- Vulnerability/
- USN-7256-1
USN-7256-1: Ruby vulnerabilities
First published: Thu Feb 06 2025(Updated: )
It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libruby2.7 | <2.7.0-5ubuntu1.16 | 2.7.0-5ubuntu1.16 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/ruby2.7 | <2.7.0-5ubuntu1.16 | 2.7.0-5ubuntu1.16 |
| Ubuntu | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of USN-7256-1?
The severity of USN-7256-1 is categorized as a denial of service vulnerability.
How do I fix USN-7256-1?
To fix USN-7256-1, update to the latest version of Ruby provided in the Ubuntu package manager.
Which versions of Ruby are affected by USN-7256-1?
Ruby versions up to and including 2.7.0-5ubuntu1.16 on Ubuntu 20.04 are affected by USN-7256-1.
What type of attack is associated with USN-7256-1?
USN-7256-1 is associated with XML document parsing issues that can lead to a denial of service.
Is USN-7256-1 specific to a certain operating system?
Yes, USN-7256-1 specifically affects the Ruby package on Ubuntu 20.04.
- agent/references
- agent/last-modified-date
- agent/title
- agent/source
- agent/softwarecombine
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/20.04