[security - medium] ruby:3.1 security update, ruby-3.1.7-145.module+el8+1862+fe5b7941

エラータID: AXSA:2025-9940:01

リリース日: 
2025/05/16 Friday - 19:08
題名: 
[security - medium] ruby:3.1 security update, ruby-3.1.7-145.module+el8+1862+fe5b7941
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

* rexml: DoS vulnerability in REXML (CVE-2024-39908)
* rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> (CVE-2024-41123)
* rexml: DoS vulnerability in REXML (CVE-2024-41946)
* rexml: DoS vulnerability in REXML (CVE-2024-43398)
* CGI: ReDoS in CGI::Util#escapeElement (CVE-2025-27220)
* CGI: Denial of Service in CGI::Cookie.parse (CVE-2025-27219)
* uri: userinfo leakage in URI#join, URI#merge and URI#+ (CVE-2025-27221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-39908
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.
CVE-2024-41123
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
CVE-2024-43398
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.
CVE-2025-27219
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

Modularity name: "ruby"
Stream name: "3.1"

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. rubygem-abrt-0.4.0-1.module+el8+1862+fe5b7941.src.rpm
    MD5: 260b8ca68fc7f0273ecd125528811e69
    SHA-256: b01c708f338a75672bb9e8a35acada78f37c1ca8fa529e8f409cffe1f9c86c2a
    Size: 16.60 kB
  2. rubygem-mysql2-0.5.3-3.module+el8+1862+fe5b7941.src.rpm
    MD5: 29654faf7988c8f4a7a215935a0b4133
    SHA-256: 60fba8876a969e59a03e06db10525cb978f1aacc4bc9048d2d4ae77ef122b934
    Size: 112.27 kB
  3. rubygem-pg-1.3.2-1.module+el8+1862+fe5b7941.ML.1.src.rpm
    MD5: d7aa157576d409eec53cd2f3aad2f458
    SHA-256: 014ddff27ae3ad3df98df452e6a746321ad66961b794b5353dfce335048529b8
    Size: 263.39 kB
  4. ruby-3.1.7-145.module+el8+1862+fe5b7941.src.rpm
    MD5: f4462214b8b3e47b1d51750019f36109
    SHA-256: 4c81aae27e1ffe9d4bf6b17d98548817a7c37c0d393281383bebb7ba90e0f773
    Size: 14.61 MB

Asianux Server 8 for x86_64
  1. ruby-3.1.7-145.module+el8+1862+fe5b7941.i686.rpm
    MD5: 26293b8bd9e99e90368c0ecea7441e28
    SHA-256: 9873f3052c5f13e775027313f0c41dd8da1c30715e34e0255d1f92bb00b2a067
    Size: 89.38 kB
  2. ruby-3.1.7-145.module+el8+1862+fe5b7941.x86_64.rpm
    MD5: 85b3310190b5abbfe6bb4c637c596377
    SHA-256: 24504d0c0b1e6f75e44b22e55f5d4ea7e22307bc6a4f170e92f625a7cec7076f
    Size: 89.31 kB
  3. ruby-bundled-gems-3.1.7-145.module+el8+1862+fe5b7941.i686.rpm
    MD5: 8ceda06f3f232d5897ec8d4632c04c85
    SHA-256: aea92876de22dc9072d0f57d902566dfc95a3eedf09167aaa01dfae7ddf3fbfd
    Size: 224.42 kB
  4. ruby-bundled-gems-3.1.7-145.module+el8+1862+fe5b7941.x86_64.rpm
