Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora version 43 brings vital security upgrades for Ruby CVE-2026-41316

fedora
Calendar Grey July 17, 2026
Scroller Fedora
Ruby 3.4.10 is now available with critical security fixes including denial of service and arbitrary code execution.
Ruby 3.4.10 is released

Summary

Ruby is the interpreted scripting language for quick and easy

object-oriented programming. It has many features to process text

files and to do system management tasks (as in Perl). It is simple,

straight-forward, and extensible.

Update Information:

Ruby 3.4.10 is released. This new version contains severay security bug fixes in zlib, net-imap and erb..

Change Log

* Wed Jul 8 2026 Mamoru TASAKA - 3.4.10-31 - Update to Ruby 3.4.10 - Resolves: CVE-2026-41316 (rhbz#2463216) - Resolves: CVE-2026-42245 (rhbz#2484324) - Resolves: CVE-2026-42246 (rhbz#2492090) - Resolves: CVE-2026-42256 - Resolves: CVE-2026-42257 - Resolves: CVE-2026-42258 (rhbz#2487319) - Resolves: CVE-2026-47240 - Resolves: CVE-2026-47241 - Resolves: CVE-2026-47242 * Mon Jun 29 2026 Mamoru TASAKA - 3.4.9-30 - Update to Ruby 3.4.9 - Resolves: CVE-2026-27820

References


[ 1 ] Bug #2463216 - CVE-2026-41316 ruby: ERB: Arbitrary code execution via deserialization bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463216 [ 2 ] Bug #2484324 - CVE-2026-42245 ruby: Net::IMAP: Denial of Service via crafted IMAP responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484324 [ 3 ] Bug #2487319 - CVE-2026-42258 ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487319 [ 4 ] Bug #2492090 - CVE-2026-42246 ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2492090

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7b7c2b373e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: ruby
Product: Fedora 43
Version: 3.4.10
Release: 31.fc43
Summary: An interpreter of object-oriented scripting language

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.