Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
202
security advisorymoderateupdateopenSUSE Tumbleweed 2025:15116-1 moderate: ruby3.4 globalid CVE-2023-22799
An update that solves one vulnerability can now be installed.. # ruby3.4-rubygem-globalid-1.2.1-1.7 on GA media Announcement ID: openSUSE-SU-2025:15116-1 Rating: moderate Cross-References: * CVE-2023-22799 CVSS scores: * CVE-2023-22799 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the ruby3.4-rubygem-globalid-1.2.1-1.7 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ruby3.4-rubygem-globalid 1.2.1-1.7 ## References: * https://www.suse.com/security/cve/CVE-2023-22799.html . Patch applied for CVE-2023-22799 in ruby3.4-rubygem-globalid package on openSUSE Tumbleweed.. openSUSE security, ruby globalid update, CVE-2023-22799, moderate security advisory, ruby gem vulnerabilities. . LinuxSecurity.com Team
May 18, 2025
OpenSUSE
217
security advisoryDoS issuesoftware updateOracle Linux 8 ELSA-2025-4063 moderate: ruby DoS vulnerability
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-4063 http://linux.oracle.com/errata/ELSA-2025-4063.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpm ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm ruby-bundled-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpm ruby-bundled-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm ruby-default-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm ruby-devel-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpm ruby-devel-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm ruby-doc-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-abrt-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpm rubygem-abrt-doc-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpm rubygem-bigdecimal-3.1.1-145.module+el8.10.0+90550+7d8a4a30.i686.rpm rubygem-bigdecimal-3.1.1-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm rubygem-bundler-2.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-io-console-0.5.11-145.module+el8.10.0+90550+7d8a4a30.i686.rpm rubygem-io-console-0.5.11-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm rubygem-irb-1.4.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-json-2.6.1-145.module+el8.10.0+90550+7d8a4a30.i686.rpm rubygem-json-2.6.1-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm rubygem-minitest-5.15.0-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-mysql2-0.5.3-2.module+el8.7.0+20780+b11ff321.x86_64.rpm rubygem-mysql2-doc-0.5.3-2.module+el8.7.0+20780+b11ff321.noarch.rpm rubygem-pg-1.3.2-1.module+el8.7.0+20780+b11ff321.x86_64.rpm rubygem-pg-doc-1.3.2-1.module+el8.7.0+20780+b11ff321.noarch.rpm rubygem-power_assert-2.0.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-psych-4.0.4-145.module+el8.10.0+90550+7d8a4a30.i686.rpm rubygem-psych-4.0.4-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm rubygem-rake-13.0.6-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-rbs-2.7.0-145.module+el8.10.0+90550+7d8a4a30.i686.rpm rubygem-rbs-2.7.0-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm rubygem-rdoc-6.4.1.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-rexml-3.3.9-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-rss-0.3.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygems-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygems-devel-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-test-unit-3.5.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-typeprof-0.21.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm ruby-libs-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpm ruby-libs-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm aarch64: ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm ruby-bundled-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm ruby-default-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm ruby-devel-3.1.7-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm ruby-doc-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-abrt-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpm rubygem-abrt-doc-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpm rubygem-bigdecimal-3.1.1-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm rubygem-bundler-2.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-io-console-0.5.11-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm rubygem-irb-1.4.