access.redhat.com/security/cve/CVE-2025-27221
bugzilla	www.bugzilla.redhat.com/2298243
bugzilla	www.bugzilla.redhat.com/2302268

09 Apr 2026 17:44Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.15.9 - 7.5

EPSS0.08335

SSVC

ruby rexml denial of service cgi vulnerability uri leakage cve 2024 39908 cve 2024 41123 cve 2024 41946 cve 2024 43398 cve 2025 27220 cve 2025 27219 cve 2025 27221