OESA-2026-2578
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2578
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-2578.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-2578
- Upstream
- Published
- 2026-06-05T15:49:06Z
- Modified
- 2026-06-05T16:00:42.556974427Z
- Summary
- ruby security update
- Details
-
Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl).
Security Fix(es):
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.(CVE-2026-42245)
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.(CVE-2026-42246)
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.(CVE-2026-42257)
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.(CVE-2026-42258)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:20.03-LTS-SP4 / ruby
Package
- Name
- ruby
- Purl
- pkg:rpm/openEuler/ruby&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.8-138.oe2003sp4
Ecosystem specific
{
"src": [
"ruby-2.5.8-138.oe2003sp4.src.rpm"
],
"x86_64": [
"ruby-2.5.8-138.oe2003sp4.x86_64.rpm",
"ruby-debuginfo-2.5.8-138.oe2003sp4.x86_64.rpm",
"ruby-debugsource-2.5.8-138.oe2003sp4.x86_64.rpm",
"ruby-devel-2.5.8-138.oe2003sp4.x86_64.rpm",
"rubygem-bigdecimal-1.3.4-138.oe2003sp4.x86_64.rpm",
"rubygem-io-console-0.4.6-138.oe2003sp4.x86_64.rpm",
"rubygem-json-2.1.0-138.oe2003sp4.x86_64.rpm",
"rubygem-openssl-2.1.2-138.oe2003sp4.x86_64.rpm",
"rubygem-psych-3.0.2-138.oe2003sp4.x86_64.rpm"
],
"aarch64": [
"ruby-2.5.8-138.oe2003sp4.aarch64.rpm",
"ruby-debuginfo-2.5.8-138.oe2003sp4.aarch64.rpm",
"ruby-debugsource-2.5.8-138.oe2003sp4.aarch64.rpm",
"ruby-devel-2.5.8-138.oe2003sp4.aarch64.rpm",
"rubygem-bigdecimal-1.3.4-138.oe2003sp4.aarch64.rpm",
"rubygem-io-console-0.4.6-138.oe2003sp4.aarch64.rpm",
"rubygem-json-2.1.0-138.oe2003sp4.aarch64.rpm",
"rubygem-openssl-2.1.2-138.oe2003sp4.aarch64.rpm",
"rubygem-psych-3.0.2-138.oe2003sp4.aarch64.rpm"
],
"noarch": [
"ruby-help-2.5.8-138.oe2003sp4.noarch.rpm",
"ruby-irb-2.5.8-138.oe2003sp4.noarch.rpm",
"rubygem-did_you_mean-1.2.0-138.oe2003sp4.noarch.rpm",
"rubygem-minitest-5.10.3-138.oe2003sp4.noarch.rpm",
"rubygem-net-telnet-0.1.1-138.oe2003sp4.noarch.rpm",
"rubygem-power_assert-1.1.1-138.oe2003sp4.noarch.rpm",
"rubygem-rake-12.3.0-138.oe2003sp4.noarch.rpm",
"rubygem-rdoc-6.0.1.1-138.oe2003sp4.noarch.rpm",
"rubygem-test-unit-3.2.7-138.oe2003sp4.noarch.rpm",
"rubygem-xmlrpc-0.3.0-138.oe2003sp4.noarch.rpm",
"rubygems-2.7.6-138.oe2003sp4.noarch.rpm",
"rubygems-devel-2.7.6-138.oe2003sp4.noarch.rpm"
]
}
openEuler:22.03-LTS-SP4 / ruby
Package
- Name
- ruby
- Purl
- pkg:rpm/openEuler/ruby&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.3-146.oe2203sp4
Ecosystem specific
{
"src": [
"ruby-3.0.3-146.oe2203sp4.src.rpm"
],
"x86_64": [