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-json-2.6.1-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm rubygem-minitest-5.15.0-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-mysql2-0.5.3-2.module+el8.7.0+20780+b11ff321.aarch64.rpm rubygem-mysql2-doc-0.5.3-2.module+el8.7.0+20780+b11ff321.noarch.rpm rubygem-pg-1.3.2-1.module+el8.7.0+20780+b11ff321.aarch64.rpm rubygem-pg-doc-1.3.2-1.module+el8.7.0+20780+b11ff321.noarch.rpm rubygem-power_assert-2.0.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-psych-4.0.4-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm rubygem-rake-13.0.6-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-rbs-2.7.0-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm rubygem-rdoc-6.4.1.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-rexml-3.3.9-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-rss-0.3.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygems-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygems-devel-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-test-unit-3.5.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm rubygem-typeprof-0.21.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm ruby-libs-3.1.7-145.module+el8.10.0+90550+7d8a4a30.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-abrt-0.4.0-1.module+el8.7.0+20780+b11ff321.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-mysql2-0.5.3-2.module+el8.7.0+20780+b11ff321.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-pg-1.3.2-1.module+el8.7.0+20780+b11ff321.src.rpm Related CVEs: CVE-2024-39908 CVE-2024-41123 CVE-2024-41946 CVE-2024-43398 CVE-2025-27219 CVE-2025-27220 CVE-2025-27221 Description of changes: ruby [3.1.7-145] - Upgrade to Ruby 3.1.7. Resolves: RHEL-55408 - Fix DoS vulnerability in REXML. (CVE-2024-39908) Resolves: RHEL-57051 - Fix DoS vulnerability in REXML. (CVE-2024-43398) Resolves: RHEL-56002 [3.1.5-144] - Fix REXML ReDoS vulnerability. (CVE-2024-49761) Resolves: RHEL-68520 [3.1.5-143] - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35750 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35751 [3.1.4-142] - Upgrade to Ruby 3.1.4. Resolves: RHEL-5584 - Fix HTTP response splitting in CGI. Resolves: CVE-2021-33621 - Fix ReDos vulnerability in URI. Resolves: CVE-2023-28755 Resolves: CVE-2023-36617 - Fix ReDos vulnerability in Time. Resolves: CVE-2023-28756 - Make RDoc soft dependency in IRB. Resolves: RHEL-5615 [3.1.2-141] - Upgrade to Ruby 3.1.2. Resolves: rhbz#2063772 [3.0.2-140] - Fix rubygem-irb upgrade not working due to directory -> symlink conversion. Resolves: rhbz#2010949 [3.0.2-139] - Upgrade to Ruby 3.0.2. Related: rhbz#1938942 - Fix command injection vulnerability in RDoc. (CVE-2021-31799) - Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host. (CVE-2021-31810) - Fix StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066) - Fix dependencies of gems with explicit source installed from a different source. (CVE-2020-36327) - Pass ldflags to gem install via CONFIGURE_ARGS. The same comment on the changelog 3.0.1-138 was wrong. [3.0.1-138] - Upgrade to Ruby 3.0.1 by merging Fedora rawhide branch (commit: 6b2ff68). * Add missing rubygem- prefix for bundled provide of 'connection_pool'. * Pass ldflags to gem install via CONFIGURE_ARGS * Remove IRB dependency from rubygem-rdoc. * Fix flaky excon test suite. * Properly support DWARF5 debug information. Related: rhbz#1920533 * Bundle OpenSSL into StdLib. * Fix SEGFAULT in rubygem-shoulda-matchers test suite. * Provide gem.build_complete file for binary gems. * Re-enable test suite. * ruby-default-gems have to depend on rubygem(io-console) due to reline. * Fix SEGFAULT preventing rubygem-unicode to build on armv7hl. * Add support for reworked RubyGems plugins. * Use proper path for plugin wrappers. * Extract RSS and REXML into separate subpackages, because they were moved from default gems to bundled gems. * Drop Net::Telnet and XMLRPC packages, because they were dropped from Ruby. Resolves: rhbz#1938942 - Fix FTBFS due to an incompatible load directive. [2.7.3-136] - Upgrade to Ruby 2.7.3. Resolves: rhbz#1947938 - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero Resolves: rhbz#1944227 [2.7.2-135] - Upgrade to Ruby 2.7.2. - Avoid possible timeout errors in