Several security issues were fixed in Ruby.
Software Description:
- ruby3.3: Object-oriented scripting language
- ruby3.2: Object-oriented scripting language
- ruby3.0: Object-oriented scripting language
- ruby2.7: Object-oriented scripting language
- ruby2.5: Object-oriented scripting language
Details:
It was discovered that Ruby incorrectly handled certain IO stream
methods. A remote attacker could use this issue to cause Ruby to crash,
resulting in a denial of service, or possibly obtain sensitive
information. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-27280)
It was discovered that the Ruby regex compiler incorrectly handled
certain memory operations. A remote attacker could possibly use this
issue to obtain sensitive memory contents. This issue only affected
Ubuntu 18.04 LTS. (CVE-2024-27282)
It was discovered that Ruby incorrectly handled parsing of certain XML
characters through the REXML gem. An attacker could use this issue to
cause Ruby to crash, resulting i...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libruby3.3 3.3.7-1ubuntu2.1
ruby3.3 3.3.7-1ubuntu2.1
Ubuntu 24.04 LTS
libruby3.2 3.2.3-1ubuntu0.24.04.6
ruby3.2 3.2.3-1ubuntu0.24.04.6
Ubuntu 22.04 LTS
libruby3.0 3.0.2-7ubuntu2.11
ruby3.0 3.0.2-7ubuntu2.11
Ubuntu 20.04 LTS
libruby2.7 2.7.0-5ubuntu1.18+esm1
Available with Ubuntu Pro
ruby2.7 2.7.0-5ubuntu1.18+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libruby2.5 2.5.1-1ubuntu1.16+esm5
Available with Ubuntu Pro
ruby2.5 2.5.1-1ubuntu1.16+esm5
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7734-1
CVE-2024-27280, CVE-2024-27282, CVE-2024-35176, CVE-2025-24294
Get the latest Linux and open source security news straight to your inbox.