ruby:3.3 security update
エラータID: AXSA:2025-10474:01
リリース日:
2025/07/15 Tuesday - 15:39
題名:
ruby:3.3 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Ruby の Net::IMAP クライアント機能のレスポンスパーサーには、
処理できるデータサイズに制限を設けていない問題があるため、リモート
の攻撃者により、高度に圧縮されるように細工したデータの送信を介して、
サービス拒否攻撃 (メモリ枯渇) を可能とする脆弱性が存在します。
(CVE-2025-25186)
- Ruby の CGI ライブラリの CGI::Cookie.parse() メソッドには、
Cookie 値の長さを制限していない問題があるため、リモートの攻撃者に
より、細工された Cookie 値の処理を介して、サービス拒否攻撃 (過剰な
リソースの枯渇) を可能とする脆弱性が存在します。(CVE-2025-27219)
- Ruby の URI ライブラリの URL を扱うメソッドには、データの消去
処理に不備があるため、ローカルの攻撃者により、情報の漏洩を可能と
する脆弱性が存在します。(CVE-2025-27221)
Modularity name: ruby
Stream name: 3.3
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-25186
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.
CVE-2025-27219
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
追加情報:
N/A
ダウンロード:
SRPMS
- rpm-local-generator-support-1-1.module+el8+1891+fe7a63d2.src.rpm
MD5: 3bbb9944a42dbf553d37831571ede6bf
SHA-256: f5f7ae3a9133b4acbfe254f4112bbfc076b789efce8c82da619139236e111534
Size: 7.12 kB - rubygem-abrt-0.4.0-1.module+el8+1891+fe7a63d2.src.rpm
MD5: 8f31595ee8d6588aa778743b2d28f6f4
SHA-256: a02d027a268b0e306bc8db6bf166a65d92ac7619eeded7b9289caef8fb5c6b2b
Size: 16.60 kB - rubygem-mysql2-0.5.5-1.module+el8+1891+fe7a63d2.src.rpm
MD5: 164e1287e10bec41c6719df75bfc191e
SHA-256: 605917aead609395ffd823a8744711baafe1b82078c0955c35ea885796e7cb18
Size: 124.06 kB - rubygem-pg-1.5.4-1.module+el8+1891+fe7a63d2.ML.1.src.rpm
MD5: e9a7536cbb46b836557b8fe69882c625
SHA-256: b0a5b51638494056dd64315bca18df45a19faf06207b95f249daee7ff438a5d9
Size: 310.08 kB - ruby-3.3.8-4.module+el8+1891+fe7a63d2.src.rpm
MD5: 31a9d3b535d2b1609cbaab7bddeb1fac
SHA-256: 25dee68039c244c246322cee27120c5d8bd29ee5ed139d10e0c75cea90c354e5
Size: 15.79 MB
Asianux Server 8 for x86_64
- ruby-3.3.8-4.module+el8+1891+fe7a63d2.i686.rpm
MD5: 6806f397168861d0fb6ee16cbac47c5e
SHA-256: 031fb2f489e06287643254255ace86ff14503f9162a84b76227521a1bf2b18a5
Size: 88.32 kB - ruby-3.3.8-4.module+el8+1891+fe7a63d2.x86_64.rpm
MD5: b266dfbd6c7d309ce45b02dea459b130
SHA-256: b81c5f99c5ed81b7fe5faf5c68700bf8270d4befd30ef00deaa039855654ea6b
Size: 88.26 kB - ruby-bundled-gems-3.3.8-4.module+el8+1891+fe7a63d2.i686.rpm
MD5: 1af36f4b85cbc81e137a4d8906916c6f
SHA-256: 0a3645019819f543299848f3bb7fef3bc57e7bdac3da1ca01f1a1088431f2850
Size: 335.23 kB - ruby-bundled-gems-3.3.8-4.module+el8+1891+fe7a63d2.x86_64.rpm
MD5: 6bf864a9e77fd6926d5c493fdd47d2df
SHA-256: 615a4f1135ee31ace18cc8740322381204e73e1934fed2ccf8b0387f64192a4b
Size: 334.92 kB - ruby-debugsource-3.3.8-4.module+el8+1891+fe7a63d2.i686.rpm
