Security update for ruby2.5 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0736-1 Final 1 1 2025-02-26T18:38:15Z current 2025-02-26T18:38:15Z 2025-02-26T18:38:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ruby2.5 This update for ruby2.5 fixes the following issues: - CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick (bsc#1230930) - CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml (bsc#1232440) Other fixes: - [ruby/uri] Fix quadratic backtracking on invalid relative URI - [ruby/time] Make RFC2822 regexp linear - [ruby/time] Fix quadratic backtracking on invalid time - merge some parts of CGI 0.1.1 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/ruby:latest-2025-736,Container suse/rmt-server:latest-2025-736,Image SLES15-SP3-SAP-Azure-LI-BYOS-Production-2025-736,Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production-2025-736,Image SLES15-SP5-Azure-3P-2025-736,Image SLES15-SP5-SAP-Azure-3P-2025-736,SUSE-2025-736,SUSE-SLE-Module-Basesystem-15-SP6-2025-736,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-736,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-736,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-736,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-736,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-736,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-736,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-736,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-736,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-736,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-736,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-736,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-736,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-736,SUSE-Storage-7.1-2025-736,openSUSE-SLE-15.6-2025-736 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250736-1/ Link for SUSE-SU-2025:0736-1 https://lists.suse.com/pipermail/sle-security-updates/2025-February/020450.html E-Mail link for SUSE-SU-2025:0736-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1230930 SUSE Bug 1230930 https://bugzilla.suse.com/1232440 SUSE Bug 1232440 https://www.suse.com/security/cve/CVE-2024-47220/ SUSE CVE CVE-2024-47220 page https://www.suse.com/security/cve/CVE-2024-49761/ SUSE CVE CVE-2024-49761 page Container bci/ruby:latest Container suse/rmt-server:latest Image SLES15-SP3-SAP-Azure-LI-BYOS-Production Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production Image SLES15-SP5-Azure-3P Image SLES15-SP5-SAP-Azure-3P SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.6 libruby2_5-2_5-2.5.9-150000.4.36.1 ruby2.5-2.5.9-150000.4.36.1 ruby2.5-devel-2.5.9-150000.4.36.1 ruby2.5-stdlib-2.5.9-150000.4.36.1 ruby2.5-devel-extra-2.5.9-150000.4.36.1 ruby2.5-doc-2.5.9-150000.4.36.1 ruby2.5-doc-ri-2.5.9-150000.4.36.1 libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of Container bci/ruby:latest ruby2.5-2.5.9-150000.4.36.1 as a component of Container bci/ruby:latest ruby2.5-devel-2.5.9-150000.4.36.1 as a component of Container bci/ruby:latest ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of Container bci/ruby:latest libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of Container suse/rmt-server:latest ruby2.5-2.5.9-150000.4.36.1 as a component of Container suse/rmt-server:latest ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of Container suse/rmt-server:latest libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production ruby2.5-2.5.9-150000.4.36.1 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production ruby2.5-2.5.9-150000.4.36.1 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of Image SLES15-SP5-Azure-3P ruby2.5-2.5.9-150000.4.36.1 as a component of Image SLES15-SP5-Azure-3P ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of Image SLES15-SP5-Azure-3P libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of Image SLES15-SP5-SAP-Azure-3P ruby2.5-2.5.9-150000.4.36.1 as a component of Image SLES15-SP5-SAP-Azure-3P ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of Image SLES15-SP5-SAP-Azure-3P libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Enterprise Storage 7.1 ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Enterprise Storage 7.1 ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Enterprise Storage 7.1 ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Enterprise