"ruby-3.0.3-146.oe2203sp4.x86_64.rpm",
"ruby-debuginfo-3.0.3-146.oe2203sp4.x86_64.rpm",
"ruby-debugsource-3.0.3-146.oe2203sp4.x86_64.rpm",
"ruby-devel-3.0.3-146.oe2203sp4.x86_64.rpm",
"rubygem-bigdecimal-3.0.0-146.oe2203sp4.x86_64.rpm",
"rubygem-io-console-0.5.7-146.oe2203sp4.x86_64.rpm",
"rubygem-json-2.5.1-146.oe2203sp4.x86_64.rpm",
"rubygem-openssl-2.2.1-146.oe2203sp4.x86_64.rpm",
"rubygem-psych-3.3.2-146.oe2203sp4.x86_64.rpm"
],
"aarch64": [
"ruby-3.0.3-146.oe2203sp4.aarch64.rpm",
"ruby-debuginfo-3.0.3-146.oe2203sp4.aarch64.rpm",
"ruby-debugsource-3.0.3-146.oe2203sp4.aarch64.rpm",
"ruby-devel-3.0.3-146.oe2203sp4.aarch64.rpm",
"rubygem-bigdecimal-3.0.0-146.oe2203sp4.aarch64.rpm",
"rubygem-io-console-0.5.7-146.oe2203sp4.aarch64.rpm",
"rubygem-json-2.5.1-146.oe2203sp4.aarch64.rpm",
"rubygem-openssl-2.2.1-146.oe2203sp4.aarch64.rpm",
"rubygem-psych-3.3.2-146.oe2203sp4.aarch64.rpm"
],
"noarch": [
"ruby-help-3.0.3-146.oe2203sp4.noarch.rpm",
"ruby-irb-3.0.3-146.oe2203sp4.noarch.rpm",
"rubygem-bundler-2.2.32-146.oe2203sp4.noarch.rpm",
"rubygem-did_you_mean-1.5.0-146.oe2203sp4.noarch.rpm",
"rubygem-minitest-5.14.2-146.oe2203sp4.noarch.rpm",
"rubygem-rake-13.0.3-146.oe2203sp4.noarch.rpm",
"rubygem-rbs-1.4.0-146.oe2203sp4.noarch.rpm",
"rubygem-rdoc-6.3.3-146.oe2203sp4.noarch.rpm",
"rubygem-rexml-3.2.5-146.oe2203sp4.noarch.rpm",
"rubygem-rss-0.2.9-146.oe2203sp4.noarch.rpm",
"rubygem-test-unit-3.3.7-146.oe2203sp4.noarch.rpm",
"rubygem-typeprof-0.15.2-146.oe2203sp4.noarch.rpm",
"rubygems-3.2.32-146.oe2203sp4.noarch.rpm",
"rubygems-devel-3.2.32-146.oe2203sp4.noarch.rpm"
]
}
openEuler:24.03-LTS-SP1 / ruby
Package
- Name
- ruby
- Purl
- pkg:rpm/openEuler/ruby&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.2-154.oe2403sp1
Ecosystem specific
{
"src": [
"ruby-3.2.2-154.oe2403sp1.src.rpm"
],
"x86_64": [
"ruby-3.2.2-154.oe2403sp1.x86_64.rpm",
"ruby-bundled-gems-3.2.2-154.oe2403sp1.x86_64.rpm",
"ruby-debuginfo-3.2.2-154.oe2403sp1.x86_64.rpm",
"ruby-debugsource-3.2.2-154.oe2403sp1.x86_64.rpm",
"ruby-devel-3.2.2-154.oe2403sp1.x86_64.rpm",
"rubygem-bigdecimal-3.1.3-154.oe2403sp1.x86_64.rpm",
"rubygem-io-console-0.6.0-154.oe2403sp1.x86_64.rpm",
"rubygem-json-2.6.3-154.oe2403sp1.x86_64.rpm",
"rubygem-openssl-3.1.0-154.oe2403sp1.x86_64.rpm",
"rubygem-psych-5.0.1-154.oe2403sp1.x86_64.rpm",
"rubygem-rbs-2.8.2-154.oe2403sp1.x86_64.rpm"
],
"aarch64": [
"ruby-3.2.2-154.oe2403sp1.aarch64.rpm",
"ruby-bundled-gems-3.2.2-154.oe2403sp1.aarch64.rpm",
"ruby-debuginfo-3.2.2-154.oe2403sp1.aarch64.rpm",
"ruby-debugsource-3.2.2-154.oe2403sp1.aarch64.rpm",
"ruby-devel-3.2.2-154.oe2403sp1.aarch64.rpm",
"rubygem-bigdecimal-3.1.3-154.oe2403sp1.aarch64.rpm",
"rubygem-io-console-0.6.0-154.oe2403sp1.aarch64.rpm",