MD5: 497627f2b86dacc601a3f9c6e01d97d1
SHA-256: 131bbd2438d51449ab09d2571b267067ce455a32c68068ad0f2b7234a957d0c3
Size: 4.43 MB - ruby-debugsource-3.3.8-4.module+el8+1891+fe7a63d2.x86_64.rpm
MD5: 7578148d191eaaa241e72858d69f3049
SHA-256: e77b68e6188184b05c5bd1ae497dbe7bc1fb984ebf1d2e974af46195a2125c67
Size: 4.68 MB - ruby-default-gems-3.3.8-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: 8a4c6984fa2d4f7759eb29d11a3bcfe9
SHA-256: 31daa50939d737a8aa150572053b9891245ea12e32522677f5dcf8079a498178
Size: 84.65 kB - ruby-devel-3.3.8-4.module+el8+1891+fe7a63d2.i686.rpm
MD5: e98415a30a505d4e4ca5fdcf845e62c5
SHA-256: 11d0edd92191a7ab4010239170460bc21bb87210ac445c75d0f5c95981befd27
Size: 365.44 kB - ruby-devel-3.3.8-4.module+el8+1891+fe7a63d2.x86_64.rpm
MD5: 502e01a77e0a86472e4cc6d9ed1d0290
SHA-256: 2ff5386ced03eec030b200b041cb8ac644878c252a4b350d80ddf9f19957d03e
Size: 365.43 kB - ruby-doc-3.3.8-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: f4807ede47495bc186d2e4322c23809c
SHA-256: a7ce1186312201e03cb391abce534414d7b75c8296366d0c3223e5f71a95bf8c
Size: 4.84 MB - rubygem-abrt-0.4.0-1.module+el8+1891+fe7a63d2.noarch.rpm
MD5: 1ce73e1bdc6cde385aefa9eaa0c32e49
SHA-256: 1c156b2d3a5b7c90ab8a8700dd0eb56da2d6e60ea294a4a4901ab8ceb445fc96
Size: 12.50 kB - rubygem-abrt-doc-0.4.0-1.module+el8+1891+fe7a63d2.noarch.rpm
MD5: 15f78ccc29fcbd01941b68d284d4f787
SHA-256: 0babc0042190a8a5e3c69c8f5ddceaa69d423ba17383d32d4ab5fcf9dc48eaff
Size: 256.72 kB - rubygem-bigdecimal-3.1.5-4.module+el8+1891+fe7a63d2.i686.rpm
MD5: 5abd1172f37281f4fe347f88a9fddae3
SHA-256: 8c2bfcc1d0254a6151f9f3ba298130e539ec04e39fcb25bb851f0760debb60e5
Size: 118.17 kB - rubygem-bigdecimal-3.1.5-4.module+el8+1891+fe7a63d2.x86_64.rpm
MD5: 57ef151ce648961a31eaa5c3df0bb548
SHA-256: 4dee5b9642eb31a6ac208d5e1e343298dab7b4b6e8328215e3579cd761fb7b63
Size: 114.46 kB - rubygem-bundler-2.5.22-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: 42f38f5d119f8ef4e2a821b0a24e9e34
SHA-256: 32b2f669557e498cee503cdd00987e9c685593f3136ea382ce58ae7d25fffe0c
Size: 480.68 kB - rubygem-io-console-0.7.1-4.module+el8+1891+fe7a63d2.i686.rpm
MD5: 93b48d52aa392ac7879dcfbbbad5404c
SHA-256: fba53b7c04df38fafbc67245b0499fe700afa0eac832c3aed21b0e4c764375c8
Size: 74.24 kB - rubygem-io-console-0.7.1-4.module+el8+1891+fe7a63d2.x86_64.rpm
MD5: 01d826c36d3c7ad89b9dc2129b54f9a5
SHA-256: 8851dd3dc280ffb1a5f8e12c60fe23b426dced8a1832935f4d623850c1102b94
Size: 72.62 kB - rubygem-irb-1.13.1-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: baa9426b59ea2c5fd70f4203c8fef29b
