[security - high] ruby:3.3 security update, ruby-3.3.10-6.module+el9+1151+cb92c6cc

エラータID: AXSA:2026-706:01

リリース日: 
2026/05/21 Thursday - 22:22
題名: 
[security - high] ruby:3.3 security update, ruby-3.3.10-6.module+el9+1151+cb92c6cc
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

* erb: ERB: Arbitrary code execution via deserialization bypass (CVE-2026-41316)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-41316
ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger `Marshal.load` on untrusted data in a Ruby application that has `erb` loaded can use `ERB#def_module` (zero-arg, default parameters) as a code execution sink, bypassing the `@_init` protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue.

Modularity name:
Stream name:

解決策: 

Update packages.

CVE: 
CVE-2026-41316
ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger `Marshal.load` on untrusted data in a Ruby application that has `erb` loaded can use `ERB#def_module` (zero-arg, default parameters) as a code execution sink, bypassing the `@_init` protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. rpm-local-generator-support-1-1.module+el9+1151+cb92c6cc.src.rpm
    MD5: 63be5e7b65a58b23ab03c2cde783f53d
    SHA-256: 0ff76e3c8bbf16dcd1a295fd1ce437016e3582db4f4f04792ee4d6b9a66cef07
    Size: 7.31 kB
  2. rubygem-mysql2-0.5.5-3.module+el9+1151+cb92c6cc.src.rpm
    MD5: 06e628e9926339d76d53f0a00b8b3731
    SHA-256: 2106aa03307099fb76b0c11dfd5acc1675123f384a1d77462ab30d52b51a48fb
    Size: 139.16 kB
  3. rubygem-pg-1.5.4-2.module+el9+1151+cb92c6cc.src.rpm
    MD5: 47a2acfcb2fd75ca73f7dd5fc761c17c
    SHA-256: 98f7028aa2bed35711b29fce69b06507936d1a9f10d49605977af74761f23da1
    Size: 306.74 kB
  4. ruby-3.3.10-6.module+el9+1151+cb92c6cc.src.rpm
    MD5: bec57fa3d74d5a964b93352ea9a9c013
    SHA-256: 9dfad85714c751530a1337155c37863908aa85836d97848aa76903b39604c66b
    Size: 15.77 MB

