Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 25.04: Ruby Severe DoS Weakness USN-7734-1 CVE-2024-27280

ubuntu
Calendar Grey September 4, 2025
Dist Ubuntu Esm H88
Multiple security flaws resolved in Ruby for various Ubuntu releases, including critical updates targeting denial-of-service risks.
Several security issues were fixed in Ruby.

Summary

Several security issues were fixed in Ruby.

Software Description:

- ruby3.3: Object-oriented scripting language

- ruby3.2: Object-oriented scripting language

- ruby3.0: Object-oriented scripting language

- ruby2.7: Object-oriented scripting language

- ruby2.5: Object-oriented scripting language

Details:

It was discovered that Ruby incorrectly handled certain IO stream

methods. A remote attacker could use this issue to cause Ruby to crash,

resulting in a denial of service, or possibly obtain sensitive

information. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-27280)

It was discovered that the Ruby regex compiler incorrectly handled

certain memory operations. A remote attacker could possibly use this

issue to obtain sensitive memory contents. This issue only affected

Ubuntu 18.04 LTS. (CVE-2024-27282)

It was discovered that Ruby incorrectly handled parsing of certain XML

characters through the REXML gem. An attacker could use this issue to

cause Ruby to crash, resulting i...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  libruby3.3                      3.3.7-1ubuntu2.1
  ruby3.3                         3.3.7-1ubuntu2.1

Ubuntu 24.04 LTS
  libruby3.2                      3.2.3-1ubuntu0.24.04.6
  ruby3.2                         3.2.3-1ubuntu0.24.04.6

Ubuntu 22.04 LTS
  libruby3.0                      3.0.2-7ubuntu2.11
  ruby3.0                         3.0.2-7ubuntu2.11

Ubuntu 20.04 LTS
  libruby2.7                      2.7.0-5ubuntu1.18+esm1
                                  Available with Ubuntu Pro
  ruby2.7                         2.7.0-5ubuntu1.18+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libruby2.5                      2.5.1-1ubuntu1.16+esm5
                                  Available with Ubuntu Pro
  ruby2.5                         2.5.1-1ubuntu1.16+esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7734-1

CVE-2024-27280, CVE-2024-27282, CVE-2024-35176, CVE-2025-24294

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7734-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here