ruby:3.1 security update

エラータID: AXSA:2025-9941:01

リリース日: 
2025/05/16 Friday - 21:41
題名: 
ruby:3.1 security update
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- REXML には、リモートの攻撃者により、`<`、`0`、`%>` などの特定
の文字を含むように細工された XML 形式のデータの解析を介して、
サービス拒否攻撃 (リソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2024-39908)

- REXML には、空白文字、'>]'、']>' などの特定の文字を多く含む
XML 形式のデータの解析処理に問題があるため、リモートの攻撃者に
より、細工された XML 形式のデータの処理を介して、サービス拒否
攻撃を可能とする脆弱性が存在します。(CVE-2024-41123)

- REXML には、SAX2 もしくはプルパーサー API を用い XML 形式の
データの解析処理に問題があるため、ローカルの攻撃者により、多数の
エンティティ拡張を含むように細工された XML 形式のデータの解析を
介して、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-41946)

- REXML には、リモートの攻撃者により、同じローカル名属性を持つ
多数の要素を含むように細工された XML 形式のデータの解析を介して、
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2024-43398)

- Ruby の CGI ライブラリの CGI::Cookie.parse() メソッドには、
Cookie 値の長さを制限していない問題があるため、リモートの攻撃者に
より、細工された Cookie 値の処理を介して、サービス拒否攻撃 (過剰な
リソースの枯渇) を可能とする脆弱性が存在します。(CVE-2025-27219)

- Ruby の CGI ライブラリの Util#escapeElement() メソッドには、
リモートの攻撃者により、細工された正規表現の処理を介して、正規表現
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-27220)

- Ruby の URI ライブラリの URL を扱うメソッドには、データの消去
処理に不備があるため、ローカルの攻撃者により、情報の漏洩を可能と
する脆弱性が存在します。(CVE-2025-27221)

Modularity name: ruby
Stream name: 3.1

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2024-39908
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.
CVE-2024-41123
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
CVE-2024-43398
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.
CVE-2025-27219
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. rubygem-mysql2-0.5.4-1.module+el9+1084+62f08099.ML.1.src.rpm
    MD5: caca4130f37dc3697ac9574fe694c710
    SHA-256: 52944af7c0679516e197dc84ecc60b3cefeeac718c560a5bb932743d29bc93dd
    Size: 113.20 kB
  2. rubygem-pg-1.3.5-1.module+el9+1084+62f08099.ML.1.src.rpm
    MD5: 5b027ca20537801fb65ae6bb68b36d51
    SHA-256: 2b144eee8fbbc2f8e6e157fec0bd104b552290d038ab713c1e30cc0c91a6132b
    Size: 263.25 kB
  3. ruby-3.1.7-146.module+el9+1084+62f08099.src.rpm
    MD5: 514d3fe2e4faae960fdeaedd5ca19fda
    SHA-256: 61bc4ae03f49570853d3d30acd516cec7e53c1d987504fecc53dfb38d10f05df
    Size: 14.59 MB

