Amazon Linux 2023 Security Advisory: ALAS-2025-839
Advisory Release Date: 2025-01-30 03:53 Pacific
Advisory Updated Date: 2025-02-05 11:08 Pacific
Severity:
Medium
Issue Overview:
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version. (CVE-2023-36617)
Affected Packages:
ruby3.2
Issue Correction:
Run dnf update ruby3.2 --releasever 2023.6.20250203 to update your system.
New Packages:
aarch64:
ruby3.2-rubygem-bigdecimal-debuginfo-3.1.3-180.amzn2023.0.5.aarch64
ruby3.2-rubygem-io-console-debuginfo-0.6.0-180.amzn2023.0.5.aarch64
ruby3.2-debuginfo-3.2.2-180.amzn2023.0.5.aarch64
ruby3.2-debugsource-3.2.2-180.amzn2023.0.5.aarch64
ruby3.2-rubygem-io-console-0.6.0-180.amzn2023.0.5.aarch64
ruby3.2-libs-debuginfo-3.2.2-180.amzn2023.0.5.aarch64
ruby3.2-devel-3.2.2-180.amzn2023.0.5.aarch64
ruby3.2-rubygem-bigdecimal-3.1.3-180.amzn2023.0.5.aarch64
ruby3.2-rubygem-psych-debuginfo-5.0.1-180.amzn2023.0.5.aarch64
ruby3.2-bundled-gems-debuginfo-3.2.2-180.amzn2023.0.5.aarch64
ruby3.2-rubygem-rbs-debuginfo-2.8.2-180.amzn2023.0.5.aarch64
ruby3.2-bundled-gems-3.2.2-180.amzn2023.0.5.aarch64
ruby3.2-rubygem-json-2.6.3-180.amzn2023.0.5.aarch64
ruby3.2-rubygem-rbs-2.8.2-180.amzn2023.0.5.aarch64
ruby3.2-rubygem-psych-5.0.1-180.amzn2023.0.5.aarch64
ruby3.2-rubygem-json-debuginfo-2.6.3-180.amzn2023.0.5.aarch64
ruby3.2-libs-3.2.2-180.amzn2023.0.5.aarch64
ruby3.2-3.2.2-180.amzn2023.0.5.aarch64
noarch:
ruby3.2-rubygem-rdoc-6.5.0-180.amzn2023.0.5.noarch
ruby3.2-rubygems-3.4.10-180.amzn2023.0.5.noarch
ruby3.2-rubygem-minitest-5.16.3-180.amzn2023.0.5.noarch
ruby3.2-rubygem-test-unit-3.5.7-180.amzn2023.0.5.noarch
ruby3.2-rubygem-rss-0.2.9-180.amzn2023.0.5.noarch
ruby3.2-rubygem-irb-1.6.2-180.amzn2023.0.5.noarch
ruby3.2-rubygems-devel-3.4.10-180.amzn2023.0.5.noarch
ruby3.2-default-gems-3.2.2-180.amzn2023.0.5.noarch
ruby3.2-rubygem-power_assert-2.0.3-180.amzn2023.0.5.noarch
ruby3.2-rubygem-rexml-3.2.5-180.amzn2023.0.5.noarch
ruby3.2-rubygem-typeprof-0.21.3-180.amzn2023.0.5.noarch
ruby3.2-rubygem-bundler-2.4.10-180.amzn2023.0.5.noarch
ruby3.2-rubygem-rake-13.0.6-180.amzn2023.0.5.noarch
ruby3.2-doc-3.2.2-180.amzn2023.0.5.noarch
src:
ruby3.2-3.2.2-180.amzn2023.0.5.src
x86_64:
ruby3.2-rubygem-io-console-debuginfo-0.6.0-180.amzn2023.0.5.x86_64
ruby3.2-devel-3.2.2-180.amzn2023.0.5.x86_64
ruby3.2-rubygem-bigdecimal-3.1.3-180.amzn2023.0.5.x86_64
ruby3.2-bundled-gems-debuginfo-3.2.2-180.amzn2023.0.5.x86_64
ruby3.2-debugsource-3.2.2-180.amzn2023.0.5.x86_64
ruby3.2-rubygem-rbs-debuginfo-2.8.2-180.amzn2023.0.5.x86_64
ruby3.2-rubygem-bigdecimal-debuginfo-3.1.3-180.amzn2023.0.5.x86_64
ruby3.2-rubygem-json-debuginfo-2.6.3-180.amzn2023.0.5.x86_64
ruby3.2-libs-debuginfo-3.2.2-180.amzn2023.0.5.x86_64
ruby3.2-debuginfo-3.2.2-180.amzn2023.0.5.x86_64
ruby3.2-rubygem-psych-debuginfo-5.0.1-180.amzn2023.0.5.x86_64
ruby3.2-rubygem-psych-5.0.1-180.amzn2023.0.5.x86_64
ruby3.2-rubygem-json-2.6.3-180.amzn2023.0.5.x86_64
ruby3.2-rubygem-rbs-2.8.2-180.amzn2023.0.5.x86_64
ruby3.2-rubygem-io-console-0.6.0-180.amzn2023.0.5.x86_64
ruby3.2-libs-3.2.2-180.amzn2023.0.5.x86_64
ruby3.2-3.2.2-180.amzn2023.0.5.x86_64
ruby3.2-bundled-gems-3.2.2-180.amzn2023.0.5.x86_64