Several security issues were fixed in Ruby.
Software Description:
- ruby3.3: Object-oriented scripting language
- ruby3.2: Object-oriented scripting language
- ruby3.0: Object-oriented scripting language
- ruby2.7: Object-oriented scripting language
Details:
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, and Ubuntu 24.10. (CVE-2024-35176, CVE-2024-39908,
CVE-2024-41123, CVE-2024-43398)
It was discovered that Ruby incorrectly handled expanding ranges in the
net-imap response parser. If a user or automated system were tricked into
connecting to a malicious IMAP server, a remote attacker could possibly use
this issue to consume memory, leading to a denial of service. This issue
only affected Ubuntu 24.04 LTS,...
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libruby3.3 3.3.4-2ubuntu5.2 ruby3.3 3.3.4-2ubuntu5.2 Ubuntu 24.04 LTS libruby3.2 3.2.3-1ubuntu0.24.04.5 ruby3.2 3.2.3-1ubuntu0.24.04.5 Ubuntu 22.04 LTS libruby3.0 3.0.2-7ubuntu2.10 ruby3.0 3.0.2-7ubuntu2.10 Ubuntu 20.04 LTS libruby2.7 2.7.0-5ubuntu1.18 ruby2.7 2.7.0-5ubuntu1.18 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7418-1
CVE-2024-35176, CVE-2024-39908, CVE-2024-41123, CVE-2024-43398,
CVE-2025-25186, CVE-2025-27219, CVE-2025-27220, CVE-2025-27221
Get the latest Linux and open source security news straight to your inbox.