OESA-2025-1930

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1930

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1930.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1930

Upstream

CVE-2025-6442

Published

2025-08-01T13:02:57Z

Modified

2025-08-12T05:52:29.244974Z

Summary

ruby security update

Details

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl).

Security Fix(es):

Webrick is an open source HTTP server toolkit for The Ruby Programming Language. Webrick has an environmental problem vulnerability, which originates from the inconsistent parsing of HTTP header terminators by the read_headers method, which may lead to an HTTP request entrainment attack.(CVE-2025-6442)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / ruby

Package

Name: ruby
Purl: pkg:rpm/openEuler/ruby&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.8-135.oe2003sp4

Ecosystem specific

{
    "aarch64": [
        "ruby-2.5.8-135.oe2003sp4.aarch64.rpm",
        "ruby-debuginfo-2.5.8-135.oe2003sp4.aarch64.rpm",
        "ruby-debugsource-2.5.8-135.oe2003sp4.aarch64.rpm",
        "ruby-devel-2.5.8-135.oe2003sp4.aarch64.rpm",
        "rubygem-bigdecimal-1.3.4-135.oe2003sp4.aarch64.rpm",
        "rubygem-io-console-0.4.6-135.oe2003sp4.aarch64.rpm",
        "rubygem-json-2.1.0-135.oe2003sp4.aarch64.rpm",
        "rubygem-openssl-2.1.2-135.oe2003sp4.aarch64.rpm",
        "rubygem-psych-3.0.2-135.oe2003sp4.aarch64.rpm"
    ],
    "src": [
        "ruby-2.5.8-135.oe2003sp4.src.rpm"
    ],
    "noarch": [
        "ruby-help-2.5.8-135.oe2003sp4.noarch.rpm",
        "ruby-irb-2.5.8-135.oe2003sp4.noarch.rpm",
        "rubygem-did_you_mean-1.2.0-135.oe2003sp4.noarch.rpm",
        "rubygem-minitest-5.10.3-135.oe2003sp4.noarch.rpm",
        "rubygem-net-telnet-0.1.1-135.oe2003sp4.noarch.rpm",
        "rubygem-power_assert-1.1.1-135.oe2003sp4.noarch.rpm",
        "rubygem-rake-12.3.0-135.oe2003sp4.noarch.rpm",
        "rubygem-rdoc-6.0.1.1-135.oe2003sp4.noarch.rpm",
        "rubygem-test-unit-3.2.7-135.oe2003sp4.noarch.rpm",
        "rubygem-xmlrpc-0.3.0-135.oe2003sp4.noarch.rpm",
        "rubygems-2.7.6-135.oe2003sp4.noarch.rpm",
        "rubygems-devel-2.7.6-135.oe2003sp4.noarch.rpm"
    ],
    "x86_64": [
        "ruby-2.5.8-135.oe2003sp4.x86_64.rpm",
        "ruby-debuginfo-2.5.8-135.oe2003sp4.x86_64.rpm",
        "ruby-debugsource-2.5.8-135.oe2003sp4.x86_64.rpm",
        "ruby-devel-2.5.8-135.oe2003sp4.x86_64.rpm",
        "rubygem-bigdecimal-1.3.4-135.oe2003sp4.x86_64.rpm",
        "rubygem-io-console-0.4.6-135.oe2003sp4.x86_64.rpm",
        "rubygem-json-2.1.0-135.oe2003sp4.x86_64.rpm",
        "rubygem-openssl-2.1.2-135.oe2003sp4.x86_64.rpm",
        "rubygem-psych-3.0.2-135.oe2003sp4.x86_64.rpm"
    ]
}