    MD5: c04f1d911c36d3104ae39b8d90ad12df
    SHA-256: 6b30a5ca0a5d1fc45895be9be476dff6a178d19fd03d27c7f5620ac59d9f7a4c
    Size: 223.99 kB
  5. ruby-debugsource-3.1.7-145.module+el8+1862+fe5b7941.i686.rpm
    MD5: ec3392596b70aafbca9d0aff0e024fa5
    SHA-256: 703d58e5267ed64695c6992650412ba0df94e75e2195d41fa9232fcffa2cc174
    Size: 4.40 MB
  6. ruby-debugsource-3.1.7-145.module+el8+1862+fe5b7941.x86_64.rpm
    MD5: 8a2c6bc57af09f03f84d81e43026ed78
    SHA-256: fde572e57cb6d4e3566a68cb108ca013d6ba915b31ad5371da2e03a5b9b86fbb
    Size: 4.48 MB
  7. ruby-default-gems-3.1.7-145.module+el8+1862+fe5b7941.noarch.rpm mismatched
    MD5: a6865ef6bf2a6d2b5dad873c519c25c0
    SHA-256: 0a3f4551efdec0aa16ab07caf50ccffeb2c498ed0fc5a26bb940bfccc59b2888
    Size: 78.80 kB
  8. ruby-default-gems-3.1.7-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: a6865ef6bf2a6d2b5dad873c519c25c0
    SHA-256: 0a3f4551efdec0aa16ab07caf50ccffeb2c498ed0fc5a26bb940bfccc59b2888
    Size: 78.80 kB
  9. ruby-devel-3.1.7-145.module+el8+1862+fe5b7941.i686.rpm
    MD5: 0285e0336f2c360640b7d8904bab5978
    SHA-256: 87119d74f1fe35dcc4b5bebda07a60b1cd354f0fec7e434f673169fde19bbebe
    Size: 512.08 kB
  10. ruby-devel-3.1.7-145.module+el8+1862+fe5b7941.x86_64.rpm
    MD5: ffba6089965d625e79343a5364c7c445
    SHA-256: a452a4044d0635f32dd78eadc18fe1c8beab9a8e282f932e26f13217083701cb
    Size: 512.05 kB
  11. ruby-doc-3.1.7-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: b7a0b16d91fa037793239d1b0ef1a640
    SHA-256: fb09a3a0789e866a7062ed82acaad31a3366b9800bf3aa024d650afb0aa1ab91
    Size: 5.54 MB
  12. ruby-doc-3.1.7-145.module+el8+1862+fe5b7941.noarch.rpm mismatched
    MD5: b7a0b16d91fa037793239d1b0ef1a640
    SHA-256: fb09a3a0789e866a7062ed82acaad31a3366b9800bf3aa024d650afb0aa1ab91
    Size: 5.54 MB
  13. rubygem-abrt-0.4.0-1.module+el8+1862+fe5b7941.noarch.rpm
    MD5: 3f1ca6ad91320f789095636735b31ebd
    SHA-256: 3c94dcf3ac9ecbc8e540ac985ad6f65832e56843b18a97c9646e29c8e084f5c8
    Size: 12.54 kB
  14. rubygem-abrt-doc-0.4.0-1.module+el8+1862+fe5b7941.noarch.rpm
    MD5: 70c03eddf2538e7b69565045c41b141f
    SHA-256: 43ee7308d10c881f7b0fae2d09a953da54dc9c0fd29ae3cfc121345b919c0fe7
    Size: 256.31 kB
  15. rubygem-bigdecimal-3.1.1-145.module+el8+1862+fe5b7941.i686.rpm
    MD5: 6dfb5a7f5d7fe45f2537c09584089535
    SHA-256: f78061a07431e08391cb0a469e509e069686f9fda61bea7fdb82436db0faf518
    Size: 118.20 kB
  16. rubygem-bigdecimal-3.1.1-145.module+el8+1862+fe5b7941.x86_64.rpm
    MD5: c57202283084d90f59f6221199aa93df
    SHA-256: c032fd7a8512a1cb16abbcff8dd4abdac02736b4b3006c225bdb6bcfcbe77293