Asianux Server 9 for x86_64
  1. ruby-3.3.10-6.module+el9+1151+cb92c6cc.i686.rpm
    MD5: c92586f88368db99c94f8a6e8e406d36
    SHA-256: 1228ff6f9a31ee361c2018f145d42cd7f4fe2c443440f5196f77e2c8643cd035
    Size: 37.34 kB
  2. ruby-3.3.10-6.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 9ceba4c04775243f66eb4d72cc73b76b
    SHA-256: ccb8e30c33284cf1e05c13c572b330df9c3121de9dd326c29b0395f2976b4031
    Size: 37.30 kB
  3. ruby-bundled-gems-3.3.10-6.module+el9+1151+cb92c6cc.i686.rpm
    MD5: dfe561f53273615475bbf40538f5b705
    SHA-256: 357a52fc6716488d31997301f3f0506d1c0a03fc60df6980b9d62e7386aa1f6b
    Size: 298.35 kB
  4. ruby-bundled-gems-3.3.10-6.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 5f1e549cdcd46cbaa2ab338f7c96a349
    SHA-256: 5867582adc9c38021e1fd832a27e0fa1dca2c01a9bfdd502bf4a55e2d64053ca
    Size: 297.98 kB
  5. ruby-debugsource-3.3.10-6.module+el9+1151+cb92c6cc.i686.rpm
    MD5: b5b639451526b03f635edef9ffbeeb7f
    SHA-256: 47440231a1d9c36e0f15e90a251aefa2dcb6f96dc897d7e0acb9bc0110a0f46a
    Size: 3.91 MB
  6. ruby-debugsource-3.3.10-6.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 31023f96291c9e74241cb0d1103cb098
    SHA-256: 107de458cb82c118f41326b91d7b75d8631ec6d5f8f0217a744a7c0b91193713
    Size: 4.13 MB
  7. ruby-default-gems-3.3.10-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: 4644dfabbc5013613786944b2a46f8e0
    SHA-256: 1be8f023475b13a5510cb1ba29cffff9b47ff814f294b1be5be71074e1679b44
    Size: 49.96 kB
  8. ruby-devel-3.3.10-6.module+el9+1151+cb92c6cc.i686.rpm
    MD5: 686cad07f6f39db8f7e21c4de03e57a1
    SHA-256: 87f928c8f97e9cc059338eb83d51e5566ec1935ca5496768b0099082be39fac3
    Size: 333.08 kB
  9. ruby-devel-3.3.10-6.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: fba440e652ae89ccd902cc9631c70ea0
    SHA-256: f991e1c20877b252e81e9a816088324900d589022c29d8d9861846cb5192c0f8
    Size: 333.46 kB
  10. ruby-doc-3.3.10-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: 194ed6642a0a5f374e3ea8d0536d17ad
    SHA-256: 1d8e99d19f4ff86a57a5fe0010e811377c51dcc26af9ec99cd4bbe6f10a99a11
    Size: 7.80 MB
  11. rubygem-bigdecimal-3.1.5-6.module+el9+1151+cb92c6cc.i686.rpm
    MD5: 76b3dfadec2c62883c5a15e603c5cfe6
    SHA-256: 75662a94743e85a88a36b0dcc925fcef5c85d3cb4e354aabf2320ac1cc62ab90
    Size: 69.51 kB
  12. rubygem-bigdecimal-3.1.5-6.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 5332e128d672f5f7c2fea5c42b326ec2
    SHA-256: 4523ac4dd01dd77fb3d4f6049fe1f1c6de0d65d3af3154896917e1067d20c9f9
    Size: 64.77 kB
  13. rubygem-bundler-2.5.22-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: 3675973168d18fcb4696d5a03336edac
    SHA-256: aa3a1a7debd2f1ec597132fc65d982f54167785d0bb39bb3efcb1c8c54bbf70c
    Size: 476.80 kB
  14. rubygem-io-console-0.7.1-6.module+el9+1151+cb92c6cc.i686.rpm
    MD5: 3d7e4f1e4fe84459878053116baee838
    SHA-256: 74795b0a4c6c12aa8ef1e11d72d9baf9c90c2f85bea45c9a026bac4315568a50
    Size: 23.71 kB
  15. rubygem-io-console-0.7.1-6.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 8b188ad4e1b229c6864a342ce16ee506
    SHA-256: b92423b9d3715cb8381ddd798ee43764a90504a491839d3edf1bba79ec17535d
    Size: 22.17 kB
  16. rubygem-irb-1.13.1-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: 6921465871c6c80879ac96e2e94b3501
    SHA-256: 72ed6c8d2dc937a33bd2956b31d42336fd4af7b03abd1420a42dc5110a232b19
    Size: 103.63 kB
  17. rubygem-json-2.7.2-6.module+el9+1151+cb92c6cc.i686.rpm
