Alerts This Week
Warning Icon 1 1,053
Alerts This Week
Warning Icon 1 1,053

Oracle Linux 9 ELSA-2026-18030 ruby 3.3 Important Code Exec DoS

oracle
Calendar Grey May 20, 2026
Oracle Linux Logo Esm H88
Oracle Linux 9 updates for ruby 3.3 address critical threats like DoS and arbitrary code execution with patches.
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

ruby [3.3.10-6] - Fix arbitrary code execution via deserialization bypass in ERB. (CVE-2026-41316) Resolves: RHEL-171255 [3.3.10-5] - Upgrade to Ruby 3.3.10. Resolves: RHEL-127912 - Fix possible denial of service in resolv gem (CVE-2025-24294) - Fix URI Credential Leakage Bypass previous fixes. (CVE-2025-61594) - Fix REXML denial of service. (CVE-2025-58767) Resolves: RHEL-122015 [3.3.8-4] - Upgrade to Ruby 3.3.8. Resolves: RHEL-68631 - Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186) - Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219) Resolves: RHEL-86109 - Fix userinfo leakage in URI#join, URI#merge and URI#+. (CVE-2025-27221) [3.3.5-3] - Upgrade to Ruby 3.3.5 Resolves: RHEL-55411 - Fix DoS vulnerability in rexml. (CVE-2024-39908) (CVE-2024-41946) (CVE-2024-43398) Resolves: RHEL-57575 Resolves: RHEL-57572 Resolves: RHEL-57068 - Fix REXML DoS when parsing an XML having many specific characters such as ...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service arbitrary code execution important ruby Oracle

SRPMs

http://oss.oracle.com/ol9/SRPMS-updates/ruby-3.3.10-6.module+el9.7.0+90894+66578cbb.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/rubygem-mysql2-0.5.5-3.module+el9.7.0+90894+66578cbb.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/rubygem-pg-1.5.4-2.module+el9.7.0+90894+66578cbb.src.rpm

x86_64

ruby-3.3.10-6.module+el9.7.0+90894+66578cbb.i686.rpm ruby-3.3.10-6.module+el9.7.0+90894+66578cbb.x86_64.rpm ruby-bundled-gems-3.3.10-6.module+el9.7.0+90894+66578cbb.i686.rpm ruby-bundled-gems-3.3.10-6.module+el9.7.0+90894+66578cbb.x86_64.rpm ruby-default-gems-3.3.10-6.module+el9.7.0+90894+66578cbb.noarch.rpm ruby-devel-3.3.10-6.module+el9.7.0+90894+66578cbb.i686.rpm ruby-devel-3.3.10-6.module+el9.7.0+90894+66578cbb.x86_64.rpm ruby-doc-3.3.10-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-bigdecimal-3.1.5-6.module+el9.7.0+90894+66578cbb.i686.rpm rubygem-bigdecimal-3.1.5-6.module+el9.7.0+90894+66578cbb.x86_64.rpm rubygem-bundler-2.5.22-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-io-console-0.7.1-6.module+el9.7.0+90894+66578cbb.i686.rpm rubygem-io-console-0.7.1-6.module+el9.7.0+90894+66578cbb.x86_64.rpm rubygem-irb-1.13.1-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-json-2.7.2-6.module+el9.7.0+90894+66578cbb.i686.rpm rubygem-json-2.7.2-6.module+el9.7.0+90894+66578cbb.x...

Read the Full Advisory

aarch64

ruby-3.3.10-6.module+el9.7.0+90894+66578cbb.aarch64.rpm ruby-bundled-gems-3.3.10-6.module+el9.7.0+90894+66578cbb.aarch64.rpm ruby-default-gems-3.3.10-6.module+el9.7.0+90894+66578cbb.noarch.rpm ruby-devel-3.3.10-6.module+el9.7.0+90894+66578cbb.aarch64.rpm ruby-doc-3.3.10-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-bigdecimal-3.1.5-6.module+el9.7.0+90894+66578cbb.aarch64.rpm rubygem-bundler-2.5.22-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-io-console-0.7.1-6.module+el9.7.0+90894+66578cbb.aarch64.rpm rubygem-irb-1.13.1-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-json-2.7.2-6.module+el9.7.0+90894+66578cbb.aarch64.rpm rubygem-minitest-5.20.0-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-mysql2-0.5.5-3.module+el9.7.0+90894+66578cbb.aarch64.rpm rubygem-mysql2-doc-0.5.5-3.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-pg-1.5.4-2.module+el9.7.0+90894+66578cbb.aarch64.rpm rubygem-pg-doc-1.5.4-2.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-power_assert-2.0.3-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-psych-5.1.2-6.module+el9.7.0+90894+66578cbb.aarch64.rpm rubygem-racc-1.7.3-6.module+el9.7.0+90894+66578cbb.aarch64.rpm rubygem-rake-13.1.0-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-rbs-3.4.0-6.module+el9.7.0+90894+66578cbb.aarch64.rpm rubygem-rdoc-6.6.3.1-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-rexml-3.4.4-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-rss-0.3.1-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygems-3.5.22-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygems-devel-3.5.22-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-test-unit-3.6.1-6.module+el9.7.0+90894+66578cbb.noarch.rpm rubygem-typeprof-0.21.9-6.module+el9.7.0+90894+66578cbb.noarch.rpm ruby-libs-3.3.10-6.module+el9.7.0+90894+66578cbb.aarch64.rpm

Severity
important
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2026-41316

Topics%20covered

Topics Covered

security advisory denial of service arbitrary code execution important ruby Oracle

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here