suse-su-2025:4264-1
Vulnerability from csaf_suse
Published
2025-11-26 15:52
Modified
2025-11-26 15:52
Summary
Security update for ruby2.5
Notes
Title of the patch
Security update for ruby2.5
Description of the patch
This update for ruby2.5 fixes the following issues:
- CVE-2024-35221: Fixed remote DoS via YAML manifest (bsc#1225905)
- CVE-2024-47220: Fixed HTTP request smuggling in WEBrick (bsc#1230930)
- CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 (bsc#1232440)
- CVE-2025-24294: Fixed denial of service (DoS) caused by an insufficient check on the length
of a decompressed domain name within a DNS packet in resolv gem (bsc#1246430)
- CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse (bsc#1237804)
- CVE-2025-27220: Fixed ReDoS in CGI::Util#escapeElement (bsc#1237806)
- CVE-2025-27221: Fixed userinfo leakage in URI#join, URI#merge and URI#+ (bsc#1237805)
- CVE-2025-6442: Fixed ruby WEBrick read_header HTTP request smuggling vulnerability (bsc#1245254)
Patchnames
SUSE-2025-4264,SUSE-SLE-Module-Basesystem-15-SP7-2025-4264
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ruby2.5",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ruby2.5 fixes the following issues:\n\n- CVE-2024-35221: Fixed remote DoS via YAML manifest (bsc#1225905)\n- CVE-2024-47220: Fixed HTTP request smuggling in WEBrick (bsc#1230930)\n- CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 (bsc#1232440)\n- CVE-2025-24294: Fixed denial of service (DoS) caused by an insufficient check on the length \n of a decompressed domain name within a DNS packet in resolv gem (bsc#1246430)\n- CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse (bsc#1237804)\n- CVE-2025-27220: Fixed ReDoS in CGI::Util#escapeElement (bsc#1237806)\n- CVE-2025-27221: Fixed userinfo leakage in URI#join, URI#merge and URI#+ (bsc#1237805)\n- CVE-2025-6442: Fixed ruby WEBrick read_header HTTP request smuggling vulnerability (bsc#1245254)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4264,SUSE-SLE-Module-Basesystem-15-SP7-2025-4264",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4264-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4264-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254264-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4264-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023374.html"
},
{
"category": "self",
"summary": "SUSE Bug 1225905",
"url": "https://bugzilla.suse.com/1225905"
},
{
"category": "self",
"summary": "SUSE Bug 1230930",
"url": "https://bugzilla.suse.com/1230930"
},
{
"category": "self",
"summary": "SUSE Bug 1232440",
"url": "https://bugzilla.suse.com/1232440"
},
{
"category": "self",
"summary": "SUSE Bug 1235773",
"url": "https://bugzilla.suse.com/1235773"
},
{
"category": "self",
"summary": "SUSE Bug 1237804",
"url": "https://bugzilla.suse.com/1237804"
},
{
"category": "self",
"summary": "SUSE Bug 1237805",
"url": "https://bugzilla.suse.com/1237805"
},
{
"category": "self",
"summary": "SUSE Bug 1237806",
"url": "https://bugzilla.suse.com/1237806"
},
{
"category": "self",
"summary": "SUSE Bug 1245254",
"url": "https://bugzilla.suse.com/1245254"
},
{
"category": "self",
"summary": "SUSE Bug 1246430",
"url": "https://bugzilla.suse.com/1246430"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35221 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47220 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49761 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24294 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27219 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27219/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27220 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27221 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6442 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6442/"
}
],
"title": "Security update for ruby2.5",
"tracking": {
"current_release_date": "2025-11-26T15:52:44Z",
"generator": {
"date": "2025-11-26T15:52:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4264-1",
"initial_release_date": "2025-11-26T15:52:44Z",
"revision_history": [
{
"date": "2025-11-26T15:52:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"product": {
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"product_id": "libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.9-150700.24.3.1.aarch64",
"product": {
"name": "ruby2.5-2.5.9-150700.24.3.1.aarch64",
"product_id": "ruby2.5-2.5.9-150700.24.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"product": {
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"product_id": "ruby2.5-devel-2.5.9-150700.24.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"product": {
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"product_id": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.9-150700.24.3.1.aarch64",
"product": {
"name": "ruby2.5-doc-2.5.9-150700.24.3.1.aarch64",
"product_id": "ruby2.5-doc-2.5.9-150700.24.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"product": {
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"product_id": "ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.i586",
"product": {
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.i586",
"product_id": "libruby2_5-2_5-2.5.9-150700.24.3.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.9-150700.24.3.1.i586",
"product": {
"name": "ruby2.5-2.5.9-150700.24.3.1.i586",
"product_id": "ruby2.5-2.5.9-150700.24.3.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.i586",