Storage 7.1 ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Enterprise Storage 7.1 libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Manager Proxy 4.3 ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Manager Proxy 4.3 ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Manager Proxy 4.3 ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Manager Proxy 4.3 ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Manager Proxy 4.3 libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of SUSE Manager Server 4.3 ruby2.5-2.5.9-150000.4.36.1 as a component of SUSE Manager Server 4.3 ruby2.5-devel-2.5.9-150000.4.36.1 as a component of SUSE Manager Server 4.3 ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of SUSE Manager Server 4.3 ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of SUSE Manager Server 4.3 libruby2_5-2_5-2.5.9-150000.4.36.1 as a component of openSUSE Leap 15.6 ruby2.5-2.5.9-150000.4.36.1 as a component of openSUSE Leap 15.6 ruby2.5-devel-2.5.9-150000.4.36.1 as a component of openSUSE Leap 15.6 ruby2.5-devel-extra-2.5.9-150000.4.36.1 as a component of openSUSE Leap 15.6 ruby2.5-doc-2.5.9-150000.4.36.1 as a component of openSUSE Leap 15.6 ruby2.5-doc-ri-2.5.9-150000.4.36.1 as a component of openSUSE Leap 15.6 ruby2.5-stdlib-2.5.9-150000.4.36.1 as a component of openSUSE Leap 15.6 ** DISPUTED ** An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production." CVE-2024-47220 Container bci/ruby:latest:libruby2_5-2_5-2.5.9-150000.4.36.1 Container bci/ruby:latest:ruby2.5-2.5.9-150000.4.36.1 Container bci/ruby:latest:ruby2.5-devel-2.5.9-150000.4.36.1 Container bci/ruby:latest:ruby2.5-stdlib-2.5.9-150000.4.36.1 Container suse/rmt-server:latest:libruby2_5-2_5-2.5.9-150000.4.36.1 Container suse/rmt-server:latest:ruby2.5-2.5.9-150000.4.36.1 Container suse/rmt-server:latest:ruby2.5-stdlib-2.5.9-150000.4.36.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libruby2_5-2_5-2.5.9-150000.4.36.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:ruby2.5-2.5.9-150000.4.36.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:ruby2.5-stdlib-2.5.9-150000.4.36.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libruby2_5-2_5-2.5.9-150000.4.36.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:ruby2.5-2.5.9-150000.4.36.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:ruby2.5-stdlib-2.5.9-150000.4.36.1 Image SLES15-SP5-Azure-3P:libruby2_5-2_5-2.5.9-150000.4.36.1 Image SLES15-SP5-Azure-3P:ruby2.5-2.5.9-150000.4.36.1 Image SLES15-SP5-Azure-3P:ruby2.5-stdlib-2.5.9-150000.4.36.1 Image SLES15-SP5-SAP-Azure-3P:libruby2_5-2_5-2.5.9-150000.4.36.1 Image SLES15-SP5-SAP-Azure-3P:ruby2.5-2.5.9-150000.4.36.1 Image SLES15-SP5-SAP-Azure-3P:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Enterprise Storage 7.1:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Enterprise Storage 7.1:ruby2.5-2.5.9-150000.4.36.1 SUSE Enterprise Storage 7.1:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Enterprise Storage 7.1:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Enterprise Storage 7.1:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP3-LTSS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP3-LTSS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP3-LTSS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP3-LTSS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP4-LTSS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP4-LTSS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP4-LTSS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP4-LTSS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP5-LTSS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP5-LTSS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP5-LTSS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP5-LTSS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Manager Proxy 4.3:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Manager Proxy 4.3:ruby2.5-2.5.9-150000.4.36.1 SUSE Manager Proxy 4.3:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Manager Proxy 4.3:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Manager Proxy 4.3:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Manager Server 4.3:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Manager Server 4.3:ruby2.5-2.5.9-150000.4.36.1 SUSE Manager Server 4.3:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Manager Server 4.3:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Manager Server 4.3:ruby2.5-stdlib-2.5.9-150000.4.36.1 openSUSE Leap 15.6:libruby2_5-2_5-2.5.9-150000.4.36.1 openSUSE Leap 15.6:ruby2.5-2.5.9-150000.4.36.1 openSUSE Leap 15.6:ruby2.5-devel-2.5.9-150000.4.36.1 openSUSE Leap 15.6:ruby2.5-devel-extra-2.5.9-150000.4.36.1 openSUSE Leap 15.6:ruby2.5-doc-2.5.9-150000.4.36.1 openSUSE Leap 15.6:ruby2.5-doc-ri-2.5.9-150000.4.36.1 openSUSE Leap 15.6:ruby2.5-stdlib-2.5.9-150000.4.36.