Explore top 10 tips to secure your open-source projects now. Read More
×
Ruby 4.0.6 is released. This new ruby contains several security fixes in net- snmp.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-32d5a3d450 2026-07-18 00:26:14.273071+00:00 -------------------------------------------------------------------------------- Name : ruby Product : Fedora 44 Version : 4.0.6 Release : 36.fc44 URL : https://www.ruby-lang.org/ Summary : An interpreter of object-oriented scripting language Description : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. -------------------------------------------------------------------------------- Update Information: Ruby 4.0.6 is released. This new ruby contains several security fixes in net- snmp. -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 14 2026 Mamoru TASAKA - 4.0.6-36 - Update to Ruby 4.0.6 Resolves: rhbz#2499884 - Resolves: CVE-2026-42245 (rhbz#2484324) - Resolves: CVE-2026-42246 (rhbz#2492090) - Resolves: CVE-2026-42256 - Resolves: CVE-2026-42257 - Resolves: CVE-2026-42258 (rhbz#2487319) - Resolves: CVE-2026-47240 (rhbz#2498917) - Resolves: CVE-2026-47241 - Resolves: CVE-2026-47242 * Sun Jun 14 2026 Mamoru TASAKA - 4.0.5-35 - Backport ruby/openssl 4.0.2 from ruby 4.0 branch to support openssl 4.0 * Fri Jun 12 2026 Yaakov Selkowitz - Rebuilt for openssl 4.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463216 - CVE-2026-41316 ruby: ERB: Arbitrary code execution via deserialization bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463216 [ 2 ] Bug #2484324 - CVE-2026-42245 ruby: Net::IMAP: Denial of Service via crafted IMAP responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484324 [ 3 ] Bug #2487319 - CVE-2026-42258 ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487319 [ 4 ] Bug #2492090 - CVE-2026-42246 ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2492090 [ 5 ] Bug #2498917 - CVE-2026-47240 ruby: Net::IMAP: Command injection via non-synchronizing literals [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498917 [ 6 ] Bug #2499884 - ruby-4.0.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2499884 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-32d5a3d450' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-33515 http://linux.oracle.com/errata/ELSA-2026-33515.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: ruby-3.3.10-7.module+el8.10.0+90936+88c9ba90.i686.rpm ruby-3.3.10-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm ruby-bundled-gems-3.3.10-7.module+el8.10.0+90936+88c9ba90.i686.rpm ruby-bundled-gems-3.3.10-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm ruby-default-gems-3.3.10-7.module+el8.10.0+90936+88c9ba90.noarch.rpm ruby-devel-3.3.10-7.module+el8.10.0+90936+88c9ba90.i686.rpm ruby-devel-3.3.10-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm ruby-doc-3.3.10-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-abrt-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-abrt-doc-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-bigdecimal-3.1.5-7.module+el8.10.0+90936+88c9ba90.i686.rpm rubygem-bigdecimal-3.1.5-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm rubygem-bundler-2.5.22-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-io-console-0.7.1-7.module+el8.10.0+90936+88c9ba90.i686.rpm rubygem-io-console-0.7.1-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm rubygem-irb-1.13.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-json-2.7.2-7.module+el8.10.0+90936+88c9ba90.i686.rpm rubygem-json-2.7.2-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm rubygem-minitest-5.20.0-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-mysql2-0.5.5-1.module+el8.10.0+90287+d51aa4ed.x86_64.rpm rubygem-mysql2-doc-0.5.5-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-pg-1.5.4-1.module+el8.10.0+90287+d51aa4ed.x86_64.rpm rubygem-pg-doc-1.5.4-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-power_assert-2.0.3-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-psych-5.1.2-7.module+el8.10.0+90936+88c9ba90.i686.rpm rubygem-psych-5.1.2-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm rubygem-racc-1.7.3-7.module+el8.10.0+90936+88c9ba90.i686.rpm rubygem-racc-1.7.3-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm rubygem-rake-13.1.0-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-rbs-3.4.0-7.module+el8.10.0+90936+88c9ba90.i686.rpm rubygem-rbs-3.4.0-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm rubygem-rdoc-6.6.3.