ruby:3.3 security update
エラータID: AXSA:2025-9954:01
リリース日:
2025/05/21 Wednesday - 16:15
題名:
ruby:3.3 security update
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Ruby の Net::IMAP クライアント機能のレスポンスパーサーには、
処理できるデータサイズに制限を設けていない問題があるため、リモート
の攻撃者により、高度に圧縮されるように細工したデータの送信を介して、
サービス拒否攻撃 (メモリ枯渇) を可能とする脆弱性が存在します。
(CVE-2025-25186)
- Ruby の CGI ライブラリの CGI::Cookie.parse() メソッドには、
Cookie 値の長さを制限していない問題があるため、リモートの攻撃者に
より、細工された Cookie 値の処理を介して、サービス拒否攻撃 (過剰な
リソースの枯渇) を可能とする脆弱性が存在します。(CVE-2025-27219)
- Ruby の URI ライブラリの URL を扱うメソッドには、データの消去
処理に不備があるため、ローカルの攻撃者により、情報の漏洩を可能と
する脆弱性が存在します。(CVE-2025-27221)
Modularity name: ruby
Stream name: 3.3
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-25186
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.
CVE-2025-27219
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
追加情報:
N/A
ダウンロード:
SRPMS
- rpm-local-generator-support-1-1.module+el9+1088+e9c57e4b.src.rpm
MD5: be5bdf3b95be0fdbf51cbb5b6a441832
SHA-256: c642b03047569569cff1a3dd6cd3a58e844f4571e1ee381813a75ec76e9139a8
Size: 7.31 kB - rubygem-mysql2-0.5.5-1.module+el9+1088+e9c57e4b.ML.1.src.rpm
MD5: ba77ed1bd8e6e9f24d5a1f88d209f67a
SHA-256: bce95ae2f828d2048ca2236231a8e15dbc52a9a3932d264e0f032fc8bb05499a
Size: 138.96 kB - rubygem-pg-1.5.4-1.module+el9+1088+e9c57e4b.ML.1.src.rpm
MD5: 1561376416d1c07cf42794ca8e23924e
SHA-256: 11cb8847fd676bf3568c3b337a8538613e48aa4f2da0875a5c177483ad494314
Size: 306.05 kB - ruby-3.3.8-4.module+el9+1088+e9c57e4b.src.rpm
MD5: e32a6749bf8f9b85da8432660a5d7687
SHA-256: 15636333e673be2d486f7a654d11d96f9d6b484d0777ded6f58abde57e5635c2
Size: 15.75 MB
Asianux Server 9 for x86_64
- ruby-3.3.8-4.module+el9+1088+e9c57e4b.i686.rpm
MD5: 0dff02fbcd13f5afc451713d2410ce6b
SHA-256: fb3f8837d592a5a0de0e3fe4eb3d189c127f2e953faf36c59df0f637058a127a
Size: 37.73 kB - ruby-3.3.8-4.module+el9+1088+e9c57e4b.x86_64.rpm
MD5: ef7aa242f4c94536e1aa9970e7f561dc
SHA-256: 38a5aa80e744d0816ce5262bdf8d753094d57ed323eed777a1c18abaf8afd96b
Size: 37.59 kB - ruby-bundled-gems-3.3.8-4.module+el9+1088+e9c57e4b.i686.rpm
MD5: fb59e4c241ae233b62a59f6d9c017d1b
SHA-256: 17bb003d51ef9e279207656ac7f6e7962eb1d1b2571ae808da1bfa5b380313c0
Size: 295.98 kB - ruby-bundled-gems-3.3.8-4.module+el9+1088+e9c57e4b.x86_64.rpm
MD5: 4c1e6250fbbbd3b993a316b11396df3f
SHA-256: 7a257a7018088da3dd1b989d5a7f46735bb721ca7213563c884fd9d8884497c2
Size: 295.32 kB - ruby-debugsource-3.3.8-4.module+el9+1088+e9c57e4b.i686.rpm
MD5: 02bd2021ffc588d0d8338dc39b7444b8
SHA-256: 26d6f17ecaaea107a4c1ae1699d929ecd6d8b51f79b6044708f85e683fc7afae
Size: 3.91 MB - ruby-debugsource-3.3.8-4.module+el9+1088+e9c57e4b.x86_64.rpm
MD5: 0a9875bf786400f06e91d3751ae72dd6
SHA-256: 2abea7b22c2423880c3f03283b7889f535d223982dc3d5df2f56ed7bd13a33f4
Size: 4.13 MB - ruby-default-gems-3.3.8-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: 4b90061c61e9f38c1e10f32d04e8f274
SHA-256: e7a5b1f4a21b71d35813a00b52c9acabd3887e771c214ca95d16e2d9d7bac484
Size: 50.04 kB - ruby-devel-3.3.8-4.module+el9+1088+e9c57e4b.i686.rpm
MD5: 9fed3c9ac7f32062b910cd2568d66791
SHA-256: 1ba67eba7554890fb1d73f7f53beb070c4b11369760c7127d55bddb24828f5e5
Size: 332.55 kB - ruby-devel-3.3.8-4.module+el9+1088+e9c57e4b.x86_64.rpm
MD5: b0f4e844233af611f7d5ecaf9fbcfb22