"rubygem-json-2.6.3-154.oe2403sp1.aarch64.rpm",
"rubygem-openssl-3.1.0-154.oe2403sp1.aarch64.rpm",
"rubygem-psych-5.0.1-154.oe2403sp1.aarch64.rpm",
"rubygem-rbs-2.8.2-154.oe2403sp1.aarch64.rpm"
],
"noarch": [
"ruby-help-3.2.2-154.oe2403sp1.noarch.rpm",
"ruby-irb-3.2.2-154.oe2403sp1.noarch.rpm",
"rubygem-did_you_mean-1.6.3-154.oe2403sp1.noarch.rpm",
"rubygem-minitest-5.16.3-154.oe2403sp1.noarch.rpm",
"rubygem-rake-13.0.6-154.oe2403sp1.noarch.rpm",
"rubygem-rdoc-6.5.0-154.oe2403sp1.noarch.rpm",
"rubygem-rexml-3.2.5-154.oe2403sp1.noarch.rpm",
"rubygem-rss-0.2.9-154.oe2403sp1.noarch.rpm",
"rubygem-test-unit-3.5.7-154.oe2403sp1.noarch.rpm",
"rubygem-typeprof-0.21.3-154.oe2403sp1.noarch.rpm",
"rubygems-3.4.10-154.oe2403sp1.noarch.rpm",
"rubygems-devel-3.4.10-154.oe2403sp1.noarch.rpm"
]
}
openEuler:24.03-LTS-SP3 / ruby
Package
- Name
- ruby
- Purl
- pkg:rpm/openEuler/ruby&distro=openEuler-24.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.2-154.oe2403sp3
Ecosystem specific
{
"src": [
"ruby-3.2.2-154.oe2403sp3.src.rpm"
],
"x86_64": [
"ruby-3.2.2-154.oe2403sp3.x86_64.rpm",
"ruby-bundled-gems-3.2.2-154.oe2403sp3.x86_64.rpm",
"ruby-debuginfo-3.2.2-154.oe2403sp3.x86_64.rpm",
"ruby-debugsource-3.2.2-154.oe2403sp3.x86_64.rpm",
"ruby-devel-3.2.2-154.oe2403sp3.x86_64.rpm",
"rubygem-bigdecimal-3.1.3-154.oe2403sp3.x86_64.rpm",
"rubygem-io-console-0.6.0-154.oe2403sp3.x86_64.rpm",
"rubygem-json-2.6.3-154.oe2403sp3.x86_64.rpm",
"rubygem-openssl-3.1.0-154.oe2403sp3.x86_64.rpm",
"rubygem-psych-5.0.1-154.oe2403sp3.x86_64.rpm",
"rubygem-rbs-2.8.2-154.oe2403sp3.x86_64.rpm"
],
"aarch64": [
"ruby-3.2.2-154.oe2403sp3.aarch64.rpm",
"ruby-bundled-gems-3.2.2-154.oe2403sp3.aarch64.rpm",
"ruby-debuginfo-3.2.2-154.oe2403sp3.aarch64.rpm",
"ruby-debugsource-3.2.2-154.oe2403sp3.aarch64.rpm",
"ruby-devel-3.2.2-154.oe2403sp3.aarch64.rpm",
"rubygem-bigdecimal-3.1.3-154.oe2403sp3.aarch64.rpm",
"rubygem-io-console-0.6.0-154.oe2403sp3.aarch64.rpm",
"rubygem-json-2.6.3-154.oe2403sp3.aarch64.rpm",
"rubygem-openssl-3.1.0-154.oe2403sp3.aarch64.rpm",
"rubygem-psych-5.0.1-154.oe2403sp3.aarch64.rpm",
"rubygem-rbs-2.8.2-154.oe2403sp3.aarch64.rpm"
],
"noarch": [
"ruby-help-3.2.2-154.oe2403sp3.noarch.rpm",
"ruby-irb-3.2.2-154.oe2403sp3.noarch.rpm",
"rubygem-did_you_mean-1.6.3-154.oe2403sp3.noarch.rpm",
"rubygem-minitest-5.16.3-154.oe2403sp3.noarch.rpm",
"rubygem-rake-13.0.6-154.oe2403sp3.noarch.rpm",
"rubygem-rdoc-6.5.0-154.oe2403sp3.noarch.rpm",
"rubygem-rexml-3.2.5-154.oe2403sp3.noarch.rpm",
"rubygem-rss-0.2.9-154.oe2403sp3.noarch.rpm",
"rubygem-test-unit-3.5.7-154.oe2403sp3.noarch.rpm",
"rubygem-typeprof-0.21.3-154.oe2403sp3.noarch.rpm",
"rubygems-3.4.10-154.oe2403sp3.noarch.rpm",
"rubygems-devel-3.4.10-154.oe2403sp3.noarch.rpm"
]
}