[CLSA-2026:1781715375] Fix CVE(s): CVE-2025-61594
Type:
security
Severity:
Important
Release date:
2026-06-17 16:56:31 UTC
Description:
* SECURITY UPDATE: credential leak in bundled uri when combining URIs - debian/patches/CVE-2025-61594.patch: clear stale userinfo when setting authority components and replace authority atomically on merge in the bundled uri 0.12.4 (lib/uri/generic.rb), so combining URIs with + / merge no longer re-attaches the base URI's password; backport of upstream uri 0.12.5 (commit d3116ca). Bypass of the CVE-2025-27221 fix. - CVE-2025-61594
CVEs fixed:
Updated packages:
  • alt-ruby31_3.1.7-11_amd64.deb
    sha:d9107ffa47a3d40e40e95de7857b5dd512d7c68a
  • alt-ruby31-bundled-gems_3.1.7-11_amd64.deb
    sha:34ec9fdc00328f4bb9f5cf7b51be9e067577ebf8
  • alt-ruby31-default-gems_3.1.7-11_amd64.deb
    sha:d1b1b641ff08031a86792d02f9264fe658666c49
  • alt-ruby31-devel_3.1.7-11_amd64.deb
    sha:97443ae0e70a5f38357c668111eed9b30f3f3fb4
  • alt-ruby31-doc_3.1.7-11_amd64.deb
    sha:4c94ba3c54d733ee15a065088666b266691822f7
  • alt-ruby31-libs_3.1.7-11_amd64.deb
    sha:95b4adeb620fa99c87ae1c4ad1f39b400950623f
  • alt-ruby31-rubygem-bigdecimal_3.1.1-11_amd64.deb
    sha:fd1b0ca665c73ae5143734f7db9f0e33f47dc726
  • alt-ruby31-rubygem-bundler_2.3.27-11_amd64.deb
    sha:ca4e346b83169e508f7c5057f063b49a73b4b5fe
  • alt-ruby31-rubygem-io-console_0.5.11-11_amd64.deb
    sha:0f70767a27675c6947a29e93f49ac72ab86ce22e
  • alt-ruby31-rubygem-irb_1.4.1-11_amd64.deb
    sha:fa1c0dce401a28bd526fb27b7c9e056f93d35922
  • alt-ruby31-rubygem-json_2.6.1-11_amd64.deb
    sha:f6463b5bf6ae0da20e965c9da7514a4e66f7a5c5
  • alt-ruby31-rubygem-minitest_5.15.0-11_amd64.deb
    sha:05bb9f84e8834d0b1638dc3046e2a92af013f00a
  • alt-ruby31-rubygem-power-assert_2.0.1-11_amd64.deb
    sha:29b58498595c572f115aa131df1a00aee0241f5c
  • alt-ruby31-rubygem-psych_4.0.4-11_amd64.deb
    sha:2a5aff53fc570e5a168f935174140a153dc8b1b0
  • alt-ruby31-rubygem-rake_13.0.6-11_amd64.deb
    sha:fd86a1813ff13d5d3ed14defc8ebd77457a1fa12
  • alt-ruby31-rubygem-rbs_2.7.0-11_amd64.deb
    sha:0f4dc752f313174c23540a8a30450848cbf90a58
  • alt-ruby31-rubygem-rdoc_6.4.1.1-11_amd64.deb
    sha:25eafe1adcf4a17c850eef72034063be80410ef8
  • alt-ruby31-rubygem-rexml_3.3.9-11_amd64.deb
    sha:39e414489eecb43effcbb4757a6f58ed937a1e54
  • alt-ruby31-rubygem-rss_0.3.1-11_amd64.deb
    sha:dcbd40a389fc8f637f5d9acc697f97afc3fb9f27
  • alt-ruby31-rubygem-test-unit_3.5.3-11_amd64.deb
    sha:fa3ff559db3452248c6c79dc42993ae70adbe5de
  • alt-ruby31-rubygem-typeprof_0.21.3-11_amd64.deb
    sha:936e29178a13aabdadf26806f271d61a732ff2ee
  • alt-ruby31-rubygems_3.3.27-11_amd64.deb
    sha:bc484e173eb9a675e39884fb5a432a50438b40f5
  • alt-ruby31-rubygems-devel_3.3.27-11_amd64.deb
    sha:2fd45f5fb47379915b41cec7cc2354c8f7d1ca1d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.