Mageia: Ruby Important DoS Memory Exhaustion Advisory MGASA-2025-0290
mageia
November 14, 2025
MGASA-2025-0290 - Updated ruby packages fix security vulnerabilities
Summary
Description:
Net::IMAP vulnerable to possible DoS by memory exhaustion.
(CVE-2025-25186)
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in
the CGI library contains a potential Denial of Service (DoS)
vulnerability. The method does not impose any limit on the length of the
raw cookie value it processes. This oversight can lead to excessive
resource consumption when parsing extremely large cookies.
(CVE-2025-27219)
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of
Service (ReDoS) vulnerability exists in the Util#escapeElement method.
(CVE-2025-27220)
In the URI gem before 1.0.3 for Ruby, the URI handling methods
(URI.join, URI#merge, URI#+) have an inadvertent leakage of
authentication credentials because userinfo is retained even after
changing the host. (CVE-2025-27221)
References
- https://bugs.mageia.org/show_bug.cgi?id=34179
- https://ubuntu.com/security/notices/USN-7418-1
- https://www.cve.org/CVERecord?id=CVE-2025-25186
- https://www.cve.org/CVERecord?id=CVE-2025-27219
- https://www.cve.org/CVERecord?id=CVE-2025-27220
- https://www.cve.org/CVERecord?id=CVE-2025-27221
Topics Covered
Resolution
SRPMS
- 9/core/ruby-3.1.5-47.mga9
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 13 Nov 2025
URL: https://advisories.mageia.org/MGASA-2025-0290.html
Type: security
CVE: CVE-2025-25186,
CVE-2025-27219,
CVE-2025-27220,
CVE-2025-27221
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!