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-rexml-3.4.4-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-rss-0.3.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygems-3.5.22-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygems-devel-3.5.22-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-test-unit-3.6.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-typeprof-0.21.9-7.module+el8.10.0+90936+88c9ba90.noarch.rpm ruby-libs-3.3.10-7.module+el8.10.0+90936+88c9ba90.i686.rpm ruby-libs-3.3.10-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm aarch64: ruby-3.3.10-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm ruby-bundled-gems-3.3.10-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm ruby-default-gems-3.3.10-7.module+el8.10.0+90936+88c9ba90.noarch.rpm ruby-devel-3.3.10-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm ruby-doc-3.3.10-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-abrt-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-abrt-doc-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-bigdecimal-3.1.5-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm rubygem-bundler-2.5.22-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-io-console-0.7.1-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm rubygem-irb-1.13.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-json-2.7.2-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm rubygem-minitest-5.20.0-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-mysql2-0.5.5-1.module+el8.10.0+90287+d51aa4ed.aarch64.rpm rubygem-mysql2-doc-0.5.5-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-pg-1.5.4-1.module+el8.10.0+90287+d51aa4ed.aarch64.rpm rubygem-pg-doc-1.5.4-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-power_assert-2.0.3-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-psych-5.1.2-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm rubygem-racc-1.7.3-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm rubygem-rake-13.1.0-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-rbs-3.4.0-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm rubygem-rdoc-6.6.3.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-rexml-3.4.4-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-rss-0.3.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygems-3.5.22-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygems-devel-3.5.22-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-test-unit-3.6.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-typeprof-0.21.9-7.module+el8.10.0+90936+88c9ba90.noarch.rpm ruby-libs-3.3.10-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/ruby-3.3.10-7.module+el8.10.0+90936+88c9ba90.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/rubygem-abrt-0.4.0-1.module+el8.10.0+90287+d51aa4ed.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/rubygem-mysql2-0.5.5-1.module+el8.10.0+90287+d51aa4ed.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/rubygem-pg-1.5.4-1.module+el8.10.0+90287+d51aa4ed.src.rpm Related CVEs: CVE-2026-42245 CVE-2026-42246 CVE-2026-42258 Description of changes: ruby [3.3.10-7] - Fix DoS via crafted IMAP responses in net-imap. (CVE-2026-42245) Resolves: RHEL-181682 - Fix information disclosure via MITM attack bypassing TLS in net-imap. (CVE-2026-42246) Resolves: RHEL-181759 - Fix command injection via Symbol arguments in net-imap. (CVE-2026-42258) Resolves: RHEL-181791 rubygem-abrt [0.4.0-1] - Update to abrt 0.4.0. Resolves: rhbz#1842476 rubygem-mysql2 [0.5.5-1] - Upgrade to mysql2 0.5.5. Related: RHEL-17090 rubygem-pg [1.5.4-1] - Upgrade to pg 1.5.4. Related: RHEL-17090 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-20596 http://linux.oracle.com/errata/ELSA-2026-20596.