    Size: 114.22 kB
  17. rubygem-bundler-2.3.27-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: 2e6c903f1f7d163a09408a44cde46217
    SHA-256: 890707d443b2807110580d069b3ad1e67ebe4252f93e6c17073f054d7ebbcd60
    Size: 458.19 kB
  18. rubygem-bundler-2.3.27-145.module+el8+1862+fe5b7941.noarch.rpm mismatched
    MD5: 2e6c903f1f7d163a09408a44cde46217
    SHA-256: 890707d443b2807110580d069b3ad1e67ebe4252f93e6c17073f054d7ebbcd60
    Size: 458.19 kB
  19. rubygem-io-console-0.5.11-145.module+el8+1862+fe5b7941.i686.rpm
    MD5: fa4a3b9a4132674cf1a001acb48a97b6
    SHA-256: 0c237b5f6db15ece3d1a09e86751b88906f45f798d6fa0e843bd83e67a78cb6a
    Size: 74.05 kB
  20. rubygem-io-console-0.5.11-145.module+el8+1862+fe5b7941.x86_64.rpm
    MD5: 9457fab429bcf16749c90e4226c6c175
    SHA-256: 78fa388842933f85dcebbd9ae1bab4fe7bcf27f177b2a1ebaa9a430ee3ac30fd
    Size: 72.54 kB
  21. rubygem-irb-1.4.1-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: 5381324b59a3b2b805d32900c43e0727
    SHA-256: 25a2e9e6233b69d4369d0da92a561f9cd03ee148227f88ee0697e3b36924d40a
    Size: 126.98 kB
  22. rubygem-irb-1.4.1-145.module+el8+1862+fe5b7941.noarch.rpm mismatched
    MD5: 5381324b59a3b2b805d32900c43e0727
    SHA-256: 25a2e9e6233b69d4369d0da92a561f9cd03ee148227f88ee0697e3b36924d40a
    Size: 126.98 kB
  23. rubygem-json-2.6.1-145.module+el8+1862+fe5b7941.i686.rpm
    MD5: 63573b2d83d5a9cd5c441aa45d3d65b6
    SHA-256: db710e34e7a51584d23d65bfb366b8abc1272a863efaadf8f6920891895a493f
    Size: 101.19 kB
  24. rubygem-json-2.6.1-145.module+el8+1862+fe5b7941.x86_64.rpm
    MD5: 9b128660b28ed4ced3156bd774da4a59
    SHA-256: 41daee0c7d834880f6d89117b8b3d530d153a7828dbac8accc84d11ad2dae4ba
    Size: 100.00 kB
  25. rubygem-minitest-5.15.0-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: 8c83b4bef773bf4b946fb74cc964389e
    SHA-256: 92081f9bc7f5b264552c661fd418d56077960dd554430ee9538a582aae8bd7a3
    Size: 134.06 kB
  26. rubygem-minitest-5.15.0-145.module+el8+1862+fe5b7941.noarch.rpm mismatched
    MD5: 8c83b4bef773bf4b946fb74cc964389e
    SHA-256: 92081f9bc7f5b264552c661fd418d56077960dd554430ee9538a582aae8bd7a3
    Size: 134.06 kB
  27. rubygem-mysql2-0.5.3-3.module+el8+1862+fe5b7941.x86_64.rpm
    MD5: 2e2fdc4bc864fc32e139bdd8171b26c4
    SHA-256: 0761fe703b7b6b99b5015ddfbf3fc583cc68b21e827f81b6775233db3e765801
    Size: 45.10 kB
  28. rubygem-mysql2-debugsource-0.5.3-3.module+el8+1862+fe5b7941.x86_64.rpm
    MD5: 449aafe860a55292f8ff43b4598e17e6
    SHA-256: 340fc066ccfa445734d43fe768df3b716d5cf42b8ac0965493d72b5859912cda
    Size: 37.12 kB
  29. rubygem-mysql2-doc-0.5.3-3.module+el8+1862+fe5b7941.noarch.rpm