    MD5: 6d905bbd32b09d519d1ed3d1d5ed10d1
    SHA-256: 68cdf1cc79266ea7430fdf5d94c24baefcc032de818f6d7f5bac9ffcce909227
    Size: 59.57 kB
  18. rubygem-json-2.7.2-6.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 3ff7e70273f934fa804d91ea34c77bf0
    SHA-256: a5edce44ce428baeb26ca074b15e7e7efcb773dd4646d034b32bb5943c8a32ec
    Size: 57.85 kB
  19. rubygem-minitest-5.20.0-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: d6ec10fc099f65a8545364749b591be4
    SHA-256: ea9cecafed5cd80220cc4ab4a0024c29689ea4d28a0faa5cfb193696f3e99b02
    Size: 94.78 kB
  20. rubygem-mysql2-0.5.5-3.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 64b9aff7c85a010b1131120d8a7634ef
    SHA-256: ac785cb695df6bcf852450d61956204aae0d9650bc3e5e1507f8ff3ae1cdc5e3
    Size: 49.64 kB
  21. rubygem-mysql2-debugsource-0.5.5-3.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 076dcc11996c5d58923f703b4944ac57
    SHA-256: 855615532b1fb8d446ff7003f38823202c76c05de77487c72c233a9ca48024e2
    Size: 35.63 kB
  22. rubygem-mysql2-doc-0.5.5-3.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: 5127f5701dd38ce2f287b15c2e76c5d1
    SHA-256: 3c3b151d643885f776157a8fd1862c2dae17718f735269a2f7a5686c6d4da3d8
    Size: 347.27 kB
  23. rubygem-pg-1.5.4-2.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 01899ffe996f68c303181be83a1d95e1
    SHA-256: 077751044c88364d9926081a43b2ffaf8fdc30c588749970453de8ba2f2d1632
    Size: 124.59 kB
  24. rubygem-pg-debugsource-1.5.4-2.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 221d9eeb1af646141219fc96b96b6502
    SHA-256: 7ec8b5fe786e5a302a709faec1fc24650fd31a3c01370d690ceccaf3f111b92f
    Size: 101.33 kB
  25. rubygem-pg-doc-1.5.4-2.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: f8c8b13cfa89a6d1382ddd881c738421
    SHA-256: 78d23ba31502a440705565143ee516a07baad3c952286488911f5e908da541f5
    Size: 764.95 kB
  26. rubygem-power_assert-2.0.3-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: 742d40ba4b6190bd1e4b973db011b53f
    SHA-256: 24e463b1f56f1111ffad307ac6a46e4fc118a7be58efbe3461f469eca47229ed
    Size: 24.94 kB
  27. rubygem-psych-5.1.2-6.module+el9+1151+cb92c6cc.i686.rpm
    MD5: cf14f51dda91a057915ef80a966a1fe3
    SHA-256: ebda0ce231af6b59ed99a26c38da90fe13903aa4ddb6675ef50cda20180110f8
    Size: 59.42 kB
  28. rubygem-psych-5.1.2-6.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 89c70f47b71ce92bcbee75a77ad078a0
    SHA-256: 6ed1b1b012dee5264415274329b4716fb5a46c52e89546bc52c68a5c12f96626
    Size: 58.45 kB
  29. rubygem-racc-1.7.3-6.module+el9+1151+cb92c6cc.i686.rpm
    MD5: d3f9bcd7468f1a960457e46febb2fe65
    SHA-256: 40af83ccc9cd36eabcee49887a0aa9d868d2c64e0861d07e44291c8af1e014fa
    Size: 80.12 kB
  30. rubygem-racc-1.7.3-6.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: fcb0aea11fe6a6f39ff48aac35761ab7
    SHA-256: 76aa23f334b09a3cd7b7e755523e4df94329f2b8b48a8cd99e41898f84bc3f32
    Size: 79.65 kB
  31. rubygem-rake-13.1.0-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: ab422ad7b75690a997d141aa89910ff0
    SHA-256: 8eb8b07e5a1b010e952ad8ca99e035202bb6e1dc9a9f1b2c0866e5f70ac1666e
    Size: 100.42 kB
  32. rubygem-rbs-3.4.0-6.module+el9+1151+cb92c6cc.i686.rpm
    MD5: f3955e883106dbd356dfa09147c1b4bb
    SHA-256: 02fe247dc6adc185f9ee8cdcea5850fcac6da5ec4d59b39fd9ae793e5c4e84cc
    Size: 0.98 MB
  33. rubygem-rbs-3.4.0-6.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 9df498a6674d85062bf5e5b562240f07
