- Vulnerability/
- USN-7256-2
USN-7256-2: Ruby regression
First published: Thu Feb 13 2025(Updated: )
USN-7256-1 fixed vulnerabilities in Ruby. The update introduced a minor regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libruby2.7 | <2.7.0-5ubuntu1.17 | 2.7.0-5ubuntu1.17 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/ruby2.7 | <2.7.0-5ubuntu1.17 | 2.7.0-5ubuntu1.17 |
| Ubuntu | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of USN-7256-2?
USN-7256-2 addresses a vulnerability in Ruby that had previously introduced a minor regression in handling XML parsing.
How do I fix USN-7256-2?
To fix USN-7256-2, you should update the Ruby package to version 2.7.0-5ubuntu1.17 on Ubuntu 20.04.
What vulnerabilities were fixed in USN-7256-2?
USN-7256-2 fixes a regression related to XML parsing vulnerabilities introduced in the earlier USN-7256-1.
Is USN-7256-2 applicable to all Ubuntu users?
USN-7256-2 specifically affects users running Ubuntu 20.04 with the affected Ruby packages.
What happens if I ignore USN-7256-2?
Ignoring USN-7256-2 may leave your system vulnerable to XML parsing issues that could lead to unexpected behavior.
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/title
- agent/last-modified-date
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/20.04