Read Time:1 Minute, 9 Second

It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, and Ubuntu 24.10. (CVE-2024-35176, CVE-2024-39908,
CVE-2024-41123, CVE-2024-43398)

It was discovered that Ruby incorrectly handled expanding ranges in the
net-imap response parser. If a user or automated system were tricked into
connecting to a malicious IMAP server, a remote attacker could possibly use
this issue to consume memory, leading to a denial of service. This issue
only affected Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2025-25186)

It was discovered that the Ruby CGI gem incorrectly handled parsing certain
cookies. A remote attacker could possibly use this issue to consume
resources, leading to a denial of service. (CVE-2025-27219)

It was discovered that the Ruby CGI gem incorrectly handled parsing certain
regular expressions. A remote attacker could possibly use this issue to
consume resources, leading to a denial of service. (CVE-2025-27220)

It was discovered that the Ruby URI gem incorrectly handled certain URI
handling methods. A remote attacker could possibly use this issue to leak
authentication credentials. (CVE-2025-27221)

Read More

More Stories

ruby-3.3.8-19.fc41

FEDORA-2025-60513bdbbd Packages in this update: ruby-3.3.8-19.fc41 Update description: Upgrade to Ruby 3.3.8. CVE-2025-25186: Fix Net::IMAP vulnerable to possible DoS by...

dnf-4.23.0-1.fc40.1

FEDORA-2025-21c36b3aa5 Packages in this update: dnf-4.23.0-1.fc40.1 Update description: This releases preserves enablement state of dnf-automatic.timer when upgrading to Fedora 41....