TestBugReporter#test_bug_reporter_add. [2.7.1-133] - Fix require behavior allowing to load libraries multiple times. Resolves: rhbz#1842989 - Add ruby-default-gems dependency on irb. [2.7.1-133] - Ship racc binary. Resolves: rhbz#1851388 [2.7.1-132] - Update to Ruby 2.7.1 bymerging Fedora master branch (commit: 2981648) * Skip unstable tests on s390x. * Skip JIT tests in RHEL 8. Resolves: rhbz#1817135 [2.6.3-106] - Use ffi_closure_alloc to avoid segmentation fault by libffi on aarch64. Resolves: rhbz#1727832 - Properly support %prerelease in %gemspec_ macros. Related: rhbz#1672575 [2.6.3-105] - Update to Ruby 2.6.3 by merging Fedora master branch (commit: 1cc2a49) * Properly generate "ruby(rubygems)" versioned dependencies. * Extract composition of dependecy strings into helper. * Loosen RDoc dependency. * Upstream fix adding -C flag instead of changing directory for gem build. * Remove obsolete Group tag * Fix ".include =" support in openssl.cnf. * Link IRB back to StdLib. * Link IRB files instead of directories. * Exclude irb.rb from ruby-libs. Resolves: rhbz#1672575 [2.5.5-104] - Update to Ruby 2.5.5. * Remove Patch25: ruby-2.6.0-Update-for-tzdata-2018f.patch; subsumed * Remove Patch11: ruby-2.6.0-Try-to-update-cert.patch; subsumed * Remove Patch19: ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with -TLS-1.3.patch; subsumed Resolves: rhbz#1688758 - Don't ship .stp files when SystemTap support is disabled. Related: rhbz#1657915 - Fix CovScan issues. Resolves: rhbz#1628592 [2.5.3-103] - Refresh expired certificates to fix FTBFS. [2.5.3-102] - Fix Tokyo TZ tests. [2.5.3-101] - Update to Ruby 2.5.3. Resolves: rhbz#1643092 [2.5.1-100] - Properly harden package using -fstack-protector-strong. * ruby-2.6.0-configure-fstack-protector-strong.patch Resolves: rhbz#1624168 [2.5.1-99] - Additional OpenSSL 1.1.1 fixes. * ruby-2.6.0-fix-test-failure-with-TLS-1.3-maint.patch * ruby-2.6.0-config-support-include-directive.patch * ruby-2.6.0-use-larger-keys-for-SSL-tests.patch Related: rhbz#1616213 [2.5.1-99] - Fix generated rdoc template issues. * ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch Resolves: rhbz#1612026 [2.5.1-97] - Fix TLS 1.3 issues. * ruby-2.6.0-fix-test-failure-with-TLS-1.3.patch *ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with-TLS-1.3.patch Related: rhbz#1616213 [2.5.1-96] - turn off tests - Related: bug#1614611 [2.5.1-96] - Rebuild with fixed binutils [2.5.1-95] - Rebuild for new binutils [2.5.1-94] - Disable some test failing with OpenSSL 1.1.1. [2.5.1-94] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [2.5.1-93] - Add macros to edit files lists in .gemspec (gemspec_add_file and gemspec_remove_file). [2.5.1-93] - Make %gemspec_{add,remove}_dep modify .gemspec provided by %setup macro. [2.5.1-92] - Conflict requirement needs to generate dependency. - Stop using --with-setjmp-type=setjmp on aarch64 (rhbz#1545239). [2.5.1-92] - Update to Ruby 2.5.1. [2.5.0-91] - Don't force libraries used to build Ruby to its dependencies. - Re-enable GMP dependency. [2.5.0-90] - Drop GMP dependency. [2.5.0-89] - Rebuild with new LDFLAGS from redhat-rpm-config - Use --with-setjmp-type=setjmp on aarch64 to work around gcc issue (#1545239) [2.5.0-89] - Fix: Multiple vulnerabilities in RubyGems https://bugzilla.redhat.com/show_bug.cgi?id=1547431 https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ [2.5.0-89] - Drop obsolete ldconfig scriptlets. - Add GMP dependency. - Use 'with' operator in RPM dependency generator. - Add conflicts RPM generator. - Fix thread_safe test suite segfaults. - Fix invalid licenses. [2.5.0-89] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.5.0-88] - Rebuilt for switch to libxcrypt [2.5.0-87] - Fix segfaults during generating of documentation. [2.5.0-86] - Upgrade to Ruby 2.5.0. [2.4.2-86] - Add macro to remove rubypick dependency. - Improve "with" conditional statement as inline. [2.4.2-85] - Add macros to remove systemtap, git and cmake dependencies. [2.4.2-84] - Update to Ruby 2.4.2. [2.4.1-84] - Drop ruby-devel dependency on rubypick, which is pulled in transtitively. [2.4.1-83] - Fix "IOError: stream closed" errors affecting Puma. - Temporary disable checksec onPPC64LE (rhbz#1479302). [2.4.1-82] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [2.4.1-81] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.4.1-80] - OpenSSL 