Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 42: Critical URI Leakage DoS Mitigation CVE-2025-61594 Update

fedora
Calendar Grey November 12, 2025
Dist Fedora Esm H88
Fix URI leakage and REXML DoS in Ruby for Fedora 42. See advisory for update instructions and details.
Upgrade to Ruby 3.4.7

Summary

Ruby is the interpreted scripting language for quick and easy

object-oriented programming. It has many features to process text

files and to do system management tasks (as in Perl). It is simple,

straight-forward, and extensible.

Update Information:

Upgrade to Ruby 3.4.7. Fix URI Credential Leakage Bypass previous fixes. Resolves: CVE-2025-61594 Fix REXML denial of service. Resolves: rhbz#2396204 Resolves: CVE-2025-58767

Topics%20covered

Topics Covered

security advisory denial of service fedora important ruby credential leakage

Change Log

* Fri Oct 31 2025 Jun Aruga - 3.4.7-26 - Upgrade to Ruby 3.4.7. - Fix URI Credential Leakage Bypass previous fixes. Resolves: CVE-2025-61594 - Fix REXML denial of service. Resolves: rhbz#2396204 Resolves: CVE-2025-58767

References


[ 1 ] Bug #2396204 - CVE-2025-58767 ruby: REXML denial of service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2396204

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-5805ed7a8f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: ruby
Product: Fedora 42
Version: 3.4.7
Release: 26.fc42
URL: https://www.ruby-lang.org/
Summary: An interpreter of object-oriented scripting language

Topics%20covered

Topics Covered

security advisory denial of service fedora important ruby credential leakage

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here