MGASA-2025-0290 Updated ruby packages fix security vulnerabilities

Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it...

ruby:3.1 security update

ruby 3.1.5-144 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68520 rubygem-abrt rubygem-mysql2 rubygem-pg...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Path Traversal to Arbitrary File Read User Permissions Not Validated in ProjectExportWorker XSS Vulnerability in File API Package and File Disclosure through GitLab Workhorse XSS Vulnerability in Create Groups Issue and Merge Request Activity Counts Exposed Email Confirmation Bypa...

Gitlab -- multiple vulnerabilities

Gitlab reports: Wiki XSS Sanitize gem updates XSS in urlforparams Content injection via username Activity feed publicly displaying internal project names Persistent XSS in charts...