1.1.0f-3 disables some weak ciphers. Adjust the package to pass the tests suite. [2.4.1-79] - Update to Ruby 2.4.1. [2.4.0-78] - Fix OpenSSL symlinks. [2.4.0-77] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [2.4.0-76] - Fix GCC 7.x compatibility (rhbz#1417590). - Use standardized multilib solution (rhbz#1412274). [2.4.0-75] - Apply patch fixing rubygem-mongo build failures. [2.4.0-74] - Rebuild again for f26-ruby24 sidetag [2.4.0-73] - Rebuild for readline 7.x [2.4.0-72] - Link files into directory to avoid dir => symlink isues. [2.4.0-71] - Add rubygem-io-console dependency for rubygem-rdoc. [2.4.0-70] - Upgrade to Ruby 2.4.0. - Move gemified xmlrpc into subpackage. - Move gemified openssl into subpackage. - Tk is removed from stdlib. - Extend 'gem_' macros for pre-release version support. [2.3.3-61] - Update to Ruby 2.3.3. - Exclude json.rb from ruby-libs (rhbz#1397370). [2.3.2-60] - Update to Ruby 2.3.2. [2.3.1-59] - Continue to use OpenSSL 1.0 for the moment. - Add gemspec_add_dep and gemspec_remove_dep macros. - Harden package. [2.3.1-58] - Workaround "an invalid stdio handle" error on PPC (rhbz#1361037). [2.3.1-57] - Make symlinks for json gem. [2.3.1-56] - Requires rubygem(json) for rubygem-rdoc (rhbz#1325022). [2.3.1-55] - Update to Ruby 2.3.1. [2.3.0-54] - Add rubypick and rubygems requires to ruby-devel to deal with BuildRequires [2.3.0-53] - Backport trunk@53455 to make ruby-qt build [2.3.0-52] - Explicitly require RDoc, since weak dependencies are ignored by default. [2.3.0-51] - Load RubyGems prior ABRT hook to properly rescue RubyGems exceptions. [2.3.0-50] - Upgrade to Ruby 2.3.0. - Move gemified net-telnet into subpackage. - Add did_you_mean subpackage. - Add virtual provides for CCAN copylibs. - Use weakdependencies. [2.3.0-0.7.preview2] - Add systemtap tests. [2.2.4-47] - Update to Ruby 2.2.4. [2.2.3-46] - Fix ABRT hook autoloading. [2.2.3-45] - Add support for MIPS architecture to config.h [2.2.3-44] - Update to Ruby 2.2.3. [2.2.2-43] - Fix for "dh key too small" error of OpenSSL 1.0.2+. [2.2.2-42] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2.2.2-41] - Fix the git BR following the git package split. [2.2.2-40] - Fix upgrade path (rubygem-io-console's version was recently bumped in F21 and makes the higher release to win). [2.2.2-11] - Bump release because of gems [2.2.2-1] - Update to Ruby 2.2.2 [2.2.1-10] - Fix libruby.so versions in SystemTap scripts (rhbz#1202232). [2.2.1-9] - Update to Ruby 2.2.1. [2.2.0-8] - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code [2.2.0-7] - Fix directory ownership. [2.2.0-6] - Initialize all load paths in operating_system.rb. [2.2.0-5] - Make operating_system.rb more robust. - Add RubyGems stub headers for bundled gems. [2.2.0-4] - Add missing rubygem-test-unit dependency on rubygem-power_assert. [2.2.0-3] - Bump release to avoid EVR issue on rubygem-test-unit [2.2.0-1] - Upgrade to Ruby 2.2.0. - Explicitly list RubyGems directories to avoid accidentaly packaged content. - Split test-unit and power_assert gems into separate sub-packages. - Drop libdb dependency in favor of gdbm. [2.1.5-26] - Disbable sse2 on i668 (bug #1101811) [2.1.5-25] - Update to Ruby 2.1.5. [2.1.4-24] - Update to Ruby 2.1.4. - Include only vendor directories, not their content (rhbz#1114071). - Fix "invalid regex" warning for non-rubygem packages (rhbz#1154067). - Use load macro introduced in RPM 4.12. * Mon Aug 18 2014 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [2.1.2-23] - Fix FTBFS - Specify tcl/tk 8.6 - Add upstream patch to build with libffi 3.1 * Sun Jun 08 2014 Fedora Release Engineering - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 21 2014 Jaroslav Å karvada - Rebuilt for https://fedoraproject.org/wiki/Changes/f21tcl86 [2.1.2-21] - Update to Ruby 2.1.2 [2.1.1-20] - Remove useless exclude (rhbz#1065897). - Extract load macro into external file and include it. - Kill bundled certificates. [2.1.1-19] - Correctly expand $(prefix) in some Makefiles, e.g. eruby. [2.1.1-18] - Update to Ruby 2.1.1. - Revert regression of Hash#reject. [2.1.0-19] - Add RPM dependency generators for RubyGems. [2.1.0-19] - Don't link cert.pem explicitely [2.1.0-18] - Don't generate documentation on unexpected places. - Detect if rubygems are running under rpmbuild and install gem