ELSA-2026-33540

ELSA-2026-33540 - ruby4.0 security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-07-16

Description


[4.0.3-35]
- Fix Net::IMAP ResponseReader quadratic complexity vulnerability (CVE-2026-42245)
Includes core fix plus additional performance optimizations
Resolves: RHEL-181675
- Fix Net::IMAP STARTTLS stripping vulnerability (CVE-2026-42246)
Resolves: RHEL-181767
- Fix Net::IMAP command injection vulnerability via unvalidated Symbol arguments (CVE-2026-42258)
Resolves: RHEL-181793

[4.0.3-34]
- Upgrade to Ruby 4.0.3.
Resolves: RHEL-171239
- Fix ERB: Arbitrary code execution via bypass
(CVE-2026-41316)
Resolves: RHEL-170910
- Fix JSON: Denial of Service or Information Disclosure via format string injection
(CVE-2026-33210)
Resolves: RHEL-173457


Related CVEs


CVE-2026-42245
CVE-2026-42246
CVE-2026-42258

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 10 (aarch64) ruby4.0-4.0.3-35.el10_2.src.rpm9191860d3973528b8b3106c6372739209e50e92b80fb5d1aaf25977c7d619219-ol10_aarch64_appstream
ruby4.0-4.0.3-35.el10_2.src.rpm9191860d3973528b8b3106c6372739209e50e92b80fb5d1aaf25977c7d619219-ol10_aarch64_codeready_builder
ruby4.0-4.0.3-35.el10_2.aarch64.rpm647abfa22ed9f84ac563d5b3d83bfb44f3a014f4f0b6f0abf8e6b92f1a4739b6-ol10_aarch64_appstream
ruby4.0-devel-4.0.3-35.el10_2.aarch64.rpm672a17e7e8daff5235b8da160e59e9e029518f4f5a68b103ef0aa5f3fff118ca-ol10_aarch64_appstream
ruby4.0-doc-4.0.3-35.el10_2.noarch.rpm7270253bc64a2f0d264e542596b57ce36f78746e731929e0d0580672ff865fea-ol10_aarch64_codeready_builder
ruby4.0-rubygem-mysql2-0.5.7-35.el10_2.aarch64.rpma9b8616c46de71fd2cb99dc8720d1040cb802c04b32e183d1c9ccc0eceb770ae-ol10_aarch64_appstream
ruby4.0-rubygem-pg-1.6.3-35.el10_2.aarch64.rpmcad45d77501fd61d6cf10184c18bc44165fe28797a89ad77753a70ac8babc840-ol10_aarch64_appstream
Oracle Linux 10 (x86_64) ruby4.0-4.0.3-35.el10_2.src.rpm9191860d3973528b8b3106c6372739209e50e92b80fb5d1aaf25977c7d619219-ol10_x86_64_appstream
ruby4.0-4.0.3-35.el10_2.src.rpm9191860d3973528b8b3106c6372739209e50e92b80fb5d1aaf25977c7d619219-ol10_x86_64_codeready_builder
ruby4.0-4.0.3-35.el10_2.x86_64.rpm6631d1894d0f069d641ea9c090609036b5ca8ccb2424eba30839cd805c86a696-ol10_x86_64_appstream
ruby4.0-devel-4.0.3-35.el10_2.x86_64.rpma8035fc903df18da2de478a4755a35bf95a079ba7b96b5f6dbd25117c207df35-ol10_x86_64_appstream
ruby4.0-doc-4.0.3-35.el10_2.noarch.rpm7270253bc64a2f0d264e542596b57ce36f78746e731929e0d0580672ff865fea-ol10_x86_64_codeready_builder
ruby4.0-rubygem-mysql2-0.5.7-35.el10_2.x86_64.rpm470bb0b7a85f618563dcdf9eae9f9fc92eb1f41de7f052d6ad13e23f50965900-ol10_x86_64_appstream
ruby4.0-rubygem-pg-1.6.3-35.el10_2.x86_64.rpm8f89f717c93127c01153ea25b458077d4218c60ec477a978abc3a8cc81662049-ol10_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete