Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora 44 Ruby 4.0.6 Important Denial Of Service Fixes 2026-32d5a3d450

fedora
Calendar Grey July 17, 2026
Scroller Fedora
Ruby 4.0.6 released with crucial net-snmp security fixes addressing denial of service and code execution risks.
Ruby 4.0.6 is released

Summary

Ruby is the interpreted scripting language for quick and easy

object-oriented programming. It has many features to process text

files and to do system management tasks (as in Perl). It is simple,

straight-forward, and extensible.

Update Information:

Ruby 4.0.6 is released. This new ruby contains several security fixes in net- snmp.

Change Log

* Tue Jul 14 2026 Mamoru TASAKA - 4.0.6-36 - Update to Ruby 4.0.6 Resolves: rhbz#2499884 - Resolves: CVE-2026-42245 (rhbz#2484324) - Resolves: CVE-2026-42246 (rhbz#2492090) - Resolves: CVE-2026-42256 - Resolves: CVE-2026-42257 - Resolves: CVE-2026-42258 (rhbz#2487319) - Resolves: CVE-2026-47240 (rhbz#2498917) - Resolves: CVE-2026-47241 - Resolves: CVE-2026-47242 * Sun Jun 14 2026 Mamoru TASAKA - 4.0.5-35 - Backport ruby/openssl 4.0.2 from ruby 4.0 branch to support openssl 4.0 * Fri Jun 12 2026 Yaakov Selkowitz - Rebuilt for openssl 4.0

References


[ 1 ] Bug #2463216 - CVE-2026-41316 ruby: ERB: Arbitrary code execution via deserialization bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463216 [ 2 ] Bug #2484324 - CVE-2026-42245 ruby: Net::IMAP: Denial of Service via crafted IMAP responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484324 [ 3 ] Bug #2487319 - CVE-2026-42258 ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487319 [ 4 ] Bug #2492090 - CVE-2026-42246 ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2492090 [ 5 ] Bug #2498917 - CVE-2026-47240 ruby: Net::IMAP: Command injection via non-synchronizing literals [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498917 [ 6 ] Bug #2499884 - ruby-4.0.6 is available https://bugzilla.redhat.com/show_bug.cgi?...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-32d5a3d450' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: ruby
Product: Fedora 44
Version: 4.0.6
Release: 36.fc44
Summary: An interpreter of object-oriented scripting language

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.