"product": {
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.i586",
"product_id": "ruby2.5-devel-2.5.9-150700.24.3.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.i586",
"product": {
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.i586",
"product_id": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.9-150700.24.3.1.i586",
"product": {
"name": "ruby2.5-doc-2.5.9-150700.24.3.1.i586",
"product_id": "ruby2.5-doc-2.5.9-150700.24.3.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.i586",
"product": {
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.i586",
"product_id": "ruby2.5-stdlib-2.5.9-150700.24.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-doc-ri-2.5.9-150700.24.3.1.noarch",
"product": {
"name": "ruby2.5-doc-ri-2.5.9-150700.24.3.1.noarch",
"product_id": "ruby2.5-doc-ri-2.5.9-150700.24.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"product": {
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"product_id": "libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"product": {
"name": "ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"product_id": "ruby2.5-2.5.9-150700.24.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"product": {
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"product_id": "ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"product": {
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"product_id": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.9-150700.24.3.1.ppc64le",
"product": {
"name": "ruby2.5-doc-2.5.9-150700.24.3.1.ppc64le",
"product_id": "ruby2.5-doc-2.5.9-150700.24.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"product": {
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"product_id": "ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"product": {
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"product_id": "libruby2_5-2_5-2.5.9-150700.24.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.9-150700.24.3.1.s390x",
"product": {
"name": "ruby2.5-2.5.9-150700.24.3.1.s390x",
"product_id": "ruby2.5-2.5.9-150700.24.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"product": {
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"product_id": "ruby2.5-devel-2.5.9-150700.24.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"product": {
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"product_id": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.9-150700.24.3.1.s390x",
"product": {
"name": "ruby2.5-doc-2.5.9-150700.24.3.1.s390x",
"product_id": "ruby2.5-doc-2.5.9-150700.24.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"product": {
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"product_id": "ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"product": {
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"product_id": "libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.9-150700.24.3.1.x86_64",
"product": {
"name": "ruby2.5-2.5.9-150700.24.3.1.x86_64",
"product_id": "ruby2.5-2.5.9-150700.24.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"product": {
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"product_id": "ruby2.5-devel-2.5.9-150700.24.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"product": {
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"product_id": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.9-150700.24.3.1.x86_64",
"product": {
"name": "ruby2.5-doc-2.5.9-150700.24.3.1.x86_64",
"product_id": "ruby2.5-doc-2.5.9-150700.24.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64",
"product": {
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64",
"product_id": "ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64"
},
"product_reference": "libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le"
},
"product_reference": "libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x"
},
"product_reference": "libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64"
},
"product_reference": "libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.9-150700.24.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64"
},
"product_reference": "ruby2.5-2.5.9-150700.24.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.9-150700.24.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le"
},
"product_reference": "ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.9-150700.24.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x"
},
"product_reference": "ruby2.5-2.5.9-150700.24.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.9-150700.24.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64"
},
"product_reference": "ruby2.5-2.5.9-150700.24.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64"
},
"product_reference": "ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le"
},
"product_reference": "ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x"
},
"product_reference": "ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.9-150700.24.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64"
},
"product_reference": "ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64"
},
"product_reference": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le"
},
"product_reference": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x"
},
"product_reference": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64"
},
"product_reference": "ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64"