SHA-256: 82203c12bb27c16ca3222b37cc671f74d4659fe8ef7b5c73d87dfe49be23aee1
Size: 332.66 kB - ruby-doc-3.3.8-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: 0161682b046d52b66b20fff31466b53f
SHA-256: 6dd241fbef119970676547725be80214fc9bb6675b483d2d9b856d1daeacb728
Size: 7.78 MB - rubygem-bigdecimal-3.1.5-4.module+el9+1088+e9c57e4b.i686.rpm
MD5: 8634ee2f4bb0705993fa10c9e1bc46e6
SHA-256: a9a6bfd272281a9b4888be4bfe9ed0eddb9c4977143c0c51b4cbf7363fde88c9
Size: 70.09 kB - rubygem-bigdecimal-3.1.5-4.module+el9+1088+e9c57e4b.x86_64.rpm
MD5: 020f2a4a0d0edd08eadff05f455ac81d
SHA-256: 26ed90c8664c70a8e5b162c2e13fa4c3d277efcc4e4b3339b9364a52e96cbe58
Size: 64.92 kB - rubygem-bundler-2.5.22-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: 38e74936716d46f08a84458bb16bd7f3
SHA-256: 349086b4896cab0f5dd7742c4e7b6f300d32756d400c982a8fa2150e48fe26cd
Size: 476.92 kB - rubygem-io-console-0.7.1-4.module+el9+1088+e9c57e4b.i686.rpm
MD5: f5dc76225b3c5819fb114c90d250b854
SHA-256: 9403f0063e77607e2c87347c6d2a748f6c3e1f885d787f8256f64f68a573356a
Size: 24.08 kB - rubygem-io-console-0.7.1-4.module+el9+1088+e9c57e4b.x86_64.rpm
MD5: ed19809f5334b7ddc75a1bbeedec3735
SHA-256: 12a4dd770e42f3f67cda93424d73f147bdd20ea9a1fe4c24eee8815dbccbc593
Size: 22.28 kB - rubygem-irb-1.13.1-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: 478f82de3b9639c73def6903e1e8a4bf
SHA-256: 484307f218629660c5dfa50f4f0f1a99556b7e8b82c2f7a8bfe7bdc6c3c73f75
Size: 103.75 kB - rubygem-json-2.7.2-4.module+el9+1088+e9c57e4b.i686.rpm
MD5: 6314a00dbe8f9507005c1230ce8cc3da
SHA-256: 503726497c74c749f21e856cbae1d15fc690d4964157dec193db28496469e0df
Size: 60.16 kB - rubygem-json-2.7.2-4.module+el9+1088+e9c57e4b.x86_64.rpm
MD5: 25fc4a50b768e02678f423bbe8e9b3a9
SHA-256: 3c30be9b3656c4351046e00d28cf7be272d0b4d524b5b0f253b78443ec947a0a
Size: 58.13 kB - rubygem-minitest-5.20.0-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: 715afa89dcea3084907d9577926773fd
SHA-256: bc3a85c20ecd382d6193731bdb07a3cf687bc365fedbd53d0a1d13cef84fb172
Size: 94.88 kB - rubygem-mysql2-0.5.5-1.module+el9+1088+e9c57e4b.ML.1.x86_64.rpm
MD5: b64116c6e7f3a67182f8f66b1a258467
SHA-256: fb6940ae5ee15ea0013b1b4b47775e470cd7203c30f95d4e4a653367b9fb2243
Size: 49.72 kB - rubygem-mysql2-debugsource-0.5.5-1.module+el9+1088+e9c57e4b.ML.1.x86_64.rpm
MD5: fe4eb36b1cc0a0be15ac9112f014cd41
SHA-256: a7b6d78a252c20cbac12109d37268e11d689d290e6d1e43eb46a8764c589b487
Size: 35.61 kB - rubygem-mysql2-doc-0.5.5-1.module+el9+1088+e9c57e4b.ML.1.noarch.rpm
MD5: 9de0770ca3285c9e5e2bd6b8ee775845
SHA-256: 742b1449d3cfee2b43038201d66fb4a36ce44f0cf76c0592aeaad0fcd1bf3219
Size: 347.31 kB - rubygem-pg-1.5.4-1.module+el9+1088+e9c57e4b.ML.1.x86_64.rpm
MD5: c0bdff5aa323cb0be154267388e98a32
SHA-256: 0f4a28ce21ef5351415e7334dade87e2253c15c11a0c8c7606fcf717842a5785
Size: 125.07 kB - rubygem-pg-debugsource-1.5.4-1.module+el9+1088+e9c57e4b.ML.1.x86_64.rpm
MD5: 2fcca3efee9cb9a20801bc79552ca040
SHA-256: f4e59aa59fb2b2e6553d6ff792fdb38a7fc5124a5e0be065e5e6f2da3bd595f4
Size: 101.53 kB - rubygem-pg-doc-1.5.4-1.module+el9+1088+e9c57e4b.ML.1.noarch.rpm
MD5: 649cb0b8822c4e5548d18e5b17637d23
SHA-256: 3b22eb98de3b3407e547ae337fe90a3000fcf9d7f9442f583529df711c1f8093
