Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

RubyGems Critical DoS Vulnerabilities in Ubuntu 22.04 LTS USN-7735-1

ubuntu
Calendar Grey September 4, 2025
Dist Ubuntu Esm H88
Critical issues have been resolved in RubyGems for Ubuntu 22.04 LTS and 25.04. Prompt updates are recommended.
Several security issues were fixed in RubyGems.

Summary

Several security issues were fixed in RubyGems.

Software Description:

- rubygems: package management framework for Ruby libraries/applications

Details:

It was discovered that RubyGems incorrectly handled certain regular

expressions. An attacker could use this issue to cause RubyGems to crash,

resulting in a denial of service. This issue only affected Ubuntu 22.04

LTS. (CVE-2023-28755)

It was discovered that RubyGems incorrectly handled decompressed domain

names within a DNS packet. An attacker could use this issue to cause

RubyGems to crash, resulting in a denial of service. This issue only

affected Ubuntu 25.04. (CVE-2025-24294)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  ruby-rubygems                   3.6.3-1ubuntu0.1

Ubuntu 22.04 LTS
  ruby-rubygems                   3.3.5-2ubuntu1.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7735-1

CVE-2023-28755, CVE-2025-24294

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7735-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here