[CLSA-2026:1781272955] Fix CVE(s): CVE-2025-27219, CVE-2025-27220, CVE-2025-61594
Type:
security
Severity:
Important
Release date:
2026-06-12 14:04:46 UTC
Description:
* SECURITY UPDATE: cgi and uri vulnerabilities in the bundled gems - debian/patches/CVE-2025-27219.patch: CGI::Cookie.parse merged repeated cookie names with an allocating array `+`, giving O(n^2) work and a DoS on crafted Cookie headers; merge in place with concat instead. - debian/patches/CVE-2025-27220.patch: CGI::Util#escapeElement and #unescapeElement used a lazy-backtracking regex vulnerable to ReDoS; replace with possessive/atomic forms that also handle unclosed tags. - debian/patches/CVE-2025-61594.patch: URI::Generic#merge / + leaked the base URI's password when only the host changed (bypass of CVE-2025-27221); clear userinfo atomically via authority accessors. - CVE-2025-27219 - CVE-2025-27220 - CVE-2025-61594
CVEs fixed:
Updated packages:
  • alt-ruby30_3.0.7-174_amd64.deb
    sha:dd19a09c2879611196b3d3952debdeb365847374
  • alt-ruby30-default-gems_3.0.7-174_amd64.deb
    sha:b987b928824e4d2bad98df7bd919d3fb551cc35e
  • alt-ruby30-devel_3.0.7-174_amd64.deb
    sha:5bd383a78b166c534dc46370570c3eb240e6c422
  • alt-ruby30-doc_3.0.7-174_amd64.deb
    sha:d588ea3576664bfcf7777da5bd9edd0894745aa8
  • alt-ruby30-libs_3.0.7-174_amd64.deb
    sha:f632d83d98db95b8b55b78b4ced8a53115b5b109
  • alt-ruby30-rubygem-bigdecimal_3.0.0-174_amd64.deb
    sha:78da04c1f045217af46ddc96062f4aca36c6917d
  • alt-ruby30-rubygem-bundler_2.2.33-174_amd64.deb
    sha:fa99ede128deb067b85c1b3f38e06bacfed21e99
  • alt-ruby30-rubygem-io-console_0.5.7-174_amd64.deb
    sha:5966ee91c4c3d169d8ddd162e180636b5de7e982
  • alt-ruby30-rubygem-irb_1.3.5-174_amd64.deb
    sha:cf9dd16bc3708240ebf8e2ecbb8e349be2466f9c
  • alt-ruby30-rubygem-json_2.5.1-174_amd64.deb
    sha:dbb8484007d6d447f38ada30747aee35c821ef1c
  • alt-ruby30-rubygem-minitest_5.14.2-174_amd64.deb
    sha:2bc5a60a9aa0ef3b35fd3c652d8a681a2d648024
  • alt-ruby30-rubygem-power-assert_1.2.1-174_amd64.deb
    sha:93de03f6acafde162067a7572125ee9030b361bb
  • alt-ruby30-rubygem-psych_3.3.2-174_amd64.deb
    sha:141dcfc13b3ba5a702e2fc869977a97575a525a5
  • alt-ruby30-rubygem-rake_13.0.3-174_amd64.deb
    sha:ad2ad6ac804de3c1c45d7e96534f89594b6e2848
  • alt-ruby30-rubygem-rbs_1.4.0-174_amd64.deb
    sha:c99af8e135acc4dc428303f411819a1b346fd650
  • alt-ruby30-rubygem-rdoc_6.3.4.1-174_amd64.deb
    sha:1ad515ca25b5ec684123bdb0a1c8558dd8bdab61
  • alt-ruby30-rubygem-rexml_3.2.5-174_amd64.deb
    sha:4d39165db52c942457444195bd3c2dac2a75cd2c
  • alt-ruby30-rubygem-rss_0.2.9-174_amd64.deb