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: ruby-4.0.3-32.module+el9.8.0+90929+122d8796.i686.rpm ruby-4.0.3-32.module+el9.8.0+90929+122d8796.x86_64.rpm ruby-bundled-gems-4.0.3-32.module+el9.8.0+90929+122d8796.i686.rpm ruby-bundled-gems-4.0.3-32.module+el9.8.0+90929+122d8796.x86_64.rpm ruby-default-gems-4.0.3-32.module+el9.8.0+90929+122d8796.noarch.rpm ruby-devel-4.0.3-32.module+el9.8.0+90929+122d8796.i686.rpm ruby-devel-4.0.3-32.module+el9.8.0+90929+122d8796.x86_64.rpm ruby-doc-4.0.3-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-bigdecimal-4.0.1-32.module+el9.8.0+90929+122d8796.i686.rpm rubygem-bigdecimal-4.0.1-32.module+el9.8.0+90929+122d8796.x86_64.rpm rubygem-bundler-4.0.6-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-io-console-0.8.2-32.module+el9.8.0+90929+122d8796.i686.rpm rubygem-io-console-0.8.2-32.module+el9.8.0+90929+122d8796.x86_64.rpm rubygem-irb-1.16.0-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-json-2.18.0-32.module+el9.8.0+90929+122d8796.i686.rpm rubygem-json-2.18.0-32.module+el9.8.0+90929+122d8796.x86_64.rpm rubygem-minitest-6.0.0-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-mysql2-0.5.7-1.module+el9.8.0+90929+122d8796.x86_64.rpm rubygem-mysql2-doc-0.5.7-1.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-pg-1.6.3-1.module+el9.8.0+90929+122d8796.x86_64.rpm rubygem-pg-doc-1.6.3-1.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-power_assert-3.0.1-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-psych-5.3.1-32.module+el9.8.0+90929+122d8796.i686.rpm rubygem-psych-5.3.1-32.module+el9.8.0+90929+122d8796.x86_64.rpm rubygem-racc-1.8.1-32.module+el9.8.0+90929+122d8796.i686.rpm rubygem-racc-1.8.1-32.module+el9.8.0+90929+122d8796.x86_64.rpm rubygem-rake-13.3.1-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-rbs-3.10.0-32.module+el9.8.0+90929+122d8796.i686.rpm rubygem-rbs-3.10.0-32.module+el9.8.0+90929+122d8796.x86_64.rpm rubygem-rdoc-7.0.3-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-rexml-3.4.4-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-rss-0.3.2-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygems-4.0.6-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygems-devel-4.0.6-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-test-unit-3.7.5-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-typeprof-0.31.1-32.module+el9.8.0+90929+122d8796.noarch.rpm ruby-libs-4.0.3-32.module+el9.8.0+90929+122d8796.i686.rpm ruby-libs-4.0.3-32.module+el9.8.0+90929+122d8796.x86_64.rpm aarch64: ruby-4.0.3-32.module+el9.8.0+90929+122d8796.aarch64.rpm ruby-bundled-gems-4.0.3-32.module+el9.8.0+90929+122d8796.aarch64.rpm ruby-default-gems-4.0.3-32.module+el9.8.0+90929+122d8796.noarch.rpm ruby-devel-4.0.3-32.module+el9.8.0+90929+122d8796.aarch64.rpm ruby-doc-4.0.3-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-bigdecimal-4.0.1-32.module+el9.8.0+90929+122d8796.aarch64.rpm rubygem-bundler-4.0.6-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-io-console-0.8.2-32.module+el9.8.0+90929+122d8796.aarch64.rpm rubygem-irb-1.16.0-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-json-2.18.0-32.module+el9.8.0+90929+122d8796.aarch64.rpm rubygem-minitest-6.0.0-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-mysql2-0.5.7-1.module+el9.8.0+90929+122d8796.aarch64.rpm rubygem-mysql2-doc-0.5.7-1.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-pg-1.6.3-1.module+el9.8.0+90929+122d8796.aarch64.rpm rubygem-pg-doc-1.6.3-1.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-power_assert-3.0.1-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-psych-5.3.1-32.module+el9.8.0+90929+122d8796.aarch64.rpm rubygem-racc-1.8.1-32.module+el9.8.0+90929+122d8796.aarch64.rpm rubygem-rake-13.3.1-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-rbs-3.10.0-32.module+el9.8.0+90929+122d8796.aarch64.rpm rubygem-rdoc-7.0.3-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-rexml-3.4.4-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-rss-0.3.2-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygems-4.0.6-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygems-devel-4.0.6-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-test-unit-3.7.5-32.module+el9.8.0+90929+122d8796.noarch.rpm rubygem-typeprof-0.31.1-32.module+el9.8.0+90929+122d8796.noarch.rpm ruby-libs-4.0.3-32.module+el9.8.0+90929+122d8796.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/ruby-4.0.3-32.module+el9.8.0+90929+122d8796.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/rubygem-mysql2-0.5.7-1.module+el9.8.0+90929+122d8796.