Asianux Server 9 for x86_64
  1. ruby-3.1.7-146.module+el9+1084+62f08099.i686.rpm
    MD5: 74c34fc2adba2329e81bd5aadffad9eb
    SHA-256: 3d66a1de8511be350da7376cc0a73f59c2678db069ff2017b0eb25ed327266b1
    Size: 38.58 kB
  2. ruby-3.1.7-146.module+el9+1084+62f08099.x86_64.rpm
    MD5: 51a76eb439901d0594e6d9173f604af1
    SHA-256: 01ff48076d736f2ceaa0de1760d63eb77324dfa09357961780e7b92872c79022
    Size: 38.45 kB
  3. ruby-bundled-gems-3.1.7-146.module+el9+1084+62f08099.i686.rpm
    MD5: b53048eaa4e9897a298c733a9e2bf4d7
    SHA-256: abe53e139420a160c44b30ffd357b38f6401d0e828b24b858885347a7e61a20d
    Size: 182.66 kB
  4. ruby-bundled-gems-3.1.7-146.module+el9+1084+62f08099.x86_64.rpm
    MD5: f7c6af3cf63d8a2244ec688175da2692
    SHA-256: bc4111dde28d0ca83c6f18c9b41598ee95d2d7655b3681762ef8da6e1475b1c6
    Size: 182.29 kB
  5. ruby-debugsource-3.1.7-146.module+el9+1084+62f08099.i686.rpm
    MD5: 81b4d451aa336214ea0ae0f4e134f279
    SHA-256: d2cf034a4fcc930c8f767f0e0f891783513a5744bc077b386abc3c9d65e8ede8
    Size: 3.65 MB
  6. ruby-debugsource-3.1.7-146.module+el9+1084+62f08099.x86_64.rpm
    MD5: 421c0a772a929cc46e7e43769d2eac51
    SHA-256: daa05b4eedb81a73e8b5c474a96619931166b5432677a945a97b4b4891b68964
    Size: 3.72 MB
  7. ruby-default-gems-3.1.7-146.module+el9+1084+62f08099.noarch.rpm
    MD5: 04d4bd56e3866d11883749ab061af7c2
    SHA-256: b78959a26030dff65bed37defdd67e2b2b2858f841066c9e36e7a87883eb2a9e
    Size: 42.92 kB
  8. ruby-devel-3.1.7-146.module+el9+1084+62f08099.i686.rpm
    MD5: 2e9cef2a8d28ee5dc7629ee518526224
    SHA-256: 8e7fdba7018dce3b3f85b1168fa8da246f1383d8cb5837281ed39fd3b9e8293f
    Size: 459.94 kB
  9. ruby-devel-3.1.7-146.module+el9+1084+62f08099.x86_64.rpm
    MD5: 1f27d548736c332147292ad1f5b4c40a
    SHA-256: be94c134a7397c2f9d39b8c4de90a29b2810d07f0e76534e82d7666a851ee5ca
    Size: 459.97 kB
  10. ruby-doc-3.1.7-146.module+el9+1084+62f08099.noarch.rpm
    MD5: 28cd93d45b0c1189ccc28c12bdd0b08d
    SHA-256: 3798583b443703a9b68a212b5cc5de3b1ccf6384a84e832d6c6840f4f6318c72
    Size: 7.53 MB
  11. rubygem-bigdecimal-3.1.1-146.module+el9+1084+62f08099.i686.rpm
    MD5: 0006cf8a6789a09860d15758fdf67ff8
    SHA-256: 1ffec750e6ca2b7cdf95a0e8136b00d6e961828059295e1a7a157437b0b4a508
    Size: 70.46 kB
  12. rubygem-bigdecimal-3.1.1-146.module+el9+1084+62f08099.x86_64.rpm
    MD5: d7e5009259fbfada31d5f730aa6f4d60
    SHA-256: 7222621fabafbf1874d748af9a50ebfa6851f99c7364d1dfcae1fd0ca7eab74d
    Size: 66.07 kB
  13. rubygem-bundler-2.3.27-146.module+el9+1084+62f08099.noarch.rpm
    MD5: bc963347e3933abde3cc79a2267a4107
    SHA-256: 2fde497a9384aeba6c5bfc564c0f80e8b3a571ac82205917864c43955ea6c60b
    Size: 452.75 kB
  14. rubygem-io-console-0.5.11-146.module+el9+1084+62f08099.i686.rpm
