RLSA-2025:4488

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

rexml: DoS vulnerability in REXML (CVE-2024-39908)
rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> (CVE-2024-41123)
rexml: DoS vulnerability in REXML (CVE-2024-41946)
rexml: DoS vulnerability in REXML (CVE-2024-43398)
CGI: ReDoS in CGI::Util#escapeElement (CVE-2025-27220)
CGI: Denial of Service in CGI::Cookie.parse (CVE-2025-27219)
uri: userinfo leakage in URI#join, URI#merge and URI#+ (CVE-2025-27221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:9 / ruby

Package

Name: ruby
Purl: pkg:rpm/rocky-linux/ruby?distro=rocky-linux-9&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.1.7-146.module+el9.5.0+31847+8b291b93

Rocky Linux:9 / rubygem-mysql2

Package

Name: rubygem-mysql2
Purl: pkg:rpm/rocky-linux/rubygem-mysql2?distro=rocky-linux-9&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.5.4-1.module+el9.5.0+31847+8b291b93

Rocky Linux:9 / rubygem-pg

Package

Name: rubygem-pg
Purl: pkg:rpm/rocky-linux/rubygem-pg?distro=rocky-linux-9&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.3.5-1.module+el9.5.0+31847+8b291b93