    MD5: 5b09109e4858dce948ac9b9ee9bdb71a
    SHA-256: cd857395145d87d6bbba92cd3e907cae77196e5a9579049a7d2a3b3ef85401cf
    Size: 305.54 kB
  30. rubygem-pg-1.3.2-1.module+el8+1862+fe5b7941.ML.1.x86_64.rpm
    MD5: 3c0f89b9e150c9ffce9703303d21d7d5
    SHA-256: bfaf95ee26df0d24c221e80b379a571ff298921af678c36523511fe58c3a55bb
    Size: 109.82 kB
  31. rubygem-pg-debugsource-1.3.2-1.module+el8+1862+fe5b7941.ML.1.x86_64.rpm
    MD5: e95cf379346e3ab869c44d427fad8cb4
    SHA-256: 4010f37d763363ee7aea0dd2fc73778ae7578ceec24e6fa0ca5dc1004f2ba76a
    Size: 100.27 kB
  32. rubygem-pg-doc-1.3.2-1.module+el8+1862+fe5b7941.ML.1.noarch.rpm
    MD5: 0a311132632f4e6eed63b33d5a398728
    SHA-256: 82fe2baff99f42d74ba3cc5f255c43f4b454a20276f219e37f42bc2351760eeb
    Size: 570.88 kB
  33. rubygem-power_assert-2.0.1-145.module+el8+1862+fe5b7941.noarch.rpm mismatched
    MD5: 43510357e0afbac409641fa6c3c946f5
    SHA-256: 8fc602bf6e605dbf7a9783836fbd6f6a64246d034f9d2a84c1a652e832783f2f
    Size: 70.92 kB
  34. rubygem-power_assert-2.0.1-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: 43510357e0afbac409641fa6c3c946f5
    SHA-256: 8fc602bf6e605dbf7a9783836fbd6f6a64246d034f9d2a84c1a652e832783f2f
    Size: 70.92 kB
  35. rubygem-psych-4.0.4-145.module+el8+1862+fe5b7941.i686.rpm
    MD5: 4536bfec782e3a3d8e4b292db1609cf0
    SHA-256: e554d4ecdefb731cfdfe4a7756b80351f389e931de65aa5a296dc0d3b9394cd2
    Size: 100.75 kB
  36. rubygem-psych-4.0.4-145.module+el8+1862+fe5b7941.x86_64.rpm
    MD5: 843b5d1aa817f9a30e657d1499a044b3
    SHA-256: 5e6680197f4b57224068e3307d1529ec9e27286419cb3e34ee58c8e69ed41453
    Size: 99.44 kB
  37. rubygem-rake-13.0.6-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: 987a1b39273e48bf8c4e01811ddc4ce2
    SHA-256: bab871267b405562c61ed68fef5a3cfae279d54a653b0d6009b440c1a3c755cb
    Size: 140.03 kB
  38. rubygem-rake-13.0.6-145.module+el8+1862+fe5b7941.noarch.rpm mismatched
    MD5: 987a1b39273e48bf8c4e01811ddc4ce2
    SHA-256: bab871267b405562c61ed68fef5a3cfae279d54a653b0d6009b440c1a3c755cb
    Size: 140.03 kB
  39. rubygem-rbs-2.7.0-145.module+el8+1862+fe5b7941.i686.rpm
    MD5: 7efda08a9f90fd3bcc517b38a917835d
    SHA-256: e70a543bfc08c8c994957addf25748ee1cf4245feb0088ea5cf95044efa42b46
    Size: 910.20 kB
  40. rubygem-rbs-2.7.0-145.module+el8+1862+fe5b7941.x86_64.rpm
    MD5: 2780ce102d9ea95cd634e7f0a45f0269
    SHA-256: 54cd56e2c972c0fd7a95c5b8870c3dab832be1eb2189e425e99373a85c96033d
    Size: 906.00 kB
  41. rubygem-rdoc-6.4.1.1-145.module+el8+1862+fe5b7941.noarch.rpm mismatched
    MD5: e392d61177c9b20d585125837a4e25ee
    SHA-256: 21f7155dbb07628eed10bc75f90d7e7f085cdceac695a526e95418406524d647
