ruby-3.0.7-165.el9_5
エラータID: AXSA:2025-9915:02
リリース日:
2025/05/09 Friday - 20:17
題名:
ruby-3.0.7-165.el9_5
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Ruby の CGI ライブラリの CGI::Cookie.parse() メソッドには、
Cookie 値の長さを制限していない問題があるため、リモートの攻撃者
により、細工された Cookie 値の処理を介して、サービス拒否攻撃
(過剰なリソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2025-27219)
- Ruby の CGI ライブラリの Util#escapeElement() メソッドには、
リモートの攻撃者により、細工された正規表現の処理を介して、正規表現
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-27220)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-27219
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
追加情報:
N/A
ダウンロード:
SRPMS
- ruby-3.0.7-165.el9_5.src.rpm
MD5: 388b0dda90db99ea895045768bad66c8
SHA-256: 252ef44eba9f2f11bd2d64e5f826b0f92621591cb16887ff0da60922ac5c14ba
Size: 15.32 MB
Asianux Server 9 for x86_64
- ruby-3.0.7-165.el9_5.i686.rpm
MD5: 6862f54eab2ebf57869d2e4a89e3cc6f
SHA-256: 21a6f459b22b13a69a547518275d213ebafff6376ffcc34726c75d51872b5f81
Size: 38.37 kB - ruby-3.0.7-165.el9_5.x86_64.rpm
MD5: bc09b0b4382ccbf6c612207c55b03834
SHA-256: f9a397aa7a02d77b894937d7cf5b52651a043d6b148b673c659e7778b436890d
Size: 38.24 kB - ruby-default-gems-3.0.7-165.el9_5.noarch.rpm
MD5: 620aa0fd07632b03294509aa35707afa
SHA-256: 763590ecc48bc681fe3f5785c56fc16993b301c4084a977281e8f57ff29ac43f
Size: 46.48 kB - ruby-devel-3.0.7-165.el9_5.i686.rpm
MD5: 32cfd206c724b2138ef7eff00b3821e2
SHA-256: 49cf3986c406fa1277e61e6b0722c8e53baa7aa0c10255fa0a68176caab7aa0a
Size: 308.30 kB - ruby-devel-3.0.7-165.el9_5.x86_64.rpm
MD5: c3301275e39e1d885694d712a46bf0c3
SHA-256: 6e022555342aa1c2cc0f0f5f4f432e526676c138531b860844e4556c577a054b
Size: 308.46 kB - ruby-doc-3.0.7-165.el9_5.noarch.rpm
MD5: 0bea5605303086fc7830b4b746abdbd0
SHA-256: c78604acd68c9d83600d01429c51aa8aedcb73c9d5fa99156b6f90469b1fe101
Size: 7.46 MB - rubygem-bigdecimal-3.0.0-165.el9_5.x86_64.rpm
MD5: e3c93bc0351bac829c31658a2e4f1f26
SHA-256: fb7527793822741a67ccb3f5c87ef5944037de3d6b7d1ee9b8ab09bcce2825a0
Size: 51.42 kB - rubygem-bundler-2.2.33-165.el9_5.noarch.rpm
MD5: fab0b0b4ee99cc6cd04b4ff9cd1b7ba5
SHA-256: f9f0225f9d0d49d541013f65712f667e7439be9c40b8442e919f18e0bfb8b828
Size: 442.32 kB - rubygem-io-console-0.5.7-165.el9_5.x86_64.rpm
MD5: d8284e4299f4108e4154cbe881f37988
SHA-256: f04b79b3f0bce253e4011f52dfa2f12ecfefda3a055c2af757d0c07d8a20449b
Size: 22.47 kB - rubygem-irb-1.3.5-165.el9_5.noarch.rpm
MD5: 7d4ee2e57372033abf5b6f32e7de1eb3
SHA-256: bdf9f7fff0d41d9b61748c61a193576b2e504abfdc1f6efe11947361ff222189
Size: 76.63 kB - rubygem-json-2.5.1-165.el9_5.x86_64.rpm