SHA-256: fe26ebf6a4652038051fb35965deade31434cf267ddad30f2fbc1c757b81f71e
Size: 150.52 kB - rubygem-json-2.7.2-4.module+el8+1891+fe7a63d2.i686.rpm
MD5: 0ee377fd06a7b933070fe10c48fbfbeb
SHA-256: 0ecde3a1c1199ddb0ce89b6f9b6b4b88d9fac231b0664c567615559a987c697d
Size: 102.35 kB - rubygem-json-2.7.2-4.module+el8+1891+fe7a63d2.x86_64.rpm
MD5: 43f3f0193be1f346c67bc8f3e7a80bcd
SHA-256: 5590c6263b46795438ba1a845426ba6e4d102945a81faab903f3067ace929f26
Size: 100.80 kB - rubygem-minitest-5.20.0-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: d3f8afa91e46e006574149ff4dfbc8c1
SHA-256: bc07fe83f853c8a6068573f974919dfbf715c00a376e4f46d9aee6828ab397ef
Size: 142.38 kB - rubygem-mysql2-0.5.5-1.module+el8+1891+fe7a63d2.x86_64.rpm
MD5: 746d98bb40fb264cf300c36c93f5a5c5
SHA-256: 4ad89307aab8162242d220f91879af5a4f3821ea1da6b15c0c110e6090709c5e
Size: 46.54 kB - rubygem-mysql2-debugsource-0.5.5-1.module+el8+1891+fe7a63d2.x86_64.rpm
MD5: 4fcbd8d6cb0bfb1e7802b10fa48043b4
SHA-256: bd9b4415c71a15a1f16ab6d66f009f24878eb96a4be33899a7b65403599a9025
Size: 39.60 kB - rubygem-mysql2-doc-0.5.5-1.module+el8+1891+fe7a63d2.noarch.rpm
MD5: e6fa2eff5911130c2b6e731add74d4bb
SHA-256: bfb8105e315cec01f98016bb1efd725a416f053841c84ba3296e8413ea2fe53d
Size: 309.10 kB - rubygem-pg-1.5.4-1.module+el8+1891+fe7a63d2.ML.1.x86_64.rpm
MD5: 0481046fb0142b52dc7430d1b32c1a93
SHA-256: 0a594e52e0f4921b3c6619ecc3ca9f31cde0cef2cf8f61dce06824f90cb6eb2a
Size: 116.24 kB - rubygem-pg-debugsource-1.5.4-1.module+el8+1891+fe7a63d2.ML.1.x86_64.rpm
MD5: ce893e0fa305df0b77333cc1ab96fe3c
SHA-256: 55a9bb9fb26cfe95c52c3c0667871d90f92390ad898509af152d028d02f208ab
Size: 105.02 kB - rubygem-pg-doc-1.5.4-1.module+el8+1891+fe7a63d2.ML.1.noarch.rpm
MD5: 606e45d4b59b6cf64585b2a95e7a0278
SHA-256: 90cb924e223ad8435f44158320f57521a074aea59c6ee5a5bf88b391d03842b3
Size: 630.28 kB - rubygem-power_assert-2.0.3-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: 0410a70f20afc5eebc178e0f6269dd8d
SHA-256: c9eec5f727ed57c637f60c8d7ece56712d3289ac901a0bd3c459de5e9c0e2094
Size: 71.26 kB - rubygem-psych-5.1.2-4.module+el8+1891+fe7a63d2.i686.rpm
MD5: e15800e3228a3eb1b715bdc2228eb3f7
SHA-256: 234aeb6191b48df3bdf78de2779762b8be0932c8243e7c912755a5d66e493ab5
Size: 100.88 kB - rubygem-psych-5.1.2-4.module+el8+1891+fe7a63d2.x86_64.rpm
MD5: 4b0468271ba837b93eab7db8eebbc4ed
SHA-256: 7d7919db049b5eb7396cae7242db580d52a98f7597bb2dc72fc1955b35372017
Size: 99.58 kB - rubygem-racc-1.7.3-4.module+el8+1891+fe7a63d2.i686.rpm
MD5: 73ee4048a458621c729355b8435f7e63
SHA-256: 5205c449b59e7826f9bd4ff5649a9a9b1398841466ecea79bbaf3099edda7a7f
