ruby:3.3 security update

ruby 3.3.10-6 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171255 3.3.10-5 - Upgrade to Ruby 3.3.10. Resolves: RHEL-127912 - Fix possible denial of service in resolv gem CVE-2025-24294 - Fix URI Credential Leakage Bypass previous fixes...

Oracle Linux 9 : ruby:3.3 (ELSA-2026-18030)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18030 advisory. - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171255 - Fix possible denial of service in resolv gem...

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017613 advisory. The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can ...

Astra Linux – Vulnerability in Ruby 2.5

The REXML gem before version 3.2.5 in Ruby, before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly handle XML round-trip issues. An incorrect document may be generated after parsing and serializing...

Astra Linux – Vulnerability in Ruby 2.5

REXML is an XML toolkit for Ruby. The REXML gem before version 3.3.6 has a DoS vulnerability when it parses XMLs that contain many elements with the same local name attribute. If you need to parse untrusted XMLs using tree parser APIs like REXML::Document.new, you may be vulnerable to this...

ROOT-OS-ALPINE-318-CVE-2024-41946 CVE-2024-41946 in rootio-ruby-rexml - Patched by Root

Root has patched CVE-2024-41946 in the rootio-ruby-rexml package for Root:Alpine:3.18. Multiple fixed versions available...

SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2026:1066-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1066-1 advisory. - CVE-2024-49761: ReDoS vulnerability in REXML gem bsc1232440 bsc1232441. - CVE-2025-58767: denial of service...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-49761: ReDoS vulnerability in REXML gem bsc1232440 bsc1232441. CVE-2025-58767: denial of service when parsing XML containing multiple XML declarations bsc1250016. CVE-2026-27820: insufficient checks in zstreambufferungets can lead to a...

SUSE-SU-2026:1066-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-49761: ReDoS vulnerability in REXML gem bsc1232440 bsc1232441. - CVE-2025-58767: denial of service when parsing XML containing multiple XML declarations bsc1250016. - CVE-2026-27820: insufficient checks in zstreambufferungets can lead...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2026-1324)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fi...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2026-1350)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fi...

CVE-2025-10990

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

CVE-2025-10990 Rexml: rexml: denial of service via inefficient regex parsing

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

CVE-2025-10990

CVE-2025-10990 affects REXML and describes a Regular Expression Denial of Service (ReDoS) due to inefficient regex parsing of hex numeric character references (&#x...;) in XML. This is noted as the incomplete fix of CVE-2024-49761. The provided documents do not specify affected versions or explic...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-005361)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005361 advisory. REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005311)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005311 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005318)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005318 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005310 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005312)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005312 advisory. REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The...

Azure Linux 3.0 Security Update: ruby / rubygem-rexml (CVE-2024-49761)

The version of ruby / rubygem-rexml installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49761 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it...