    sha:c529580f34040574a391e96e83193f08f20c3050
  • alt-ruby30-rubygem-test-unit_3.3.7-174_amd64.deb
    sha:0f7a3df1f393f03a3964f559d3df76af8cd3a49a
  • alt-ruby30-rubygem-typeprof_0.15.2-174_amd64.deb
    sha:ee93e7f653763d1ec9411182d537d06315fbcfb6
  • alt-ruby30-rubygems_3.2.33-174_amd64.deb
    sha:82c3692e16cdfe76d8258cc3726a18770fa9398a
  • alt-ruby30-rubygems-devel_3.2.33-174_amd64.deb
    sha:5538befe824db71e7485bb2a868d89e5eddc8d65
  • alt-ruby30_3.0.7-174_arm64.deb
    sha:9897ffcda97cb7beffa6db2af35799c31f3a3fc0
  • alt-ruby30-default-gems_3.0.7-174_arm64.deb
    sha:5526a2efd6ffbe81d5b718be14b980fbadaa76f0
  • alt-ruby30-devel_3.0.7-174_arm64.deb
    sha:92b4fa84a9d304584741a601d4e7e5b283b91919
  • alt-ruby30-doc_3.0.7-174_arm64.deb
    sha:410675060dabe9e85ec625b88097fc3656f68d2b
  • alt-ruby30-libs_3.0.7-174_arm64.deb
    sha:bc71b2c1850612c5d26498e6e5cb86596f6753f0
  • alt-ruby30-rubygem-bigdecimal_3.0.0-174_arm64.deb
    sha:72aa75a8cbc34267d072c31fe739a89834b41027
  • alt-ruby30-rubygem-bundler_2.2.33-174_arm64.deb
    sha:ac030f7f31e7b41236e8d8a1fb164e947fbe6571
  • alt-ruby30-rubygem-io-console_0.5.7-174_arm64.deb
    sha:73befefb10ae5b2bec340090337936b45facfd3b
  • alt-ruby30-rubygem-irb_1.3.5-174_arm64.deb
    sha:95b3404c51728bdf8a3b82c002675ef241f9f352
  • alt-ruby30-rubygem-json_2.5.1-174_arm64.deb
    sha:24c81c8b7f7b199f26fee7a85fb28719c3effa76
  • alt-ruby30-rubygem-minitest_5.14.2-174_arm64.deb
    sha:0a14e2046ac7c5a776d1b0ce063c7af17cc2ae0b
  • alt-ruby30-rubygem-power-assert_1.2.1-174_arm64.deb
    sha:45c22ca40aa905a28ae88a7e72fa1ec04ff4af26
  • alt-ruby30-rubygem-psych_3.3.2-174_arm64.deb
    sha:5eca083104b96cb1433df226b043b617b90359a5
  • alt-ruby30-rubygem-rake_13.0.3-174_arm64.deb
    sha:08e525a0b05d68b2fa0536bcbc6d7eef2f7f97aa
  • alt-ruby30-rubygem-rbs_1.4.0-174_arm64.deb
    sha:421cad7fd8b2c3acd7c2b1c950c5c8699c27dfe9
  • alt-ruby30-rubygem-rdoc_6.3.4.1-174_arm64.deb
    sha:962e97013956246f8bac1c6d7e5d53009a81dede
  • alt-ruby30-rubygem-rexml_3.2.5-174_arm64.deb
    sha:6190d146ca849ba7b6fc0204b3d0cd838ac48b84
  • alt-ruby30-rubygem-rss_0.2.9-174_arm64.deb
    sha:ac4b704ec9a1dffd7a5cf2d95ce761cff417d9c7
  • alt-ruby30-rubygem-test-unit_3.3.7-174_arm64.deb
    sha:ebccada873b1b255d4618c40056902150daa5622
  • alt-ruby30-rubygem-typeprof_0.15.2-174_arm64.deb
    sha:e1608e60c68af40648afa0526f8875034b7a1bfb
  • alt-ruby30-rubygems_3.2.33-174_arm64.deb
    sha:9ee3fe8e426dcc1ba0a8d266b028ea16eb561aa2
  • alt-ruby30-rubygems-devel_3.2.33-174_arm64.deb
    sha:49e1d1c7ff83028d0c7d97575d80a0edbc817330
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.