ruby:3.1 security update

ruby 3.1.7-145 - Upgrade to Ruby 3.1.7. Resolves: RHEL-55408 - Fix DoS vulnerability in REXML. CVE-2024-39908 Resolves: RHEL-57051 - Fix DoS vulnerability in REXML. CVE-2024-43398 Resolves: RHEL-56002 3.1.5-144 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68520 3.1.5-143 - Upgra...

[SECURITY] Fedora 41 Update: ruby-3.3.8-19.fc41

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Fedora 41 : ruby (2025-60513bdbbd)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-60513bdbbd advisory. Upgrade to Ruby 3.3.8. CVE-2025-25186: Fix Net::IMAP vulnerable to possible DoS by memory exhaustion Resolves: rhbz2345557 CVE-2025-27219: Denial of...

Ubuntu 16.04 LTS / 18.04 LTS : Ruby vulnerabilities (USN-7442-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7442-1 advisory. It was discovered that the Ruby CGI gem incorrectly handled parsing certain cookies. A remote attacker could possibly use this issue to consu...

Azure Linux 3.0 Security Update: ruby (CVE-2025-27219)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27219 advisory. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential...

Azure Linux 3.0 Security Update: ruby (CVE-2025-27221)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27221 advisory. - In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent...

Azure Linux 3.0 Security Update: ruby (CVE-2025-27220)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27220 advisory. - In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the...

CLSA-2025-1745053071 ruby: Fix of CVE-2024-49761

CVE-2024-49761: parse XML with many digits in hex numeric character reference &x... to fix ReDoS vulnerability in REXML...

CVE-2025-27219 affecting package ruby for versions less than 3.3.5-3

CVE-2025-27219 affecting package ruby for versions less than 3.3.5-3. A patched version of the package is available...

CVE-2025-27221 affecting package ruby for versions less than 3.3.5-3

CVE-2025-27221 affecting package ruby for versions less than 3.3.5-3. A patched version of the package is available...

CVE-2025-27220 affecting package ruby for versions less than 3.3.5-3

CVE-2025-27220 affecting package ruby for versions less than 3.3.5-3. A patched version of the package is available...

Ubuntu: Security Advisory (USN-7442-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-46986

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...

USN-7442-1: Ruby vulnerabilities

It was discovered that the Ruby CGI gem incorrectly handled parsing certain cookies. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. CVE-2025-27219 It was discovered that the Ruby CGI gem incorrectly handled parsing certain regular expressions...

USN-7442-1 ruby2.3, ruby2.5 vulnerabilities

It was discovered that the Ruby CGI gem incorrectly handled parsing certain cookies. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. CVE-2025-27219 It was discovered that the Ruby CGI gem incorrectly handled parsing certain regular expressions...

Amazon Linux 2 : pcs (ALAS-2025-2822)

The version of pcs installed on the remote host is prior to 0.9.169-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2822 advisory. Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type...

CVE-2025-25186 affecting package ruby for versions less than 3.3.5-2

CVE-2025-25186 affecting package ruby for versions less than 3.3.5-2. A patched version of the package is available...

Security Bulletin: Vulnerability in HAProxy (CVE-2023-45539) affects IBM Watson CP4D Data Stores

Summary A potential sensitive information disclosure vulnerability CVE-2023-45539 has been identified related to HAProxy that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45539...

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9.

Summary There are vulnerabilities in the Ruby On Rails component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-47887 DESCRIPTION: railsis vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in HTTP Token authentication in Action...

RHEL 6 : ruby193-ruby (RHSA-2014:0011)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0011 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks...