Release date:
2026-06-10 13:28:57 UTC
Description:
* SECURITY UPDATE: rexml denial of service via multiple XML declarations
- debian/patches/CVE-2025-58767.patch: validate XML declarations in
bundled rexml-3.3.9 (require version, restrict to version/encoding/
standalone attributes, reject duplicates) and add Source#skip_spaces
fast path; backport of upstream rexml commit 5859bdea (PR #282).
- CVE-2025-58767
* SECURITY UPDATE: heap buffer overflow in Zlib::GzipReader#ungetc
- debian/patches/CVE-2026-27820.patch: make the gzip output buffer
expansion unconditional in zstream_buffer_ungets() so a large ungetc
payload cannot memmove/write past the allocation (ext/zlib/zlib.c),
plus regression test test_ungetc_buffer_underflow (test/zlib/test_zlib.rb).
- CVE-2026-27820
Updated packages:
-
alt-ruby31_3.1.7-10_amd64.deb
sha:57bee8a56a42917013595c7afa703423eca3eb2f
-
alt-ruby31-bundled-gems_3.1.7-10_amd64.deb
sha:0868295a3bc0db251e22426c0b7ccc87aeeeab74
-
alt-ruby31-default-gems_3.1.7-10_amd64.deb
sha:99d9f00e5bcf4dd1ce7ed89a1c08a1354473c966
-
alt-ruby31-devel_3.1.7-10_amd64.deb
sha:04828ff4ae1a833a14304c3ebd9ad5aaf54d366c
-
alt-ruby31-doc_3.1.7-10_amd64.deb
sha:b6bcb5b9468b07d4c018826738d706ba098c27fc
-
alt-ruby31-libs_3.1.7-10_amd64.deb
sha:a7a24fce167bbe5f73c94f13255a1cab8cee258f
-
alt-ruby31-rubygem-bigdecimal_3.1.1-10_amd64.deb
sha:658d8221bc815dc3f60795ff2b8e4eeb4779e338
-
alt-ruby31-rubygem-bundler_2.3.27-10_amd64.deb
sha:23a9edd64b0f43ea232012c86a5021cae484eb82
-
alt-ruby31-rubygem-io-console_0.5.11-10_amd64.deb
sha:14d6cd44c9a426c280897d4aa2fd2b2a327633a9
-
alt-ruby31-rubygem-irb_1.4.1-10_amd64.deb
sha:d046a068468d3ccba29a3dbe762babeeb121aea7
-
alt-ruby31-rubygem-json_2.6.1-10_amd64.deb
sha:e1849ba526a0f829cd98f82336607485557b1cb1
-
alt-ruby31-rubygem-minitest_5.15.0-10_amd64.deb
sha:745e0bbcada0842fd90660db4d8fd3546f05f1e7
-
alt-ruby31-rubygem-power-assert_2.0.1-10_amd64.deb
sha:27c841956bf307752cd1f7c03109ed33bd5bb752
-
alt-ruby31-rubygem-psych_4.0.4-10_amd64.deb
sha:e65a1fea609b017c3e15a4272896c7df3fc6bac8
-
alt-ruby31-rubygem-rake_13.0.6-10_amd64.deb
sha:d141d15142ebd57de86394f20f08f8a496b2a334
-
alt-ruby31-rubygem-rbs_2.7.0-10_amd64.deb
sha:e1bf26d950e19414f9d52d7cd88eb4dc8995cd27
-
alt-ruby31-rubygem-rdoc_6.4.1.1-10_amd64.deb
sha:23624f565a46ce76c14a196841cd6dcc2f24bf4a
-
alt-ruby31-rubygem-rexml_3.3.9-10_amd64.deb
sha:ebe0d3b3c8035c64ccfca62ecd500fcdcdb152d7
-
alt-ruby31-rubygem-rss_0.3.1-10_amd64.deb
sha:96d24c917f7f2101bcec95a5c7dfe03f725b7a22
-
alt-ruby31-rubygem-test-unit_3.5.3-10_amd64.deb
sha:58f89a91d7187d8f4d93446cebdeeb64caa43b32
-
alt-ruby31-rubygem-typeprof_0.21.3-10_amd64.deb
sha:42056244d503ca6a2b41ec3ea3ecc4927d642b92
-
alt-ruby31-rubygems_3.3.27-10_amd64.deb
sha:bec9f8c328af97babb09c64423403e6ae90b2ee0
-
alt-ruby31-rubygems-devel_3.3.27-10_amd64.deb
sha:6de046c26d2fffa09f49c497c42248ecde8ddef8
-
alt-ruby31_3.1.7-10_arm64.deb
sha:2b66e67a629e57e770c65de83797dcb943da72fc
-
alt-ruby31-bundled-gems_3.1.7-10_arm64.deb
sha:ff86606c0de75abbd463ce13aa292463e7e0c203
-
alt-ruby31-default-gems_3.1.7-10_arm64.deb
sha:a7999bc80ed9fcbeee57594911651c15460d0e2c
-
alt-ruby31-devel_3.1.7-10_arm64.deb
sha:57d1ca71128f3078a41d405658a23bbe5b201170
-
alt-ruby31-doc_3.1.7-10_arm64.deb
sha:79ed832d5082ebe60be0e93c72d283a0eac2eeb0
-
alt-ruby31-libs_3.1.7-10_arm64.deb
sha:675bde46db5d78e43e7bf2950aa806728adf62ba
-
alt-ruby31-rubygem-bigdecimal_3.1.1-10_arm64.deb
sha:0203e2bf40f0bda2722343ba6346724445427a31
-
alt-ruby31-rubygem-bundler_2.3.27-10_arm64.deb
sha:839312be4c059350b24cbeea7bbe388a67c252d7
-
alt-ruby31-rubygem-io-console_0.5.11-10_arm64.deb
sha:d948a4c69e44051864832f0257c0e93842737817
-
alt-ruby31-rubygem-irb_1.4.1-10_arm64.deb
sha:d9831a163c3e179f9ea869b28a24eeb2b7e4e442
-
alt-ruby31-rubygem-json_2.6.1-10_arm64.deb
sha:2a6a203497976d4ce9d8c622b1ffb63a3f065b5e
-
alt-ruby31-rubygem-minitest_5.15.0-10_arm64.deb
sha:d7a98d63be1025801fb8028733e4aeddeaf1ba7f
-
alt-ruby31-rubygem-power-assert_2.0.1-10_arm64.deb
sha:40792e8068e8843dd96061751d7294460711a19d
-
alt-ruby31-rubygem-psych_4.0.4-10_arm64.deb
sha:1602259e29d3a1f21e6d0a0af842cb2c1841a8e7
-
alt-ruby31-rubygem-rake_13.0.6-10_arm64.deb
sha:b9ab240b8b644e62545208563aec129967cd76e4
-
alt-ruby31-rubygem-rbs_2.7.0-10_arm64.deb
sha:5630ebd6aeb54c522ab8b518068a1eae35106076
-
alt-ruby31-rubygem-rdoc_6.4.1.1-10_arm64.deb
sha:bf942e534ff3efebaf00a3b1d3bf6586c21fde71
-
alt-ruby31-rubygem-rexml_3.3.9-10_arm64.deb
sha:dda17225a9e21c0a7d7cab29a2e8734f882fbdc2
-
alt-ruby31-rubygem-rss_0.3.1-10_arm64.deb
sha:cf2ae8e6fb1b7ccb1e024d95c4231f075d15df25
-
alt-ruby31-rubygem-test-unit_3.5.3-10_arm64.deb
sha:e46b2de117377d3cd23faab420ff89d6ef5d44ef
-
alt-ruby31-rubygem-typeprof_0.21.3-10_arm64.deb
sha:ad28cb4d6d24aabbccf1cd474a15368fbe19c5bb
-
alt-ruby31-rubygems_3.3.27-10_arm64.deb
sha:cd5740db483d1411375c505f011c58204c95f6cc
-
alt-ruby31-rubygems-devel_3.3.27-10_arm64.deb
sha:c31baf259ca409a5c778ba5052e723f3855ee597
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