},
"product_reference": "ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le"
},
"product_reference": "ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x"
},
"product_reference": "ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
},
"product_reference": "ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-35221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35221"
}
],
"notes": [
{
"category": "general",
"text": "Rubygems.org is the Ruby community\u0027s gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-based metadata of a gem. YAML aliases allow for Denial of Service attacks with so-called `YAML-bombs` (comparable to Billion laughs attacks). This was patched. There is is no action required by users. This issue is also tracked as GHSL-2024-001 and was discovered by the GitHub security lab.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35221",
"url": "https://www.suse.com/security/cve/CVE-2024-35221"
},
{
"category": "external",
"summary": "SUSE Bug 1225905 for CVE-2024-35221",
"url": "https://bugzilla.suse.com/1225905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:52:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-35221"
},
{
"cve": "CVE-2024-47220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47220"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., \"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\" request. NOTE: the supplier\u0027s position is \"Webrick should not be used in production.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47220",
"url": "https://www.suse.com/security/cve/CVE-2024-47220"
},
{
"category": "external",
"summary": "SUSE Bug 1230930 for CVE-2024-47220",
"url": "https://bugzilla.suse.com/1230930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:52:44Z",
"details": "important"
}
],
"title": "CVE-2024-47220"
},
{
"cve": "CVE-2024-49761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49761"
}
],
"notes": [
{
"category": "general",
"text": "REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between \u0026# and x...; in a hex numeric character reference (\u0026#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49761",
"url": "https://www.suse.com/security/cve/CVE-2024-49761"
},
{
"category": "external",
"summary": "SUSE Bug 1232440 for CVE-2024-49761",
"url": "https://bugzilla.suse.com/1232440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:52:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-49761"
},
{
"cve": "CVE-2025-24294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24294"
}
],
"notes": [
{
"category": "general",
"text": "The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.\r\n\r\nAn attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.\r\n\r\nThis resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24294",
"url": "https://www.suse.com/security/cve/CVE-2025-24294"
},
{
"category": "external",
"summary": "SUSE Bug 1246430 for CVE-2025-24294",
"url": "https://bugzilla.suse.com/1246430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:52:44Z",
"details": "moderate"
}
],
"title": "CVE-2025-24294"
},
{
"cve": "CVE-2025-27219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27219"
}
],
"notes": [
{
"category": "general",
"text": "In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27219",
"url": "https://www.suse.com/security/cve/CVE-2025-27219"
},
{
"category": "external",
"summary": "SUSE Bug 1237804 for CVE-2025-27219",
"url": "https://bugzilla.suse.com/1237804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:52:44Z",
"details": "moderate"
}
],
"title": "CVE-2025-27219"
},
{
"cve": "CVE-2025-27220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27220"
}
],
"notes": [
{
"category": "general",
"text": "In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27220",
"url": "https://www.suse.com/security/cve/CVE-2025-27220"
},
{
"category": "external",
"summary": "SUSE Bug 1237806 for CVE-2025-27220",
"url": "https://bugzilla.suse.com/1237806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:52:44Z",
"details": "moderate"
}
],
"title": "CVE-2025-27220"
},
{
"cve": "CVE-2025-27221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27221"
}
],
"notes": [
{
"category": "general",
"text": "In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27221",
"url": "https://www.suse.com/security/cve/CVE-2025-27221"
},
{
"category": "external",
"summary": "SUSE Bug 1237805 for CVE-2025-27221",
"url": "https://bugzilla.suse.com/1237805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:52:44Z",
"details": "moderate"
}
],
"title": "CVE-2025-27221"
},
{
"cve": "CVE-2025-6442",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6442"
}
],
"notes": [
{
"category": "general",
"text": "Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions.\n\nThe specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6442",
"url": "https://www.suse.com/security/cve/CVE-2025-6442"
},
{
"category": "external",
"summary": "SUSE Bug 1245252 for CVE-2025-6442",
"url": "https://bugzilla.suse.com/1245252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libruby2_5-2_5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-devel-extra-2.5.9-150700.24.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:ruby2.5-stdlib-2.5.9-150700.24.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:52:44Z",
"details": "moderate"
}
],
"title": "CVE-2025-6442"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…