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250736-1/ https://www.suse.com/security/cve/CVE-2024-47220.html CVE-2024-47220 https://bugzilla.suse.com/1230930 SUSE Bug 1230930 REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability. CVE-2024-49761 Container bci/ruby:latest:libruby2_5-2_5-2.5.9-150000.4.36.1 Container bci/ruby:latest:ruby2.5-2.5.9-150000.4.36.1 Container bci/ruby:latest:ruby2.5-devel-2.5.9-150000.4.36.1 Container bci/ruby:latest:ruby2.5-stdlib-2.5.9-150000.4.36.1 Container suse/rmt-server:latest:libruby2_5-2_5-2.5.9-150000.4.36.1 Container suse/rmt-server:latest:ruby2.5-2.5.9-150000.4.36.1 Container suse/rmt-server:latest:ruby2.5-stdlib-2.5.9-150000.4.36.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libruby2_5-2_5-2.5.9-150000.4.36.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:ruby2.5-2.5.9-150000.4.36.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:ruby2.5-stdlib-2.5.9-150000.4.36.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libruby2_5-2_5-2.5.9-150000.4.36.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:ruby2.5-2.5.9-150000.4.36.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:ruby2.5-stdlib-2.5.9-150000.4.36.1 Image SLES15-SP5-Azure-3P:libruby2_5-2_5-2.5.9-150000.4.36.1 Image SLES15-SP5-Azure-3P:ruby2.5-2.5.9-150000.4.36.1 Image SLES15-SP5-Azure-3P:ruby2.5-stdlib-2.5.9-150000.4.36.1 Image SLES15-SP5-SAP-Azure-3P:libruby2_5-2_5-2.5.9-150000.4.36.1 Image SLES15-SP5-SAP-Azure-3P:ruby2.5-2.5.9-150000.4.36.1 Image SLES15-SP5-SAP-Azure-3P:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Enterprise Storage 7.1:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Enterprise Storage 7.1:ruby2.5-2.5.9-150000.4.36.1 SUSE Enterprise Storage 7.1:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Enterprise Storage 7.1:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Enterprise Storage 7.1:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP3-LTSS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP3-LTSS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP3-LTSS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP3-LTSS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP4-LTSS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP4-LTSS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP4-LTSS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP4-LTSS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP5-LTSS:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP5-LTSS:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP5-LTSS:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server 15 SP5-LTSS:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:ruby2.5-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Manager Proxy 4.3:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Manager Proxy 4.3:ruby2.5-2.5.9-150000.4.36.1 SUSE Manager Proxy 4.3:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Manager Proxy 4.3:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Manager Proxy 4.3:ruby2.5-stdlib-2.5.9-150000.4.36.1 SUSE Manager Server 4.3:libruby2_5-2_5-2.5.9-150000.4.36.1 SUSE Manager Server 4.3:ruby2.5-2.5.9-150000.4.36.1 SUSE Manager Server 4.3:ruby2.5-devel-2.5.9-150000.4.36.1 SUSE Manager Server 4.3:ruby2.5-devel-extra-2.5.9-150000.4.36.1 SUSE Manager Server 4.3:ruby2.5-stdlib-2.5.9-150000.4.36.1 openSUSE Leap 15.6:libruby2_5-2_5-2.5.9-150000.4.36.1 openSUSE Leap 15.6:ruby2.5-2.5.9-150000.4.36.1 openSUSE Leap 15.6:ruby2.5-devel-2.5.9-150000.4.36.1 openSUSE Leap 15.6:ruby2.5-devel-extra-2.5.9-150000.4.36.1 openSUSE Leap 15.6:ruby2.5-doc-2.5.9-150000.4.36.1 openSUSE Leap 15.6:ruby2.5-doc-ri-2.5.9-150000.4.36.1 openSUSE Leap 15.6:ruby2.5-stdlib-2.5.9-150000.4.36.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250736-1/ https://www.suse.com/security/cve/CVE-2024-49761.html CVE-2024-49761 https://bugzilla.suse.com/1232440 SUSE Bug 1232440