Size: 765.31 kB - rubygem-power_assert-2.0.3-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: ce390710367a2f773c22037a10a39fce
SHA-256: c249a68d0e36b4b989b9fbee27938d9b66351be87d51a767c932b3e41c93a988
Size: 25.01 kB - rubygem-psych-5.1.2-4.module+el9+1088+e9c57e4b.i686.rpm
MD5: 9afb6897fd0e002e2ee71930cde58935
SHA-256: e5560a5f86843a8f276fd38b2b796362d3175cda846278caa6b97e58aba338d1
Size: 59.92 kB - rubygem-psych-5.1.2-4.module+el9+1088+e9c57e4b.x86_64.rpm
MD5: 02f38b607f69edc669d61f173060eaea
SHA-256: cbfb667266503df9ac1721b5a60ca6e9246fdcf073b1ae16a5c95286db7d2059
Size: 58.67 kB - rubygem-racc-1.7.3-4.module+el9+1088+e9c57e4b.i686.rpm
MD5: 9ae2804de58a31e8210eea359ef28761
SHA-256: b6395c111c0d3e29f231477e4e3477c461975c17b549c089754ce538ccbe7fc0
Size: 80.51 kB - rubygem-racc-1.7.3-4.module+el9+1088+e9c57e4b.x86_64.rpm
MD5: 002707fc8aaa0afc3f0bcb924338bcf9
SHA-256: fad030edf5f7e0330597294dcdddc048b4f7ced03f90139f16a4fae88d8554ed
Size: 79.78 kB - rubygem-rake-13.1.0-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: 985314b010ef9a1629cf970ccd639bc4
SHA-256: 4851ede0d35b955a961b7fe31a3a2271de4b15f7af14fdfaa85cddbc5235b97f
Size: 100.51 kB - rubygem-rbs-3.4.0-4.module+el9+1088+e9c57e4b.i686.rpm
MD5: d54bda10f8bb59853bfd57ba9f6dc666
SHA-256: d7ac5132479a3fd65c8028819ff555e797bf50d3dd83cf24c4a6f9f255e48183
Size: 0.98 MB - rubygem-rbs-3.4.0-4.module+el9+1088+e9c57e4b.x86_64.rpm
MD5: 8f20782bd4d969abff5a9f0b5b57ca7c
SHA-256: 99ea90c6db62eb451c580c0761fbcb9f3a387c1369da68953ca4b1d1ea74bbc8
Size: 0.98 MB - rubygem-rdoc-6.6.3.1-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: bf782ea857a7046a57127ff25d08f64a
SHA-256: c3daa51f93905d4e7b8371f133057e080419f592e2cb606fb17491b4d7903e97
Size: 502.07 kB - rubygem-rexml-3.3.9-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: 838edbfadce958dc73679ce692d08ef7
SHA-256: 5e0a6994964117c893914f29f876a052e5daf2d234b930bf5087df07e7465079
Size: 117.68 kB - rubygem-rss-0.3.1-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: 0433dc54bd82aebff8463ed37764879f
SHA-256: 9604d0ade32b95c50cd153ebd84c76354f412a80d0bbd39985657d0892909e8c
Size: 67.99 kB - rubygems-3.5.22-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: 21579583970c6897a78b4ee9e66cf548
SHA-256: 19ff0eb62e7ae62740a7f50b737d61b79c6b0619078b2412b6fddd22524cd7f5
Size: 411.54 kB - rubygems-devel-3.5.22-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: 7364884885f3091e963b99e1f8426bdf
SHA-256: 337dedac6b449ee01fd11f4aa5ce3ad27c7cd2d1fddcab5962c56e8e364a9db0
Size: 12.38 kB - rubygem-test-unit-3.6.1-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: 127dc47f5c19afcd32ad8664e1095c99
SHA-256: b7b6d44c5145645cc45302715f036769b9a8565f66c5432bb171bd8d1145cfe4
Size: 109.86 kB - rubygem-typeprof-0.21.9-4.module+el9+1088+e9c57e4b.noarch.rpm
MD5: 0a01505af135871ad0140ca9871331e2
SHA-256: 27b6611fd582cbcc6a9fc62f23bda8b4ba389667389aa91a0a42cfa68fd63949
Size: 78.68 kB - ruby-libs-3.3.8-4.module+el9+1088+e9c57e4b.i686.rpm
MD5: a4ed9c8fee6c3eb6e7511b9a86dec730
SHA-256: 06c871f347720cb9febe938cb762bee5040dffec2b5bc49cfca32c428324e350
Size: 3.70 MB - ruby-libs-3.3.8-4.module+el9+1088+e9c57e4b.x86_64.rpm
MD5: ea75907845af9667613afccf2ab3b362
SHA-256: d495e34a2823ac3ee24613a267ed2bbaec12f6959af538ae4f972da51cf9dcd4
Size: 4.04 MB
English