Size: 123.92 kB - rubygem-racc-1.7.3-4.module+el8+1891+fe7a63d2.x86_64.rpm
MD5: b21b018dd22a53250fed912bd4849b30
SHA-256: 8c1945a1432a361d2773a60e917e0354b53cec5cee84f21860f0a1152b1e8a72
Size: 123.47 kB - rubygem-rake-13.1.0-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: 57f1e1d95a033ccce3e22d49fc95c4f1
SHA-256: 6cacf13468c6f33bd6622d0ec029491442a615d23a1226eb141acd61ce2f69b3
Size: 140.38 kB - rubygem-rbs-3.4.0-4.module+el8+1891+fe7a63d2.i686.rpm
MD5: b9e5efb0d60e782136a4489e42131fdb
SHA-256: 7247543093cf83e20b0fb7e4871f91a53faa07f34217c61502dfdaf665a815c5
Size: 1.03 MB - rubygem-rbs-3.4.0-4.module+el8+1891+fe7a63d2.x86_64.rpm
MD5: 8e8a83be2cebe207aaac42acf5202253
SHA-256: 041da04bf0c8cfb1673fc3130abcd83704f218ce9b41c91a3dba2646c2f830b7
Size: 1.02 MB - rubygem-rdoc-6.6.3.1-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: 935e9b5f5cca5a6d67526b983e33eae7
SHA-256: 88bdc0813efd6c815baa9e81970405dd1f869efd858a9e62675464ecb4f69f3e
Size: 520.19 kB - rubygem-rexml-3.3.9-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: 95ce460444c54e4c15e6796ac03e7c3b
SHA-256: 84f79ced450adb560637059e873c86bc8a2a4f8dcb169e688a2fd6b805e8dabe
Size: 159.30 kB - rubygem-rss-0.3.1-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: cc5d7cb82c1d686470510bf09e1e6199
SHA-256: 4a341663e9305d4c2d47d21e009b24aefe6a87fe9bd35c5c85b4d55eb7d4e542
Size: 110.80 kB - rubygems-3.5.22-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: e3808b62544240fe3902135da724d3f5
SHA-256: b5c93e53cff21461f1b145c715b4e228753d3b5b54c1b41e1be1d3067de4c79a
Size: 440.12 kB - rubygems-devel-3.5.22-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: e634332f7d5b64c378370157350843cd
SHA-256: 9d3aa1bee3d86a174a89dfd4b6780056bd8afff76e6181e603611755834db6e3
Size: 63.00 kB - rubygem-test-unit-3.6.1-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: 193a1aef409467bc812f8fc91e047cc7
SHA-256: ddbf9f0cb87e3078bf3949a5721c2a1aee0881909a794369d31f0e8fd9019a2d
Size: 149.88 kB - rubygem-typeprof-0.21.9-4.module+el8+1891+fe7a63d2.noarch.rpm
MD5: b45579cd15ab144348d44ae13a694fc6
SHA-256: a97591c77c05220d88ecf8aec0953ee6f29f06cc86af43670a103078c0b653a4
Size: 127.60 kB - ruby-libs-3.3.8-4.module+el8+1891+fe7a63d2.i686.rpm
MD5: 094b37c78ed41ef000bbb2fd8196660f
SHA-256: e389e9bd7b2ea81bf36a106e581ed53d17572cb4f039f8f9a21030aa9ff13c14
Size: 3.71 MB - ruby-libs-3.3.8-4.module+el8+1891+fe7a63d2.x86_64.rpm
MD5: 11cf4ac4bf9db2342a3d4817350f9bd4
SHA-256: 413c37fe72d8fb1e9748e9ffe10c5ad4583311ddee56312feba920d1b78dd5ed
Size: 4.02 MB
English