Amazon Linux 2023 Security Advisory: ALAS2023-2026-1806
Advisory Released Date: 2026-06-08
Advisory Updated Date: 2026-06-08
Severity:
Important
Issue Overview:
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4. (CVE-2026-42246)
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4. (CVE-2026-42258)
Affected Packages:
ruby4.0
Issue Correction:
Run dnf update ruby4.0 --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1806 --releasever 2023.12.20260608 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
ruby4.0-bundled-gems-debuginfo-4.0.1-32.amzn2023.0.2.aarch64
ruby4.0-debuginfo-4.0.1-32.amzn2023.0.2.aarch64
ruby4.0-rubygem-psych-debuginfo-5.3.1-32.amzn2023.0.2.aarch64
ruby4.0-rubygem-io-console-0.8.2-32.amzn2023.0.2.aarch64
ruby4.0-libs-debuginfo-4.0.1-32.amzn2023.0.2.aarch64
ruby4.0-rubygem-io-console-debuginfo-0.8.2-32.amzn2023.0.2.aarch64
ruby4.0-4.0.1-32.amzn2023.0.2.aarch64
ruby4.0-rubygem-rbs-debuginfo-3.10.0-32.amzn2023.0.2.aarch64
ruby4.0-devel-4.0.1-32.amzn2023.0.2.aarch64
ruby4.0-debugsource-4.0.1-32.amzn2023.0.2.aarch64
ruby4.0-bundled-gems-4.0.1-32.amzn2023.0.2.aarch64
ruby4.0-rubygem-rbs-3.10.0-32.amzn2023.0.2.aarch64
ruby4.0-rubygem-json-2.18.0-32.amzn2023.0.2.aarch64
ruby4.0-libs-4.0.1-32.amzn2023.0.2.aarch64
ruby4.0-rubygem-json-debuginfo-2.18.0-32.amzn2023.0.2.aarch64
ruby4.0-rubygem-racc-1.8.1-32.amzn2023.0.2.aarch64
ruby4.0-rubygem-psych-5.3.1-32.amzn2023.0.2.aarch64
ruby4.0-rubygem-bigdecimal-debuginfo-4.0.1-32.amzn2023.0.2.aarch64
ruby4.0-rubygem-bigdecimal-4.0.1-32.amzn2023.0.2.aarch64
ruby4.0-rubygem-racc-debuginfo-1.8.1-32.amzn2023.0.2.aarch64
noarch:
ruby4.0-rubygem-rexml-3.4.4-32.amzn2023.0.2.noarch
ruby4.0-rubygem-rss-0.3.2-32.amzn2023.0.2.noarch
ruby4.0-rubygem-test-unit-3.7.5-32.amzn2023.0.2.noarch
ruby4.0-rubygems-4.0.3-32.amzn2023.0.2.noarch
ruby4.0-rubygem-bundler-4.0.3-32.amzn2023.0.2.noarch
ruby4.0-rubygems-devel-4.0.3-32.amzn2023.0.2.noarch
ruby4.0-rubygem-irb-1.16.0-32.amzn2023.0.2.noarch
ruby4.0-rubygem-typeprof-0.31.1-32.amzn2023.0.2.noarch
ruby4.0-rubygem-rdoc-7.0.3-32.amzn2023.0.2.noarch
ruby4.0-default-gems-4.0.1-32.amzn2023.0.2.noarch
ruby4.0-rubygem-rake-13.3.1-32.amzn2023.0.2.noarch
ruby4.0-rubygem-minitest-6.0.0-32.amzn2023.0.2.noarch
ruby4.0-rubygem-power_assert-3.0.1-32.amzn2023.0.2.noarch
ruby4.0-doc-4.0.1-32.amzn2023.0.2.noarch
src:
ruby4.0-4.0.1-32.amzn2023.0.2.src
x86_64:
ruby4.0-rubygem-psych-debuginfo-5.3.1-32.amzn2023.0.2.x86_64
ruby4.0-libs-debuginfo-4.0.1-32.amzn2023.0.2.x86_64
ruby4.0-devel-4.0.1-32.amzn2023.0.2.x86_64
ruby4.0-4.0.1-32.amzn2023.0.2.x86_64
ruby4.0-rubygem-json-debuginfo-2.18.0-32.amzn2023.0.2.x86_64
ruby4.0-rubygem-rbs-debuginfo-3.10.0-32.amzn2023.0.2.x86_64
ruby4.0-rubygem-bigdecimal-4.0.1-32.amzn2023.0.2.x86_64
ruby4.0-bundled-gems-debuginfo-4.0.1-32.amzn2023.0.2.x86_64
ruby4.0-rubygem-io-console-debuginfo-0.8.2-32.amzn2023.0.2.x86_64
ruby4.0-rubygem-io-console-0.8.2-32.amzn2023.0.2.x86_64
ruby4.0-debugsource-4.0.1-32.amzn2023.0.2.x86_64
ruby4.0-rubygem-racc-debuginfo-1.8.1-32.amzn2023.0.2.x86_64
ruby4.0-rubygem-json-2.18.0-32.amzn2023.0.2.x86_64
ruby4.0-rubygem-racc-1.8.1-32.amzn2023.0.2.x86_64
ruby4.0-rubygem-rbs-3.10.0-32.amzn2023.0.2.x86_64
ruby4.0-rubygem-bigdecimal-debuginfo-4.0.1-32.amzn2023.0.2.x86_64
ruby4.0-rubygem-psych-5.3.1-32.amzn2023.0.2.x86_64
ruby4.0-debuginfo-4.0.1-32.amzn2023.0.2.x86_64
ruby4.0-libs-4.0.1-32.amzn2023.0.2.x86_64
ruby4.0-bundled-gems-4.0.1-32.amzn2023.0.2.x86_64