    MD5: cc22f28e31afca0d2102b92bbd1ec6cd
    SHA-256: 77c7c306bb27ede8cf75798fca4f6627dbbedbc8bcd9c48c5816506c8422c1ac
    Size: 23.97 kB
  15. rubygem-io-console-0.5.11-146.module+el9+1084+62f08099.x86_64.rpm
    MD5: 7a158a2aa1f70edfc3519faa1ee1f1cc
    SHA-256: 72b4c576a4e97622fb2b5e255d8d5bf5158d3dbb4dc2b488eff43c0bf9a02bc1
    Size: 22.20 kB
  16. rubygem-irb-1.4.1-146.module+el9+1084+62f08099.noarch.rpm
    MD5: d4dc67aa5b2c435d5a540fb8d52e7259
    SHA-256: 3e83cca5de12c38449e7fb9421fb39a8b0b9996b0c4059cfcb733733d5319a01
    Size: 79.41 kB
  17. rubygem-json-2.6.1-146.module+el9+1084+62f08099.i686.rpm
    MD5: f08098b8224ff3ccd8e3c692050afe99
    SHA-256: 0668321cb6c5170f74a9f88e57df4257375439515ed737bc5fd646a32dfa925d
    Size: 58.92 kB
  18. rubygem-json-2.6.1-146.module+el9+1084+62f08099.x86_64.rpm
    MD5: 1fb95e3ae1685dce2d77f8c4cecf386c
    SHA-256: 84dc647ab638d388dc5566fbf6a5c9a3958c0cb5bf0d5b068bc4dfd57bc28fe0
    Size: 57.09 kB
  19. rubygem-minitest-5.15.0-146.module+el9+1084+62f08099.noarch.rpm
    MD5: 83cb47e27cf6e387447248ff514bc7d0
    SHA-256: 100001931cb1ebc0e67dcf9f23e0e4eb5e8ca0347a1c68d9f021424ba5abcbbc
    Size: 86.61 kB
  20. rubygem-mysql2-0.5.4-1.module+el9+1084+62f08099.ML.1.x86_64.rpm
    MD5: aaa61b2b8aeba909b276263165bad968
    SHA-256: a8e9e25ea6ae1143d4c1e40163dfde1121313d73f4bad821617022e03e41c8e8
    Size: 51.43 kB
  21. rubygem-mysql2-debugsource-0.5.4-1.module+el9+1084+62f08099.ML.1.x86_64.rpm
    MD5: c2f9ac2d1a5d5700637b752f30cc2d67
    SHA-256: 3b6983e0e67fadabb3230679e8abb2c86883ec75d0566ed7ed758b3b3ae919b5
    Size: 34.91 kB
  22. rubygem-mysql2-doc-0.5.4-1.module+el9+1084+62f08099.ML.1.noarch.rpm
    MD5: c6ed41ebfe4374e18cbfe6c77c332f87
    SHA-256: 228eb6ecc355c37fa0912598132ae794a10e3d254b9192d4afb02a786d217db6
    Size: 346.79 kB
  23. rubygem-pg-1.3.5-1.module+el9+1084+62f08099.ML.1.x86_64.rpm
    MD5: 5eb7cadbf9f20ca12e77bdbb4aa94bd2
    SHA-256: 04c11c4a82d57579b6b61c9c031d8539fd240c7c547f4d9100145428db026eab
    Size: 116.87 kB
  24. rubygem-pg-debugsource-1.3.5-1.module+el9+1084+62f08099.ML.1.x86_64.rpm
    MD5: 257ba060f505adcb867e103a182c131b
    SHA-256: 0072bc40fe42cc1d4241d8e2547065264a3edacea82865f5d150c439abf1ff70
    Size: 97.57 kB
  25. rubygem-pg-doc-1.3.5-1.module+el9+1084+62f08099.ML.1.noarch.rpm
    MD5: c28fcffeaafe2dd13148b720c74d4c3b
    SHA-256: 6b3d1dc99092dbc2a7a67caa6dfd1b208bc4cf4ee91d37ec289680b41c7d2bf3
    Size: 710.01 kB
  26. rubygem-power_assert-2.0.1-146.module+el9+1084+62f08099.noarch.rpm
    MD5: 17587139a523e037c338381478edc053
    SHA-256: 078fd46999c6550a6c991a0ba19496c02f9bd75dccb869fa9e3c49cfbfa3590d
    Size: 24.50 kB
  27. rubygem-psych-4.0.4-146.module+el9+1084+62f08099.i686.rpm
    MD5: 8a8947376c8866f7b606b5bae2edc7f3
