Early Access — Mondoo Vulnerability Intelligence is currently in preview.

RHSA-2025:23062 | Mondoo Vulnerability Intelligence

RHSA-2025:23062

MEDIUM6.5

Red Hat Security Advisory: ruby:3.3 security update

Published Jan 3, 2026

Modified 1 weeks ago

Fix available

Affected Packages

Red Hat:enterprise_linux:8::appstreamruby

Fixed in:

0:3.3.10-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamruby-bundled-gems

Fixed in:

0:3.3.10-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamruby-bundled-gems-debuginfo

Fixed in:

0:3.3.10-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamruby-debuginfo

Fixed in:

0:3.3.10-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamruby-debugsource

Fixed in:

0:3.3.10-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamruby-default-gems

Fixed in:

0:3.3.10-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamruby-devel

Fixed in:

0:3.3.10-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamruby-doc

Fixed in:

0:3.3.10-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamruby-libs

Fixed in:

0:3.3.10-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamruby-libs-debuginfo

Fixed in:

0:3.3.10-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-abrt

Fixed in:

0:0.4.0-1.module+el8.10.0+21226+b78a28c4

Red Hat:enterprise_linux:8::appstreamrubygem-abrt-doc

Fixed in:

0:0.4.0-1.module+el8.10.0+21226+b78a28c4

Red Hat:enterprise_linux:8::appstreamrubygem-bigdecimal

Fixed in:

0:3.1.5-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-bigdecimal-debuginfo

Fixed in:

0:3.1.5-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-bundler

Fixed in:

0:2.5.22-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-io-console

Fixed in:

0:0.7.1-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-io-console-debuginfo

Fixed in:

0:0.7.1-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-irb

Fixed in:

0:1.13.1-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-json

Fixed in:

0:2.7.2-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-json-debuginfo

Fixed in:

0:2.7.2-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-minitest

Fixed in:

0:5.20.0-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-mysql2

Fixed in:

0:0.5.5-1.module+el8.10.0+21226+b78a28c4

Red Hat:enterprise_linux:8::appstreamrubygem-mysql2-debuginfo

Fixed in:

0:0.5.5-1.module+el8.10.0+21226+b78a28c4

Red Hat:enterprise_linux:8::appstreamrubygem-mysql2-debugsource

Fixed in:

0:0.5.5-1.module+el8.10.0+21226+b78a28c4

Red Hat:enterprise_linux:8::appstreamrubygem-mysql2-doc

Fixed in:

0:0.5.5-1.module+el8.10.0+21226+b78a28c4

Red Hat:enterprise_linux:8::appstreamrubygem-pg

Fixed in:

0:1.5.4-1.module+el8.10.0+21226+b78a28c4

Red Hat:enterprise_linux:8::appstreamrubygem-pg-debuginfo

Fixed in:

0:1.5.4-1.module+el8.10.0+21226+b78a28c4

Red Hat:enterprise_linux:8::appstreamrubygem-pg-debugsource

Fixed in:

0:1.5.4-1.module+el8.10.0+21226+b78a28c4

Red Hat:enterprise_linux:8::appstreamrubygem-pg-doc

Fixed in:

0:1.5.4-1.module+el8.10.0+21226+b78a28c4

Red Hat:enterprise_linux:8::appstreamrubygem-power_assert

Fixed in:

0:2.0.3-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-psych

Fixed in:

0:5.1.2-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-psych-debuginfo

Fixed in:

0:5.1.2-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-racc

Fixed in:

0:1.7.3-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-racc-debuginfo

Fixed in:

0:1.7.3-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-rake

Fixed in:

0:13.1.0-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-rbs

Fixed in:

0:3.4.0-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-rbs-debuginfo

Fixed in:

0:3.4.0-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-rdoc

Fixed in:

0:6.6.3.1-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-rexml

Fixed in:

0:3.4.4-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-rss

Fixed in:

0:0.3.1-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-test-unit

Fixed in:

0:3.6.1-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygem-typeprof

Fixed in:

0:0.21.9-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygems

Fixed in:

0:3.5.22-5.module+el8.10.0+23696+c42b0f57

Red Hat:enterprise_linux:8::appstreamrubygems-devel

Fixed in:

0:3.5.22-5.module+el8.10.0+23696+c42b0f57

References

ADVISORYhttps://access.redhat.com/errata/RHSA-2025:23062 REPORThttps://access.redhat.com/security/cve/CVE-2025-24294 REPORThttps://access.redhat.com/security/cve/CVE-2025-58767 REPORThttps://access.redhat.com/security/cve/CVE-2025-61594 ARTICLEhttps://access.redhat.com/security/updates/classification/#moderate REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2379684 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2396186 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2426336 ARTICLEhttps://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23 ARTICLEhttps://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5 ARTICLEhttps://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902 ARTICLEhttps://github.com/ruby/uri/commit/7e521b2da0833d964aab43019e735aea674e1c2c ARTICLEhttps://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a ARTICLEhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-61594.yml ARTICLEhttps://issues.redhat.com/browse/RHEL-106820 ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-24294 ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-58767 ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-61594 ADVISORYhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23062.json ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-24294 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-58767 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-61594 ARTICLEhttps://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/ARTICLEhttps://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/

CVSS Analysis

CVSS v3.1

6.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Upstream

CVE-2025-24294 CVE-2025-58767 CVE-2025-61594

Ecosystems

Red Hat enterprise_linux 8 appstream

Timeline

PublishedJan 3, 2026

ModifiedJan 3, 2026