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/rubygem-pg-1.6.3-1.module+el9.8.0+90929+122d8796.src.rpm Related CVEs: CVE-2026-33210 CVE-2026-41316 Description of changes: ruby [4.0.3-32] - Upgrade to Ruby 4.0.3. Resolves: RHEL-171933 - Fix ERB: Arbitrary code execution via deserialization bypass (CVE-2026-41316) Resolves: RHEL-171258 - Fix JSON: Denial of Service or Information Disclosure via format string injection (CVE-2026-33210) Resolves: RHEL-173458 rubygem-mysql2 [0.5.7-1] - Upgrade to mysql2 0.5.7. Related: RHEL-142278 rubygem-pg [1.6.3-1] - Upgrade to pg 1.6.3 Related: RHEL-142278 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-33514 http://linux.oracle.com/errata/ELSA-2026-33514.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: ruby-2.5.9-114.module+el8.10.0+90940+f98fa8f0.i686.rpm ruby-2.5.9-114.module+el8.10.0+90940+f98fa8f0.x86_64.rpm ruby-devel-2.5.9-114.module+el8.10.0+90940+f98fa8f0.i686.rpm ruby-devel-2.5.9-114.module+el8.10.0+90940+f98fa8f0.x86_64.rpm ruby-doc-2.5.9-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-abrt-0.3.0-4.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-abrt-doc-0.3.0-4.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-bigdecimal-1.3.4-114.module+el8.10.0+90940+f98fa8f0.i686.rpm rubygem-bigdecimal-1.3.4-114.module+el8.10.0+90940+f98fa8f0.x86_64.rpm rubygem-bson-4.3.0-2.module+el8.9.0+90042+a65659a6.x86_64.rpm rubygem-bson-doc-4.3.0-2.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-bundler-1.16.1-5.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-bundler-doc-1.16.1-5.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-did_you_mean-1.2.0-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-io-console-0.4.6-114.module+el8.10.0+90940+f98fa8f0.i686.rpm rubygem-io-console-0.4.6-114.module+el8.10.0+90940+f98fa8f0.x86_64.rpm rubygem-json-2.1.0-114.module+el8.10.0+90940+f98fa8f0.i686.rpm rubygem-json-2.1.0-114.module+el8.10.0+90940+f98fa8f0.x86_64.rpm rubygem-minitest-5.10.3-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-mongo-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-mongo-doc-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-mysql2-0.4.10-4.module+el8.9.0+90042+a65659a6.x86_64.rpm rubygem-mysql2-doc-0.4.10-4.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-net-telnet-0.1.1-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-openssl-2.1.2-114.module+el8.10.0+90940+f98fa8f0.i686.rpm rubygem-openssl-2.1.2-114.module+el8.10.0+90940+f98fa8f0.x86_64.rpm rubygem-pg-1.0.0-3.module+el8.9.0+90042+a65659a6.x86_64.rpm rubygem-pg-doc-1.0.0-3.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-power_assert-1.1.1-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-psych-3.0.2-114.module+el8.10.0+90940+f98fa8f0.i686.rpm rubygem-psych-3.0.2-114.module+el8.10.0+90940+f98fa8f0.x86_64.rpm rubygem-rake-12.3.3-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-rdoc-6.0.1.1-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygems-2.7.6.3-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygems-devel-2.7.6.3-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-test-unit-3.2.7-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-xmlrpc-0.3.0-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm ruby-irb-2.5.9-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm ruby-libs-2.5.9-114.module+el8.10.0+90940+f98fa8f0.i686.rpm ruby-libs-2.5.9-114.module+el8.10.0+90940+f98fa8f0.x86_64.rpm aarch64: ruby-2.5.9-114.module+el8.10.0+90940+f98fa8f0.aarch64.rpm ruby-devel-2.5.9-114.module+el8.10.0+90940+f98fa8f0.aarch64.rpm ruby-doc-2.5.9-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-abrt-0.3.0-4.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-abrt-doc-0.3.0-4.module+el8.10.0+90367+ae9e8511.noarch.rpm rubygem-bigdecimal-1.3.4-114.module+el8.10.0+90940+f98fa8f0.aarch64.rpm rubygem-bson-4.3.0-2.module+el8.9.0+90042+a65659a6.aarch64.rpm rubygem-bson-doc-4.3.0-2.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-bundler-1.16.1-5.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-bundler-doc-1.16.1-5.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-did_you_mean-1.2.0-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-io-console-0.4.6-114.module+el8.10.0+90940+f98fa8f0.aarch64.rpm rubygem-json-2.1.0-114.module+el8.10.0+90940+f98fa8f0.aarch64.rpm rubygem-minitest-5.10.3-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-mongo-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-mongo-doc-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-mysql2-0.4.10-4.module+el8.9.0+90042+a65659a6.aarch64.rpm rubygem-mysql2-doc-0.4.10-4.