binary extensions into appropriate place. - Add support for ppc64le arch (rhbz#1053263). - Re-enable some test cases, which are passing now with Kernel 3.12.8+. - Backport fix for floating point issues on i686. [2.1.0-17] - Upgrade to Ruby 2.1.0. - Move RPM macros into /usr/lib/rpm/macros.d directory. - Allow MD5 in OpenSSL for tests. [2.0.0.247-15] - Move Psych symlinks to vendor dir, to prevent F18 -> F19 upgrade issues (rhbz#988490). [2.0.0.247-14] - Add forgotten psych.rb link into rubygem-psych to fix "private method load' called for Psych:Moduler" error (rhbz#979133). [2.0.0.247-13] - Fixes multilib conlicts of .gemspec files. - Make symlinks for psych gem to ruby stdlib dirs (rhbz#979133). - Use system-wide cert.pem. [2.0.0.247-12] - Fix RubyGems search paths when building gems with native extension (rhbz#979133). [2.0.0.247-11] - Fix RubyGems version. [2.0.0.247-10] - Better support for build without configuration (rhbz#977941). [2.0.0.247-9] - Update to Ruby 2.0.0-p247 (rhbz#979605). - Fix CVE-2013-4073. - Fix for wrong makefiles created by mkmf (rhbz#921650). - Add support for ABRT autoloading. [2.0.0.195-8] - Update to Ruby 2.0.0-p195 (rhbz#917374). - Fix object taint bypassing in DL and Fiddle (CVE-2013-2065). - Fix build against OpenSSL with enabled ECC curves. - Add aarch64 support(rhbz#926463). [2.0.0.0-7] - Macro definition moved into macros.ruby and macros.rubygems files. - Added filtering macros. - Filter automatically generated provides of private libraries (rhbz#947408). [2.0.0.0-6] - Fix RbConfig::CONFIG['exec_prefix'] returns empty string (rhbz#924851). [2.0.0.0-5] - Make Ruby buildable without rubypick. - Prevent random test failures. [2.0.0.0-4] - Don't mark rpm config file as %config (fpc#259) [2.0.0.0-3] - Avoid "method redefined;" warnings due to modified operating_system.rb. - Fix strange paths created during build of binary gems. [2.0.0.0-2] - Prevent squash of %gem_install with following line. [2.0.0.0-1] - Update to Ruby 2.0.0-p0. - Change %{ruby_extdir} to %{ruby_extdir_mri} in preparation for better JRuby support. [2.0.0.0-0.3.r39387] - Move test-unit.gemspec to -libs subpackage for now because rubygems 2.0.0 does not create this [2.0.0.0-0.2.r39387] - Fix issues with wrong value of Rubygem's shebang introduced in r39267. [2.0.0.0-0.1.r39387] - Upgrade to Ruby 2.0.0 (r39387). - Introduce %gem_install macro. - Build against libdb instead of libdb4 (rhbz#894022). - Move native extensions from exts to ruby directory. - Enable most of the PPC test suite. - Change ruby(abi) -> ruby(release). - Rename ruby executable to ruby-mri, to be prepared for RubyPick. - Add ruby(runtime_executable) virtual provide, which is later used by RubyPick. - RDoc now depends on JSON. - Try to make -doc subpackage noarch again, since the new RDoc should resolve the arch dependent issues (https://github.com/ruby/rdoc/issues/71). - Enable SystemTap support. - Add TapSet for Ruby. - Split Psych into rubygem-psych subpackage. [1.9.3.385-28] - Update to 1.9.3 p385 [1.9.3.374-27] - Update to 1.9.3 p374 - Fix provided variables in pkgconfig (bug 789532: VÃt Ondruch ) [1.9.3.362-26] - Provide non-versioned pkgconfig file (bug 789532) - Use db5 on F-19 (bug 894022) [1.9.3.362-25] - Backport fix for the upstream PR7629, save the proc made from the given block (bug895173) [1.9.3.362-24] - Update to 1.9.3.362 [1.9.3.327-23] - Skipping test_parse.rb (fails on ARM at line 787) - https://bugs.ruby-lang.org/login?back_url=https%3A%2F%2Fbugs.ruby-lang.org%2Fissues%2F6899 [1.9.3.327-23] - Skip test_str_crypt (on rawhide) for now (upstream bug 7312) [1.9.3.327-22] - Ignore some network related tests [1.9.3.327-21] - Update to 1.9.3.327 - Fix Hash-flooding DoS vulnerability on MurmurHash function (CVE-2012-5371) [1.9.3.286-19] - Update to 1.9.3 p286 - Don't create files when NUL-containing path name is passed (bug 865940, CVE-2012-4522) [1.9.3.194-18] - Patch from trunk for CVE-2012-4464, CVE-2012-4466 [1.9.3.194-17] - Split documentation into -doc subpackage (rhbz#854418). [1.9.3.194-16] - Revert the dependency of ruby-libs on rubygems (rhbz#845011, rhbz#847482). [1.9.3.194-15] - ruby-libs must require rubygems (rhbz#845011). [1.9.3.194-14] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1.9.3.194-13] - Make the bigdecimal gem a runtime dependency of Ruby. [1.9.3.194-12] - Make symlinks for bigdecimal and io-console gems to ruby stdlib dirs (RHBZ 829209). [1.9.3.194-11] - Fix license to contain Public Domain. - macros.ruby now contains unexpanded macros. [1.9.3.194-10.1] - Bump release [1.9.3.194-1] - Update to Ruby 1.9.3-p194. [1.9.3.125-3] - disable check on ppc(64), RH bugzilla 803698 [1.9.3.125-2] - Temporarily disable make check on ARM until it's fixed upstream. Tracked in RHBZ 789410 [1.9.3.125-1] - Upgrade to Ruby 1.9.3-p125. [1.9.3.0-7] - Make mkmf.rb verbose by default [1.9.3.0-6] - Relax dependencies to allow external updates of bundled gems. [1.9.3.0-5] - Initial release of Ruby 1.9.3. - Add rubygems dependency on io-console for user interactions. - Gems license clarification. [1.9.3.0-4] - Bundled gems moved into dedicated directories and subpackages. - Create and own RubyGems directories for binary extensions. - Fix build with GCC 4.7. [1.9.3.0-3] - Fix RHEL build. - Fixed directory ownership. - Verose buildoutput. [1.9.3.0-2] - Install RubyGems outside of Ruby directory structure. - RubyGems has not its own -devel subpackage. - Enhanced macros.ruby and macros.rubygems. - All tests are green now (bkabrda). [1.9.3.0-1] - Initial package [1.8.7.357-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [1.8.7.357-1] - Update to 1.8.7p357 - Randomize hash on process startup (CVE-2011-4815, bug 750564) [1.8.7.352-2] - dont normalise arm cpus to arm - there is something weird about how ruby choses where to put bits [1.8.7.352-3] - F-17: kill gdbm support for now due to licensing compatibility issue [1.8.7.352-2] - F-17: rebuild against new gdbm [1.8.7.352-1] - Update to 1.8.7 p352 - CVE-2011-2686 is fixed in this version (bug 722415) - Update ext/tk to the latest git - Remove duplicate path entry (bug 718695) [1.8.7.334-4] - Once fix FTBFS (bug 716021) [1.8.7.334-3] - normalise arm cpus to arm [1.8.7.334-2] - Own %{_normalized_cpu}-%{_target_os} directory (bug 708816) [1.8.7.334-1] - Update to 1.8.7 p334 [1.8.7.330-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [1.8.7.330-2] - nomalise the 32 bit sparc archs to sparc [1.8.7.330-1] - Update to 1.8.7 p330 - ext/tk updated to the newest header [1.8.7.302-2] - Avoid multilib conflict on -libs subpackage (bug 649174) [1.8.7.302-1] - Update to 1.8.7.302 - CVE-2010-0541 (bug 587731) is fixed in this version - Update ext/tk to the latest head [1.8.7.299-5] - More cleanup of spec file, expecially for rpmlint issue - build ri files in %build [1.8.7.299-4] - Cleanup spec file - Make -irb, -rdoc subpackage noarch - Make dependencies between arch-dependent subpackages isa specific - Improve sample documentation gathering [1.8.7.299-3] - updated packaged based on feedback (from mtasaka) - added comments to all patches / sources - obsoleted ruby-mode, as it's now provided by the emacs package itself - readded missing documentation - various small compatability/regression fixes [1.8.7.299-2] - readded bits to pull tk packagefrom upstream source branch - removed unecessary .tk.old dir - renamed macros which may cause confusion, removed unused ones [1.8.7.299-1] - integrate more of jmeyering's and mtaska's feedback - removed emacs bits that are now shipped with the emacs package - various patch and spec cleanup - rebased to ruby 1.8.7 patch 299, removed patches no longer needed: ruby-1.8.7-openssl-1.0.patch, ruby-1.8.7-rb_gc_guard_ptr-optimization.patch [1.8.7.249-5] - Various fixes [1.8.7.249-4] - Fixed incorrect paths in 1.8.7 rpm [1.8.7.249-3] - Integrated Jim Meyering's feedback and changes in to: - remove trailing blanks - placate rpmlint - ruby_* definitions: do not use trailing slashes in directory names - _normalized_cpu: simplify definition [1.8.7.249-2] - Integrate mtasaka's feedback and changes - patch101 ruby_1_8_7-rb_gc_guard_ptr-optimization.patch [1.8.7.249-1] - Initial Ruby 1.8.7 specfile [1.8.6.399-5] - Retry for bug 559158, Simplify the OpenSSL::Digest class pull more change commits from ruby_1_8 branch [1.8.6.399-4] - Patch36 (ruby-1.8.x-RHASH_SIZE-rb_hash_lookup-def.patch) also backport rb_hash_lookup definition (bug 592936) [1.8.6.399-3] - ruby-1.8.x-null-class-must-be-Qnil.patch (bug 530407) - Recreate some patches using upstream svn when available, and add some comments for patches [1.8.6.399-2] - tcltk: Give up using potentially unmaintained ruby_1_8_6 branch and instead completely replace with ruby_1_8 branch head (at this time, using rev 27738) (seems to fix 560053, 590503) - Fix Japanese encoding strings under ruby-tcltk/ext/tk/sample/ [1.8.6.399-1] - Update to 1.8.6 p 399 (bug 579675) - Patch to fix gc bug causing open4 crash (bug 580993) [1.8.6.388-9] - F-14: rebuild against new gdbm * Thu Jan 28 2010 Mamoru Tasaka - Once revert the previous change (patch34) [1.8.6.388-8] - Backport openssl/digest functions providing digest and hexdigest functions directly in OpenSSL::Digest.methods - Make sure that Red Hat people version their changelog entries - This is actually release#1, but now needs to be release #7 [1.8.6.388-1] - Add conditional for RHEL. [1.8.6.383-6] - CVE-2009-4492 ruby WEBrick log escape sequence (bug 554485) [1.8.6.383-5] - Change mkmf.rb to use LIBRUBYARG_SHARED so that have_library() works without libruby-static.a (bug 428384) - And move libruby-static.a to -static subpackage [1.8.6.383-4] - Use bison to regenerate parse.c to keep the original format of error messages (bug 530275 comment 4) [1.8.6.383-3] - Patch so that irb saves its history (bug 518584, ruby issue 1556) [1.8.6.383-2] - Update to 1.8.6 patchlevel 383 (bug 520063) [1.8.6.369-5] - Much better idea for Patch31 provided by Akira TAGOH [1.8.6.369-4] - Fix the search path of ri command for ri manuals installed with gem (bug 528787) [1.8.6.369-3] - Rebuild against new openssl [1.8.6.369-2] - Make sure that readline.so is linked against readline 5 because Ruby is under GPLv2 [1.8.6.369-1] - New patchlevel fixing CVE-2009-1904 - Fix directory on ARM (#506233, Kedar Sovani) [1.8.6.368-1] - New upstream release (p368) [1.8.6.287-8] - Merge Review fix (#226381) [1.8.6.287-7] - Fix regression in CVE-2008-3790 (#485383) [1.8.6.287-6] - Again use -O2 optimization level - i586 should search i386-linux directory (on
Apr 25, 2025
•Important
Oracle
202
security advisorymoderatesecurity issueopenSUSE Tumbleweed: 2025:14674-1 moderate: ruby3.4-rubygem-activejob
An update that solves one vulnerability can now be installed.. # ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14674-1 Rating: moderate Cross-References: * CVE-2024-54133 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ruby3.4-rubygem-activejob-8.0 8.0.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-54133.html . The latest openSUSE Tumbleweed update has addressed a critical security concern surrounding ruby3.4-rubygem-activejob, ensuring ongoing stability and protection.. openSUSE security update,ruby3.4-rubygem-activejob,moderate advisory,security issue fix. . LinuxSecurity.com Team
Jan 22, 2025
OpenSUSE
202
security advisorymoderatesecurity issueopenSUSE Tumbleweed: SU-2025:14676-1 moderate: ActiveRecord Security Fix
An update that solves one vulnerability can now be installed.. # ruby3.4-rubygem-activerecord-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14676-1 Rating: moderate Cross-References: * CVE-2024-54133 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the ruby3.4-rubygem-activerecord-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ruby3.4-rubygem-activerecord-8.0 8.0.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-54133.html . openSUSE Tumbleweed bolsters protection by upgrading ruby3.4-rubygem-activestorage with the newest fixes. openSUSE Security, ruby3.4 Update, ActiveRecord Patch. . LinuxSecurity.com Team
Jan 22, 2025
OpenSUSE
87
security advisorydebianremote executionDebian DSA-5310-1: Upgrade Ruby-Image-Processing for Remote Execution Fix
It was discovered that ruby-image-processing, a ruby package that provides higher-level image processing helpers, is prone to a remote shell execution vulnerability when using the #apply method to apply a series of operations coming from unsanitized user input. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5310-1
Dec 31, 2022
•Critical
Debian
203
security advisorythreatinfo leakMageia: 2020-0252 Moderate: ruby-rack Session Hijack Issue