    SHA-256: b3b721cabbd2d5351fd69f211ca322c3ea1664eb47427ca3a532009c3575ac0a
    Size: 0.98 MB
  34. rubygem-rdoc-6.6.3.1-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: ba15aa1c27e4c53929db21e273863df2
    SHA-256: 613efb53c43a671e44c3bdc398984e284173455242965c7be099755f94121474
    Size: 501.77 kB
  35. rubygem-rexml-3.4.4-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: 99755a750887d0a246918dc2bf216c61
    SHA-256: 0c6a80f3aab8ad9c32beff9a0f7b0e9847b817405ade577e2001ccafc76f00f0
    Size: 118.73 kB
  36. rubygem-rss-0.3.1-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: b6f777c57ae12519631965bee437c5d7
    SHA-256: d0ae7c501ff28e8727760cbdfd6e7af34271ca6a6fa89e73446413dcfb0a03c9
    Size: 67.88 kB
  37. rubygems-3.5.22-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: f6e331815a6b4e3f77ee08b8e731c978
    SHA-256: 8e6b0946361cce20ede1c1828df84bdc253b0532d54981e2caa35adf49ba279d
    Size: 411.49 kB
  38. rubygems-devel-3.5.22-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: 81c038a5ab9777518e500324fdca3a90
    SHA-256: f4d523ba3a0eceb071f9cca3df03b1082ad1d30140c1c63ada548ae456c859eb
    Size: 12.30 kB
  39. rubygem-test-unit-3.6.1-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: 7d4aa3aa3920e8bf0633c30d1044404a
    SHA-256: 3914b876910f4c1fe2e326e090bb963f7a91a5a8385b2dd70d0d21ee6769bf79
    Size: 109.79 kB
  40. rubygem-typeprof-0.21.9-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: d8d2b8f763889640da3840bd33c0ee00
    SHA-256: 084040d03309e0793a0319ad45c69d1b61f5e9df484fda35814014984e5050fb
    Size: 78.60 kB
  41. ruby-libs-3.3.10-6.module+el9+1151+cb92c6cc.i686.rpm
    MD5: d25167b77940f3549bc6e1646b2a3f41
    SHA-256: b389e179b99b0a76c4ff5b987f5249f1e2ebc3a0c6e02fc8cbd5be9f43db23e1
    Size: 3.68 MB
  42. ruby-libs-3.3.10-6.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 0d8e5809714830a57f7f2ca3c0b8ab09
    SHA-256: 334db976fd6b7355985f3bfa8b015e5f82de355974745cf36ed8df933a943949
    Size: 4.06 MB
  43. rubygem-rexml-3.4.4-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: 99755a750887d0a246918dc2bf216c61
    SHA-256: 0c6a80f3aab8ad9c32beff9a0f7b0e9847b817405ade577e2001ccafc76f00f0
    Size: 118.73 kB
  44. rubygems-3.5.22-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: f6e331815a6b4e3f77ee08b8e731c978
    SHA-256: 8e6b0946361cce20ede1c1828df84bdc253b0532d54981e2caa35adf49ba279d
    Size: 411.49 kB
  45. rubygems-devel-3.5.22-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: 81c038a5ab9777518e500324fdca3a90
    SHA-256: f4d523ba3a0eceb071f9cca3df03b1082ad1d30140c1c63ada548ae456c859eb
    Size: 12.30 kB
  46. rubygem-test-unit-3.6.1-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: 7d4aa3aa3920e8bf0633c30d1044404a
    SHA-256: 3914b876910f4c1fe2e326e090bb963f7a91a5a8385b2dd70d0d21ee6769bf79
    Size: 109.79 kB
  47. rubygem-typeprof-0.21.9-6.module+el9+1151+cb92c6cc.noarch.rpm
    MD5: d8d2b8f763889640da3840bd33c0ee00
    SHA-256: 084040d03309e0793a0319ad45c69d1b61f5e9df484fda35814014984e5050fb
    Size: 78.60 kB
  48. ruby-libs-3.3.10-6.module+el9+1151+cb92c6cc.i686.rpm
    MD5: d25167b77940f3549bc6e1646b2a3f41
    SHA-256: b389e179b99b0a76c4ff5b987f5249f1e2ebc3a0c6e02fc8cbd5be9f43db23e1
    Size: 3.68 MB
  49. ruby-libs-3.3.10-6.module+el9+1151+cb92c6cc.x86_64.rpm
    MD5: 0d8e5809714830a57f7f2ca3c0b8ab09
    SHA-256: 334db976fd6b7355985f3bfa8b015e5f82de355974745cf36ed8df933a943949
    Size: 4.06 MB