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-net-telnet-0.1.1-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-openssl-2.1.2-114.module+el8.10.0+90940+f98fa8f0.aarch64.rpm rubygem-pg-1.0.0-3.module+el8.9.0+90042+a65659a6.aarch64.rpm rubygem-pg-doc-1.0.0-3.module+el8.9.0+90042+a65659a6.noarch.rpm rubygem-power_assert-1.1.1-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-psych-3.0.2-114.module+el8.10.0+90940+f98fa8f0.aarch64.rpm rubygem-rake-12.3.3-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-rdoc-6.0.1.1-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygems-2.7.6.3-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygems-devel-2.7.6.3-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-test-unit-3.2.7-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm rubygem-xmlrpc-0.3.0-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm ruby-irb-2.5.9-114.module+el8.10.0+90940+f98fa8f0.noarch.rpm ruby-libs-2.5.9-114.module+el8.10.0+90940+f98fa8f0.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/ruby-2.5.9-114.module+el8.10.0+90940+f98fa8f0.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/rubygem-abrt-0.3.0-4.module+el8.10.0+90367+ae9e8511.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/rubygem-bson-4.3.0-2.module+el8.9.0+90042+a65659a6.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/rubygem-bundler-1.16.1-5.module+el8.10.0+90940+f98fa8f0.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/rubygem-mongo-2.5.1-2.module+el8.9.0+90042+a65659a6.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/rubygem-mysql2-0.4.10-4.module+el8.9.0+90042+a65659a6.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/rubygem-pg-1.0.0-3.module+el8.9.0+90042+a65659a6.src.rpm Related CVEs: CVE-2026-42246 CVE-2026-42258 Description of changes: ruby [2.5.9-114] - Fix integer overflow in search_in_range function in regexec.c (CVE-2019-19012). Resolves: RHEL-87505 rubygem-abrt [0.3.0-4] - Execute test suite unconditionally. - Upload correct sources. rubygem-bson [4.3.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild rubygem-bundler [1.16.1-5] - Fix unexpected code execution in Gemfiles (CVE-2021-43809) Resolves: RHEL-87017 rubygem-mongo [2.5.1-2] - Disable tests to fix FTBFS by dropped MongoDB module. Resolves: rhbz#1710863 rubygem-mysql2 [0.4.10-4] - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild rubygem-pg [1.0.0-3] - Fix FTBFS with PostgreSQL 10.6 and above." -s " ruby:2.5 security update" _______________________________________________ El-errata mailing list
Important: ruby security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:33565", "synopsis": "Important: ruby security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for ruby.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es):\n\n* ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses (CVE-2026-42245)\n\n* ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments (CVE-2026-42258)\n\n* net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS (CVE-2026-42246)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2468495", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468495", "description": ""}, {"ticket": "2468499", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468499", "description": ""}, {"ticket": "2468498", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468498", "description": ""}], "cves": [{"name": "CVE-2026-42245", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42245", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe": "CWE-606"}, {"name": "CVE-2026-42246", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42246", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore":"7.4", "cwe": "CWE-325"}, {"name": "CVE-2026-42258", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42258", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-93"}], "references": [], "publishedAt": "2026-07-05T12:05:09.130757Z", "rpms": {"Rocky Linux 10": {"nvras": ["rubygem-irb-0:1.13.1-13.el10_2.noarch.rpm", "ruby-devel-0:3.3.10-13.el10_2.ppc64le.rpm", "rubygem-psych-0:5.1.2-13.el10_2.ppc64le.rpm", "rubygem-io-console-debuginfo-0:0.7.1-13.el10_2.s390x.rpm", "rubygem-io-console-0:0.7.1-13.el10_2.aarch64.rpm", "rubygem-rake-0:13.1.0-13.el10_2.noarch.rpm", "ruby-0:3.3.10-13.el10_2.x86_64.rpm", "rubygem-io-console-0:0.7.1-13.el10_2.ppc64le.rpm", "rubygem-bigdecimal-debuginfo-0:3.1.5-13.el10_2.x86_64.rpm", "ruby-0:3.3.10-13.el10_2.ppc64le.rpm", "rubygem-rbs-0:3.4.0-13.el10_2.x86_64.rpm", "rubygems-devel-0:3.5.22-13.el10_2.noarch.rpm", "rubygem-json-debuginfo-0:2.7.2-13.el10_2.aarch64.rpm", "rubygem-json-0:2.7.2-13.el10_2.aarch64.rpm", "ruby-libs-0:3.3.10-13.el10_2.aarch64.rpm", "rubygem-rexml-0:3.4.4-13.el10_2.noarch.rpm", "ruby-bundled-gems-0:3.3.10-13.el10_2.ppc64le.rpm", "ruby-0:3.3.10-13.el10_2.src.rpm", "ruby-libs-debuginfo-0:3.3.10-13.el10_2.x86_64.rpm", "ruby-libs-debuginfo-0:3.3.10-13.el10_2.s390x.rpm", "rubygem-bigdecimal-0:3.1.5-13.el10_2.ppc64le.rpm", "rubygems-0:3.5.22-13.el10_2.noarch.rpm", "ruby-libs-debuginfo-0:3.3.10-13.el10_2.ppc64le.rpm", "rubygem-io-console-debuginfo-0:0.7.1-13.el10_2.x86_64.rpm", "rubygem-rbs-debuginfo-0:3.4.0-13.el10_2.ppc64le.rpm", "rubygem-io-console-debuginfo-0:0.7.1-13.el10_2.ppc64le.rpm", "rubygem-json-debuginfo-0:2.7.2-13.el10_2.ppc64le.rpm", "rubygem-rbs-0:3.4.0-13.el10_2.s390x.rpm", "ruby-debuginfo-0:3.3.10-13.el10_2.s390x.rpm", "rubygem-test-unit-0:3.6.1-13.el10_2.noarch.rpm", "rubygem-psych-debuginfo-0:5.1.2-13.el10_2.aarch64.rpm", "rubygem-psych-0:5.1.2-13.el10_2.s390x.rpm", "rubygem-rbs-0:3.4.0-13.el10_2.aarch64.rpm","rubygem-io-console-debuginfo-0:0.7.1-13.el10_2.aarch64.rpm", "rubygem-json-debuginfo-0:2.7.2-13.el10_2.x86_64.rpm", "ruby-doc-0:3.3.10-13.el10_2.noarch.rpm", "rubygem-io-console-0:0.7.1-13.el10_2.s390x.rpm", "ruby-debuginfo-0:3.3.10-13.el10_2.ppc64le.rpm", "ruby-bundled-gems-0:3.3.10-13.el10_2.s390x.rpm", "ruby-bundled-gems-0:3.3.10-13.el10_2.x86_64.rpm", "ruby-0:3.3.10-13.el10_2.s390x.rpm", "rubygem-typeprof-0:0.21.9-13.el10_2.noarch.rpm", "ruby-libs-debuginfo-0:3.3.10-13.el10_2.aarch64.rpm", "rubygem-json-0:2.7.2-13.el10_2.x86_64.rpm", "ruby-devel-0:3.3.10-13.el10_2.x86_64.rpm", "ruby-default-gems-0:3.3.10-13.el10_2.noarch.rpm", "rubygem-bigdecimal-debuginfo-0:3.1.5-13.el10_2.s390x.rpm", "ruby-devel-0:3.3.10-13.el10_2.aarch64.rpm", "rubygem-bigdecimal-0:3.1.5-13.el10_2.aarch64.rpm", "rubygem-bigdecimal-debuginfo-0:3.1.5-13.el10_2.aarch64.rpm", "rubygem-rbs-debuginfo-0:3.4.0-13.el10_2.aarch64.rpm", "rubygem-io-console-0:0.7.1-13.el10_2.x86_64.rpm", "rubygem-minitest-0:5.20.0-13.el10_2.noarch.rpm", "ruby-libs-0:3.3.10-13.el10_2.s390x.rpm", "ruby-bundled-gems-0:3.3.10-13.el10_2.aarch64.rpm", "rubygem-rdoc-0:6.6.3.1-13.el10_2.noarch.rpm", "rubygem-psych-debuginfo-0:5.1.2-13.el10_2.s390x.rpm", "ruby-bundled-gems-debuginfo-0:3.3.10-13.el10_2.ppc64le.rpm", "ruby-debugsource-0:3.3.10-13.el10_2.aarch64.rpm", "rubygem-bigdecimal-0:3.1.5-13.el10_2.s390x.rpm", "ruby-debugsource-0:3.3.10-13.el10_2.x86_64.rpm", "rubygem-power_assert-0:2.0.3-13.el10_2.noarch.rpm", "ruby-bundled-gems-debuginfo-0:3.3.10-13.el10_2.aarch64.rpm", "rubygem-rbs-0:3.4.0-13.el10_2.ppc64le.rpm", "ruby-debuginfo-0:3.3.10-13.el10_2.x86_64.rpm", "ruby-0:3.3.10-13.el10_2.aarch64.rpm", "rubygem-json-debuginfo-0:2.7.2-13.el10_2.s390x.rpm", "rubygem-rss-0:0.3.1-13.el10_2.noarch.rpm", "rubygem-psych-0:5.1.2-13.el10_2.aarch64.rpm", "rubygem-psych-0:5.1.2-13.el10_2.x86_64.rpm", "rubygem-json-0:2.7.2-13.el10_2.ppc64le.rpm", "ruby-bundled-gems-debuginfo-0:3.3.10-13.el10_2.x86_64.rpm", "rubygem-json-0:2.7.2-13.el10_2.s390x.rpm","rubygem-psych-debuginfo-0:5.1.2-13.el10_2.ppc64le.rpm", "ruby-libs-0:3.3.10-13.el10_2.x86_64.rpm", "rubygem-rbs-debuginfo-0:3.4.0-13.el10_2.x86_64.rpm", "rubygem-bigdecimal-debuginfo-0:3.1.5-13.el10_2.ppc64le.rpm", "ruby-debugsource-0:3.3.10-13.el10_2.ppc64le.rpm", "ruby-devel-0:3.3.10-13.el10_2.s390x.rpm", "rubygem-bigdecimal-0:3.1.5-13.el10_2.x86_64.rpm", "ruby-bundled-gems-debuginfo-0:3.3.10-13.el10_2.s390x.rpm", "ruby-libs-0:3.3.10-13.el10_2.ppc64le.rpm", "rubygem-rbs-debuginfo-0:3.4.0-13.el10_2.s390x.rpm", "rubygem-bundler-0:2.5.22-13.el10_2.noarch.rpm", "rubygem-psych-debuginfo-0:5.1.2-13.el10_2.x86_64.rpm", "ruby-debugsource-0:3.3.10-13.el10_2.s390x.rpm", "ruby-debuginfo-0:3.3.10-13.el10_2.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Ruby update address multiple security threats in Rocky Linux, highlighting denial of service and command injection risks. Stay secure!. Rocky Linux Ruby Security Update Denial of Service Command Injection. . Severity: Important. LinuxSecurity.com Team
Important: ruby:4.0 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:33577", "synopsis": "Important: ruby:4.0 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-pg.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es):\n\n* ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses (CVE-2026-42245)\n\n* ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments (CVE-2026-42258)\n\n* net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS (CVE-2026-42246)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2468495", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468495", "description": ""}, {"ticket": "2468498", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468498", "description": ""}, {"ticket": "2468499", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468499", "description": ""}], "cves": [{"name": "CVE-2026-42245", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42245", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe": "CWE-606"}, {"name": "CVE-2026-42246", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42246","cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.4", "cwe": "CWE-325"}, {"name": "CVE-2026-42258", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42258", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-93"}], "references": [], "publishedAt": "2026-07-01T06:01:39.210690Z", "rpms": {"Rocky Linux 9": {"nvras": ["rubygem-mysql2-0:0.5.7-1.module+el9.8.0+40094+ce01217c.aarch64.rpm", "rubygem-mysql2-0:0.5.7-1.module+el9.8.0+40094+ce01217c.ppc64le.rpm", "rubygem-mysql2-0:0.5.7-1.module+el9.8.0+40094+ce01217c.s390x.rpm", "rubygem-mysql2-0:0.5.7-1.module+el9.8.0+40094+ce01217c.src.rpm", "rubygem-mysql2-0:0.5.7-1.module+el9.8.0+40094+ce01217c.x86_64.rpm", "rubygem-mysql2-debuginfo-0:0.5.7-1.module+el9.8.0+40094+ce01217c.aarch64.rpm", "rubygem-mysql2-debuginfo-0:0.5.7-1.module+el9.8.0+40094+ce01217c.ppc64le.rpm", "rubygem-mysql2-debuginfo-0:0.5.7-1.module+el9.8.0+40094+ce01217c.s390x.rpm", "rubygem-mysql2-debuginfo-0:0.5.7-1.module+el9.8.0+40094+ce01217c.x86_64.rpm", "rubygem-mysql2-debugsource-0:0.5.7-1.module+el9.8.0+40094+ce01217c.aarch64.rpm", "rubygem-mysql2-debugsource-0:0.5.7-1.module+el9.8.0+40094+ce01217c.ppc64le.rpm", "rubygem-mysql2-debugsource-0:0.5.7-1.module+el9.8.0+40094+ce01217c.s390x.rpm", "rubygem-mysql2-debugsource-0:0.5.7-1.module+el9.8.0+40094+ce01217c.x86_64.rpm", "rubygem-mysql2-doc-0:0.5.7-1.module+el9.8.0+40094+ce01217c.noarch.rpm", "rubygem-pg-0:1.6.3-1.module+el9.8.0+40094+ce01217c.aarch64.rpm", "rubygem-pg-0:1.6.3-1.module+el9.8.0+40094+ce01217c.ppc64le.rpm", "rubygem-pg-0:1.6.3-1.module+el9.8.0+40094+ce01217c.s390x.rpm", "rubygem-pg-0:1.6.3-1.module+el9.8.0+40094+ce01217c.src.rpm", "rubygem-pg-0:1.6.3-1.module+el9.8.0+40094+ce01217c.x86_64.rpm", "rubygem-pg-debuginfo-0:1.6.3-1.module+el9.8.0+40094+ce01217c.aarch64.rpm", "rubygem-pg-debuginfo-0:1.6.3-1.module+el9.8.0+40094+ce01217c.ppc64le.rpm","rubygem-pg-debuginfo-0:1.6.3-1.module+el9.8.0+40094+ce01217c.s390x.rpm", "rubygem-pg-debuginfo-0:1.6.3-1.module+el9.8.0+40094+ce01217c.x86_64.rpm", "rubygem-pg-debugsource-0:1.6.3-1.module+el9.8.0+40094+ce01217c.aarch64.rpm", "rubygem-pg-debugsource-0:1.6.3-1.module+el9.8.0+40094+ce01217c.ppc64le.rpm", "rubygem-pg-debugsource-0:1.6.3-1.module+el9.8.0+40094+ce01217c.s390x.rpm", "rubygem-pg-debugsource-0:1.6.3-1.module+el9.8.0+40094+ce01217c.x86_64.rpm", "rubygem-pg-doc-0:1.6.3-1.module+el9.8.0+40094+ce01217c.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux announces important ruby security updates to address several vulnerabilities impacting system integrity and security.. ruby security updates, Rocky Linux advisories, ruby vulnerabilities, IMAP security fixes. . Severity: Important. LinuxSecurity.com Team
