openSUSE Security Advisory (SUSE-SU-2025:3776-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2025-24294: resolv: insufficient checks on the length of a decompressed domain name when processing a DNS packet can lead to a denial of service due to excessive resource consumption bsc1246430. Patch Instructions: To install this SUSE updat...

SUSE-SU-2025:3776-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2025-24294: resolv: insufficient checks on the length of a decompressed domain name when processing a DNS packet can lead to a denial of service due to excessive resource consumption bsc1246430...

OPENSUSE-SU-2025:15642-1 ruby3.4-rubygem-rack-2.2-2.2.20-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.20-1.1 package on the GA media of openSUSE Tumbleweed...

GHSA-6XW4-3V39-52MM vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, kube-fluentd-operator, ruby3.4-rails, logstash, ruby3.3-rack...

CVE-2025-61780 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, kube-fluentd-operator, ruby3.4-rails, logstash, ruby3.3-rack...

CVE-2025-61919 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, kube-fluentd-operator, ruby3.4-rails, logstash, ruby3.3-rack...

GHSA-R657-RXJC-J557 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, kube-fluentd-operator, ruby3.4-rails, logstash, ruby3.3-rack...

GHSA-R657-RXJC-J557 vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, logstash, ruby3.2-rails, ruby3.3-rack, ruby3.4-rails, kube-fluentd-operator...

CVE-2025-61919 vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, logstash, ruby3.2-rails, ruby3.3-rack, ruby3.4-rails, kube-fluentd-operator...

CVE-2025-61780 vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, logstash, ruby3.2-rails, ruby3.3-rack, ruby3.4-rails, kube-fluentd-operator...

ROS-20251014-01

The vulnerability of the Rack module interface of the Ruby programming language interpreter is related to the fact that application does not properly control consumption of internal resources in the function "Rack::QueryParser" function. Exploitation of the vulnerability could allow an attacker...

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

...

Sinatra is vulnerable to ReDoS through ETag header value generation

Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...

GHSA-MR3Q-G2MV-MR4Q Sinatra is vulnerable to ReDoS through ETag header value generation

Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...

EUVD-2025-33767

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...

OPENSUSE-SU-2025:15623-1 ruby3.4-rubygem-rack-session-2.1.1-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rack-session-2.1.1-1.1 package on the GA media of openSUSE Tumbleweed...

Sinatra is vulnerable to ReDoS through ETag header value generation

Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...

ruby3.4-rubygem-rack-2.2-2.2.19-1.1 on GA media (moderate)

ruby3.4-rubygem-rack-2.2-2.2.19-1.1 on GA media Announcement ID: openSUSE-SU-2025:15621-1 Rating: moderate Cross-References: CVE-2025-61770 CVE-2025-61771 CVE-2025-61772 CVSS scores: CVE-2025-61770 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-61770 SUSE : 8.7...

GHSA-W9PC-FMGC-VXVW vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, ruby3.4-rails, gitlab-cng, logstash, ruby3.3-rack...