MD5: 442bb50fd4012be648111df9d9e3f734
SHA-256: 9f2e868cb8a0803461d347350d163473535ea3704f6c2131ced1c4c2a7c89d6a
Size: 57.53 kB - rubygem-minitest-5.14.2-165.el9_5.noarch.rpm
MD5: 02123ce42284d69796475fb2fb587788
SHA-256: 0f580e35ed91ac8b7235e8a41ac9ddf17bec749d45239b4622d41e955bf37786
Size: 85.25 kB - rubygem-power_assert-1.2.1-165.el9_5.noarch.rpm
MD5: e660071592a7e98ce1143be0bd7f0db7
SHA-256: e9eef129a836580dd28c60d945dca187935a5e5bdb67726dd54508d847300260
Size: 25.96 kB - rubygem-psych-3.3.2-165.el9_5.x86_64.rpm
MD5: fcadf7eb2acc2ba61aab137d9ebf2a3e
SHA-256: 0b7adaa01ed345ddce5c91797e4e7e0f796d480708774f580253670b991a3b37
Size: 58.10 kB - rubygem-rake-13.0.3-165.el9_5.noarch.rpm
MD5: e80e97c6be2439c4fc9b00534935bce3
SHA-256: 892f5b6379fb6c8771d56299e799ce9432319b642817f02ada76bdba28919eec
Size: 105.22 kB - rubygem-rbs-1.4.0-165.el9_5.noarch.rpm
MD5: ad73685f3efae14be334091ffee5941b
SHA-256: 8dcc7829f7af60cc9958c13a46a7089d55efe2a69dbbd68075cb941855d4ae46
Size: 526.16 kB - rubygem-rdoc-6.3.4.1-165.el9_5.noarch.rpm
MD5: 3bf4ae7736795e60df5d9f11013a7ddf
SHA-256: a7c043721199bc83ff181fc5f9919d149b02e6b7a78f68f824770ea839d4d06d
Size: 438.05 kB - rubygem-rexml-3.2.5-165.el9_5.noarch.rpm
MD5: 597286dc831d9beda1157f88b43d4222
SHA-256: e47d649dbb13ea951a90b1a9653acb750968a4cec73432d58ca041bc157cbc8d
Size: 107.83 kB - rubygem-rss-0.2.9-165.el9_5.noarch.rpm
MD5: 9f573fccab21c472178ad92ddba76bdb
SHA-256: 3f0adef57d417685820189d66e7146091ed5cb03ca9d2296ad7759b5dc4bb120
Size: 121.96 kB - rubygems-3.2.33-165.el9_5.noarch.rpm
MD5: df7479165e9880d420c51673c067ac5a
SHA-256: 8f67e321aac5d7cdaeac88e584c5989839b372ae28381205110bdf179ccd2773
Size: 298.13 kB - rubygems-devel-3.2.33-165.el9_5.noarch.rpm
MD5: 9a053aa49a2a30f7e09d7eaa3f7cca11
SHA-256: c15091b5fcb4e6506addc41552b18d8a772893cc23d4641fc1cb1164738683bb
Size: 11.88 kB - rubygem-test-unit-3.3.7-165.el9_5.noarch.rpm
MD5: dd80cbe728523beaa6ab43023be449d4
SHA-256: 0a875ce8aff3f8ae3ee905f33f475acb22145ef05364121af2e37401c10420f0
Size: 144.58 kB - rubygem-typeprof-0.15.2-165.el9_5.noarch.rpm
MD5: dfbaf6f08ac2a9cade379c246c8db450
SHA-256: 44515a90b9315e8a2ace4e3e3224150befa1830df64eac16efe35b13625b4e24
Size: 605.07 kB - ruby-libs-3.0.7-165.el9_5.i686.rpm
MD5: 7db4daa860aa67bfad1fbcde9e42899d
SHA-256: 59b728108b06149191b9a13389ee4785c4f91777284e2de55ef6e36065e0b54c
Size: 3.35 MB - ruby-libs-3.0.7-165.el9_5.x86_64.rpm
MD5: 7338252f88bcb8dbfe3d660bd278d249
SHA-256: 785fd4804e55db73354c082b02e5c01aff8ffed9530e2cc8047bccfa862cc900
Size: 3.26 MB
English