    Size: 518.35 kB
  42. rubygem-rdoc-6.4.1.1-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: e392d61177c9b20d585125837a4e25ee
    SHA-256: 21f7155dbb07628eed10bc75f90d7e7f085cdceac695a526e95418406524d647
    Size: 518.35 kB
  43. rubygem-rexml-3.3.9-145.module+el8+1862+fe5b7941.noarch.rpm mismatched
    MD5: a1f4a1e9bdb4badf565b40fd1321f028
    SHA-256: b61e0f17c3dd4b29c19164c1aae2b9f3ca5585f37d94b481dbac9bbb1b44c3db
    Size: 158.49 kB
  44. rubygem-rexml-3.3.9-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: a1f4a1e9bdb4badf565b40fd1321f028
    SHA-256: b61e0f17c3dd4b29c19164c1aae2b9f3ca5585f37d94b481dbac9bbb1b44c3db
    Size: 158.49 kB
  45. rubygem-rss-0.3.1-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: bc4b2f890bd65ff84a4e6e2d887beebc
    SHA-256: ec1bfb4c816fbec51e2048de0ae777ed96628b717116a55ba09bc804d655f932
    Size: 110.19 kB
  46. rubygem-rss-0.3.1-145.module+el8+1862+fe5b7941.noarch.rpm mismatched
    MD5: bc4b2f890bd65ff84a4e6e2d887beebc
    SHA-256: ec1bfb4c816fbec51e2048de0ae777ed96628b717116a55ba09bc804d655f932
    Size: 110.19 kB
  47. rubygems-3.3.27-145.module+el8+1862+fe5b7941.noarch.rpm mismatched
    MD5: 43ad0173cb68e8f349623c15222d22ed
    SHA-256: d126a4e65bf752226970dfd4d15d5f12108a678401f2103346798d6926bf174b
    Size: 323.79 kB
  48. rubygems-3.3.27-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: 43ad0173cb68e8f349623c15222d22ed
    SHA-256: d126a4e65bf752226970dfd4d15d5f12108a678401f2103346798d6926bf174b
    Size: 323.79 kB
  49. rubygems-devel-3.3.27-145.module+el8+1862+fe5b7941.noarch.rpm mismatched
    MD5: b478b3a1aed3fa8de8cb8138408659af
    SHA-256: c8a4dc89c0509ad9188145f6a0e23a28baedfe60615f33b078c8bdcdc3633141
    Size: 62.60 kB
  50. rubygems-devel-3.3.27-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: b478b3a1aed3fa8de8cb8138408659af
    SHA-256: c8a4dc89c0509ad9188145f6a0e23a28baedfe60615f33b078c8bdcdc3633141
    Size: 62.60 kB
  51. rubygem-test-unit-3.5.3-145.module+el8+1862+fe5b7941.noarch.rpm mismatched
    MD5: 943a8bb5ff1ca95aac6b462d0146c9c4
    SHA-256: a7c077c12bc89fc4a551230609052105633c6b4c842f4914bebc0a0995e44d7c
    Size: 147.40 kB
  52. rubygem-test-unit-3.5.3-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: 943a8bb5ff1ca95aac6b462d0146c9c4
    SHA-256: a7c077c12bc89fc4a551230609052105633c6b4c842f4914bebc0a0995e44d7c
    Size: 147.40 kB
  53. rubygem-typeprof-0.21.3-145.module+el8+1862+fe5b7941.noarch.rpm
    MD5: 193ee0afa19f88815dcb88c9b916bbf0
    SHA-256: b3631ba7ad6f705d5cb4d43fb4e87d4eaa8badd46c10e71be3f32518663b4baf
    Size: 126.46 kB