Ruby could allow unintended access to network services.. ========================================================================== Ubuntu Security Notice USN-8478-1 June 29, 2025 ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Ruby could allow unintended access to network services. Software Description: - ruby3.3: Object-oriented scripting language - ruby3.2: Object-oriented scripting language - ruby3.0: Object-oriented scripting language - ruby2.7: Object-oriented scripting language Details: It was discovered that Ruby's Net::IMAP library did not properly verify that TLS encryption was started after issuing a STARTTLS command. A remote attacker could use this to perform a machine-in-the-middle attack and silently bypass TLS encryption. (CVE-2026-42246) It was discovered that Ruby's Net::IMAP library did not validate string arguments passed to certain commands. A remote attacker could use this to inject arbitrary IMAP commands. (CVE-2026-42257) It was discovered that Ruby's Net::IMAP library was vulnerable to a denial of service attack when authenticating with SCRAM-SHA1 or SCRAM-SHA256. A hostile server could send a very large iteration count value to cause excessive computation in the client. This issue only affected ruby3.3. (CVE-2026-42256) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libruby3.3 3.3.8-2ubuntu3.1 ruby3.3 3.3.8-2ubuntu3.1 Ubuntu 24.04 LTS libruby3.2 3.2.3-1ubuntu0.24.04.8 ruby3.2 3.2.3-1ubuntu0.24.04.8 Ubuntu 22.04 LTS libruby3.0 3.0.2-7ubuntu2.13 ruby3.0 3.0.2-7ubuntu2.13 Ubuntu 20.04 LTS libruby2.7 2.7.0-5ubuntu1.18+esm5 Available with Ubuntu Pro ruby2.7 2.7.0-5ubuntu1.18+esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8478-1 CVE-2026-42246, CVE-2026-42256, CVE-2026-42257 Package Information: https://launchpad.net/ubuntu/+source/ruby3.3/3.3.8-2ubuntu3.1 https://launchpad.net/ubuntu/+source/ruby3.2/3.2.3-1ubuntu0.24.04.8 https://launchpad.net/ubuntu/+source/ruby3.0/3.0.2-7ubuntu2.13 . Update your Ubuntu systems to address critical Ruby security issues including unauthorized access and DoS risks.. Ruby security update Ubuntu network services DoS. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-18039 http://linux.oracle.com/errata/ELSA-2026-18039.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: ruby-3.0.7-166.el9_7.i686.rpm ruby-3.0.7-166.el9_7.x86_64.rpm ruby-default-gems-3.0.7-166.el9_7.noarch.rpm ruby-devel-3.0.7-166.el9_7.i686.rpm ruby-devel-3.0.7-166.el9_7.x86_64.rpm ruby-doc-3.0.7-166.el9_7.noarch.rpm ruby-libs-3.0.7-166.el9_7.i686.rpm ruby-libs-3.0.7-166.el9_7.x86_64.rpm rubygem-bigdecimal-3.0.0-166.el9_7.x86_64.rpm rubygem-bundler-2.2.33-166.el9_7.noarch.rpm rubygem-io-console-0.5.7-166.el9_7.x86_64.rpm rubygem-irb-1.3.5-166.el9_7.noarch.rpm rubygem-json-2.5.1-166.el9_7.x86_64.rpm rubygem-minitest-5.14.2-166.el9_7.noarch.rpm rubygem-power_assert-1.2.1-166.el9_7.noarch.rpm rubygem-psych-3.3.2-166.el9_7.x86_64.rpm rubygem-rake-13.0.3-166.el9_7.noarch.rpm rubygem-rbs-1.4.0-166.el9_7.noarch.rpm rubygem-rdoc-6.3.4.1-166.el9_7.noarch.rpm rubygem-rexml-3.2.5-166.el9_7.noarch.rpm rubygem-rss-0.2.9-166.el9_7.noarch.rpm rubygem-test-unit-3.3.7-166.el9_7.noarch.rpm rubygem-typeprof-0.15.2-166.el9_7.noarch.rpm rubygems-3.2.33-166.el9_7.noarch.rpm rubygems-devel-3.2.33-166.el9_7.noarch.rpm aarch64: ruby-3.0.7-166.el9_7.aarch64.rpm ruby-default-gems-3.0.7-166.el9_7.noarch.rpm ruby-devel-3.0.7-166.el9_7.aarch64.rpm ruby-doc-3.0.7-166.el9_7.noarch.rpm ruby-libs-3.0.7-166.el9_7.aarch64.rpm rubygem-bigdecimal-3.0.0-166.el9_7.aarch64.rpm rubygem-bundler-2.2.33-166.el9_7.noarch.rpm rubygem-io-console-0.5.7-166.el9_7.aarch64.rpm rubygem-irb-1.3.5-166.el9_7.noarch.rpm rubygem-json-2.5.1-166.el9_7.aarch64.rpm rubygem-minitest-5.14.2-166.el9_7.noarch.rpm rubygem-power_assert-1.2.1-166.el9_7.noarch.rpm rubygem-psych-3.3.2-166.el9_7.aarch64.rpm rubygem-rake-13.0.3-166.el9_7.noarch.rpm rubygem-rbs-1.4.0-166.el9_7.noarch.rpm rubygem-rdoc-6.3.4.1-166.el9_7.noarch.rpm rubygem-rexml-3.2.5-166.el9_7.noarch.rpm rubygem-rss-0.2.9-166.el9_7.noarch.rpm rubygem-test-unit-3.3.7-166.el9_7.noarch.rpm rubygem-typeprof-0.15.2-166.el9_7.noarch.rpm rubygems-3.2.33-166.el9_7.noarch.rpm rubygems-devel-3.2.33-166.el9_7.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/ruby-3.0.7-166.el9_7.src.rpm RelatedCVEs: CVE-2026-41316 Description of changes: [3.0.7-166] - Fix arbitrary code execution via deserialization bypass in ERB. (CVE-2026-41316) Resolves: RHEL-171254 _______________________________________________ El-errata mailing list
Get the latest Linux and open source security news straight to your inbox.