    SHA-256: d338a525f4c828351c8ce553d41442962695d8d3d8c39493c7a92e5b64dd4ea9
    Size: 59.50 kB
  28. rubygem-psych-4.0.4-146.module+el9+1084+62f08099.x86_64.rpm
    MD5: 5b4edb6df3f73a725081bf048f50e590
    SHA-256: a8d886414a94b46a54628aec7c2f9ba71585f9e84ad0b25a5f31f351e5e0eab4
    Size: 58.35 kB
  29. rubygem-rake-13.0.6-146.module+el9+1084+62f08099.noarch.rpm
    MD5: 014102217222f854b2906e0c0b963c9b
    SHA-256: 657fcaa18cbf1b32b8e2e7f30b1317c90a9ba8474b66020c11aa0b49cabf368c
    Size: 100.02 kB
  30. rubygem-rbs-2.7.0-146.module+el9+1084+62f08099.i686.rpm
    MD5: 5a88821d87fabc693c82c71514c01011
    SHA-256: 0684ee99a5b16080fc1e0b143d48fd3d27c6a6bfaf7c40ac9675dfa274d1e61a
    Size: 859.68 kB
  31. rubygem-rbs-2.7.0-146.module+el9+1084+62f08099.x86_64.rpm
    MD5: c86d59c033d5c7f85c1613ccf5369e51
    SHA-256: cc191b77d6f09ce10a728631046d8943bda813b486d50ee9b7057f4be5205179
    Size: 855.36 kB
  32. rubygem-rdoc-6.4.1.1-146.module+el9+1084+62f08099.noarch.rpm
    MD5: fd3f16015e38e6724c71db2f7afad6e6
    SHA-256: 693fb4a456b0c91c528b9bf6d0a905178eedc0abf94d0825f9502ed1ba051623
    Size: 498.42 kB
  33. rubygem-rexml-3.3.9-146.module+el9+1084+62f08099.noarch.rpm
    MD5: 00fd84d18f1da5a22ccd8d3a5fca9478
    SHA-256: a984035f256604f9e9e07e15ef1609725640cd13931d260efd05149f786e5655
    Size: 116.74 kB
  34. rubygem-rss-0.3.1-146.module+el9+1084+62f08099.noarch.rpm
    MD5: 4bf207cd6ababb2be68cf658108d1cb5
    SHA-256: afade0d76cc8ba6c9ba10d52c1e09e840af5694b64f586759fd31de3fc64b8cc
    Size: 67.20 kB
  35. rubygems-3.3.27-146.module+el9+1084+62f08099.noarch.rpm
    MD5: febeb0ba9160f99506fb008688e58b93
    SHA-256: 50c5481b4e33675fb26ec50d9d97d2f663c1e552c2f90763658c493b3e63dc85
    Size: 294.07 kB
  36. rubygems-devel-3.3.27-146.module+el9+1084+62f08099.noarch.rpm
    MD5: 31884aeb9206fd9e1bc5be45d28c04df
    SHA-256: 6ea47dcfce9e8d53a3a2855aa67fe0a747fe50537bf29157476f869678ce0c20
    Size: 11.80 kB
  37. rubygem-test-unit-3.5.3-146.module+el9+1084+62f08099.noarch.rpm
    MD5: b164b3587b8c7e72af407790bfdae6be
    SHA-256: 41dc4046f11fbfe538e456529e26270e1281804df99d5e81f1352f2f3d8ac0c4
    Size: 107.21 kB
  38. rubygem-typeprof-0.21.3-146.module+el9+1084+62f08099.noarch.rpm
    MD5: 3f37be5ebb319b70337d0654892c730e
    SHA-256: 268fdda12d06e7ead585cfcc08905f18f1aae8c4b8ecceb3d9ddd6791a6679cc
    Size: 77.45 kB
  39. ruby-libs-3.1.7-146.module+el9+1084+62f08099.i686.rpm
    MD5: e21b360d16ebe5324ba8609c54ca6683
    SHA-256: 84ca41a518063f8daefd35731edc445f4dda7ede20e1da0f783d43485932ecef
    Size: 3.34 MB
  40. ruby-libs-3.1.7-146.module+el9+1084+62f08099.x86_64.rpm
    MD5: de394107ae881419c7c9e5982cb46cb3
    SHA-256: 59266021feeada0f47b09c3096ae47293e08958ccd268568e4ab022a62442313
    Size: 3.30 MB