ruby:3.3 security update

ruby 3.3.10-6 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171247 rubygem-abrt 0.4.0-1 - Update to abrt 0.4.0. Resolves: rhbz1842476 rubygem-mysql2 0.5.5-1 - Upgrade to mysql2 0.5.5. Related: RHEL-17090 rubygem-pg 1.5.4-1 - Upgrade to pg 1.5.4...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-excon (UTSA-2026-016618)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016618 advisory. In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave da...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-kramdown (UTSA-2026-016633)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016633 advisory. Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. Tenable has extracted th...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-kramdown (UTSA-2026-016646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016646 advisory. The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-rails (UTSA-2026-016644)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016644 advisory. A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length o...

Important Photon OS Security Update - PHSA-2026-4.0-1018

Updates of 'rubygem-nokogiri' packages of Photon OS have been released...

ROS-20260513-73-0007

Vulnerability in rubygem-rack related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260513-73-0003

Vulnerability in rubygem-rack related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260513-73-0006

Vulnerability in rubygem-rack related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260513-73-0005

An interpretation conflict vulnerability in rubygem-rack. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260513-73-0009

Vulnerability in rubygem-rack related to misbehavior. Exploitation of the vulnerability could allow a remote attacker to bypass authentication and perform cross-site scripting...

ROS-20260513-73-0002

Vulnerability in rubygem-rack related to permissive regular expressions. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20260513-73-0004

Vulnerability in rubygem-rack related to permissive regular expressions. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-actionpack (UTSA-2026-017610)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017610 advisory. The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-puma (UTSA-2026-017658)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017658 advisory. Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-puma (UTSA-2026-017528)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017528 advisory. In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If th...

OESA-2026-2205 rubygem-yard security update

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

CVE-2026-35201 affecting package rubygem-rdiscount for versions less than 2.2.7.4-1

CVE-2026-35201 affecting package rubygem-rdiscount for versions less than 2.2.7.4-1. An upgraded version of the package is available that resolves this issue...

ROS-20260508-73-0001

Vulnerability in rubygem-activestorage related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260508-73-0002

Vulnerability in rubygem-activesupport related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...