RLSA-2025:23063

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

resolv: Denial of Service in resolv gem (CVE-2025-24294)
rexml: REXML denial of service (CVE-2025-58767)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:9 / ruby

Package

Name: ruby
Purl: pkg:rpm/rocky-linux/ruby?distro=rocky-linux-9&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:3.3.10-5.module+el9.7.0+40039+300ba1ed

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2025:23063.json"

Rocky Linux:9 / rubygem-mysql2

Package

Name: rubygem-mysql2
Purl: pkg:rpm/rocky-linux/rubygem-mysql2?distro=rocky-linux-9&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:0.5.5-3.module+el9.7.0+40032+36e56d0d

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2025:23063.json"

Rocky Linux:9 / rubygem-pg

Package

Name: rubygem-pg
Purl: pkg:rpm/rocky-linux/rubygem-pg?distro=rocky-linux-9&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.5.4-1.module+el9.7.0+40032+36e56d0d.0.1

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2025:23063.json"