Details
It was discovered that the Ruby CGI gem incorrectly handled parsing certain
cookies. A remote attacker could possibly use this issue to consume
resources, leading to a denial of service. (CVE-2025-27219)
It was discovered that the Ruby CGI gem incorrectly handled parsing certain
regular expressions. A remote attacker could possibly use this issue to
consume resources, leading to a denial of service. (CVE-2025-27220)
It was discovered that the Ruby URI gem incorrectly handled certain URI
handling methods. A remote attacker could possibly use this issue to leak
authentication credentials. (CVE-2025-27221)
It was discovered that the Ruby REXML gem incorrectly handled parsing XML
documents containing many digits in a hex numeric character reference. A
remote attacker could use this issue to consume resources,...
It was discovered that the Ruby CGI gem incorrectly handled parsing certain
cookies. A remote attacker could possibly use this issue to consume
resources, leading to a denial of service. (CVE-2025-27219)
It was discovered that the Ruby CGI gem incorrectly handled parsing certain
regular expressions. A remote attacker could possibly use this issue to
consume resources, leading to a denial of service. (CVE-2025-27220)
It was discovered that the Ruby URI gem incorrectly handled certain URI
handling methods. A remote attacker could possibly use this issue to leak
authentication credentials. (CVE-2025-27221)
It was discovered that the Ruby REXML gem incorrectly handled parsing XML
documents containing many digits in a hex numeric character reference. A
remote attacker could use this issue to consume resources, leading to a
denial of service. (CVE-2024-49761)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Ubuntu Release | Package Version | ||
---|---|---|---|
18.04 bionic | libruby2.5 – 2.5.1-1ubuntu1.16+esm4 | ||
ruby2.5 – 2.5.1-1ubuntu1.16+esm4 | |||
16.04 xenial | libruby2.3 – 2.3.1-2~ubuntu16.04.16+esm10 | ||
ruby2.3 – 2.3.1-2~ubuntu16.04.16+esm10 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.