Updated ruby-rack packages fix security vulnerabilities: There's a possible information leak / session hijack vulnerability in Rack(RubyGem rack). Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually . MGASA-2020-0252 - Updated ruby-rack packages fix security vulnerability Publication date: 10 Jun 2020 URL: https://advisories.mageia.org/MGASA-2020-0252.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-8161, CVE-2019-16782 Updated ruby-rack packages fix security vulnerabilities: There's a possible information leak / session hijack vulnerability in Rack(RubyGem rack). Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison (CVE-2019-16782). If certain directories exist in a director that is managed by Rack::Directory, an attacker could, using this vulnerability, read the contents of files on the server that were outside of the root specified in the Rack::Directory initializer (CVE-2020-8161). References: - https://bugs.mageia.org/show_bug.cgi?id=26688 - https://bugs.mageia.org/show_bug.cgi?id=25915 - https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3 - https://lists.fedoraproject.org/archives/list/
Jun 10, 2020
Mageia
89
security advisorysecurity updateDoS issueFedora 10: 2009-13066 Moderate: Ruby Denial of Service Issue
Update to 1.8.6 p368 This package also fixes the build failure on arm -gnueabi systems (bug 506233), and DOS vulnerability issue on BigDecimal method (bug 504958, CVE-2009-1904). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-13066 2009-12-11 16:37:52 -------------------------------------------------------------------------------- Name : ruby Product : Fedora 10 Version : 1.8.6.368 Release : 2.fc10 URL : https://www.ruby-lang.org/ Summary : An interpreter of object-oriented scripting language Description : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. -------------------------------------------------------------------------------- Update Information: Update to 1.8.6 p368 This package also fixes the build failure on arm -gnueabi systems (bug 506233), and DOS vulnerability issue on BigDecimal method (bug 504958, CVE-2009-1904) -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 7 2009 Mamoru Tasaka - 1.8.6.386-2 - Patch for bigdecimal DOS issue (CVE-2009-1904, bug 504958) * Sun May 31 2009 Jeroen van Meeuwen - 1.8.6.368-1 - New upstream release (p368) * Sat Apr 11 2009 Mamoru Tasaka - 1.8.6.287-8 - Merge Review fix (#226381) * Wed Mar 18 2009 Jeroen van Meeuwen - 1.8.6.287-7 - Fix regression in CVE-2008-3790 (#485383) * Mon Mar 16 2009 Mamoru Tasaka - 1.8.6.287-6 - Again use -O2 optimization level - i586 should search i386-linux directory (on
Dec 11, 2009
Fedora
99
security advisorymoderateupdateSlackware 12.2: 2009-120-01 Moderate: Ruby DoS Threat Resolved
New ruby packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix a problem with REXML and other security issues. For details about the REXML issue, see: A full list may be found in the ChangeLog file included with the source code. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ruby (SSA:2009-120-01) New ruby packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix a problem with REXML and other security issues. For details about the REXML issue, see: https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ A full list may be found in the ChangeLog file included with the source code. Here are the details from the Slackware 12.2 ChangeLog: +--------------------------+ patches/packages/ruby-1.8.7_p160-i486-1_slack12.2.tgz: Upgraded to ruby-1.8.7-p160. This update fixes a DoS in REXML. For details, see: https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 11.0: Updated package for Slackware 12.0: Updated package for Slackware 12.1: Updated package for Slackware 12.2: Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 11.0 package: 4ec0a9955bab3bfa8c5b1a16c24b172a ruby-1.8.6_p368-i486-1_slack11.0.tgz Slackware 12.0 package: e396baa7eeacef285482253a19c37395 ruby-1.8.6_p368-i486-1_slack12.0.tgz Slackware 12.1package: 82f78cebe868bb40c1a7ac99193e7a1c ruby-1.8.6_p368-i486-1_slack12.1.tgz Slackware 12.2 package: 9eba5df43c89ea703e5903b731fa40d5 ruby-1.8.7_p160-i486-1_slack12.2.tgz Slackware -current package: 0bb4df63d8f65bf66690a08c0b23a0db ruby-1.8.7_p160-i486-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ruby-1.8.7_p160-i486-1_slack12.2.tgz +-----+ . Freshly released Ruby modules for Slackware aim to tackle REXML complications while boosting system safety through essential updates.. Ruby Update, Slackware Packages, REXML DoS Fix. . Severity: Important. LinuxSecurity.com Team
May 01, 2009
•Important
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!