[CLSA-2026:1781714940] Fix CVE(s): CVE-2025-61594
Type:
security
Severity:
Important
Release date:
2026-06-17 16:49:16 UTC
Description:
* SECURITY UPDATE: credential leak in bundled uri when combining URIs - debian/patches/CVE-2025-61594.patch: clear stale userinfo when setting authority components and replace authority atomically on merge in the bundled uri 0.12.4 (lib/uri/generic.rb), so combining URIs with + / merge no longer re-attaches the base URI's password; backport of upstream uri 0.12.5 (commit d3116ca). Bypass of the CVE-2025-27221 fix. - CVE-2025-61594
CVEs fixed:
Updated packages:
  • alt-ruby31_3.1.7-11_amd64.deb
    sha:a674d449cb477588e2be4ba0c78da6a93b400fc0
  • alt-ruby31-bundled-gems_3.1.7-11_amd64.deb
    sha:05da085126a1a3da884ccd695aa79bc57a76dd3d
  • alt-ruby31-default-gems_3.1.7-11_amd64.deb
    sha:d1b1b641ff08031a86792d02f9264fe658666c49
  • alt-ruby31-devel_3.1.7-11_amd64.deb
    sha:0e281e2b21d7cbeb5405ed8fcfe93e93da83e20f
  • alt-ruby31-doc_3.1.7-11_amd64.deb
    sha:4c94ba3c54d733ee15a065088666b266691822f7
  • alt-ruby31-libs_3.1.7-11_amd64.deb
    sha:d85340d3e90503a31b9083f72c0c3ba29aba6d46
  • alt-ruby31-rubygem-bigdecimal_3.1.1-11_amd64.deb
    sha:0c14d86024ef72f6848e2f22d77fc314304b3ab6
  • alt-ruby31-rubygem-bundler_2.3.27-11_amd64.deb
    sha:ca4e346b83169e508f7c5057f063b49a73b4b5fe
  • alt-ruby31-rubygem-io-console_0.5.11-11_amd64.deb
    sha:ea3710b9fba0592d3d9e5155389686dd9adc48f5
  • alt-ruby31-rubygem-irb_1.4.1-11_amd64.deb
    sha:fa1c0dce401a28bd526fb27b7c9e056f93d35922
  • alt-ruby31-rubygem-json_2.6.1-11_amd64.deb
    sha:7402c3ffbe77b4934529fc9cdc016852b052ea04
  • alt-ruby31-rubygem-minitest_5.15.0-11_amd64.deb
    sha:05bb9f84e8834d0b1638dc3046e2a92af013f00a
  • alt-ruby31-rubygem-power-assert_2.0.1-11_amd64.deb
    sha:29b58498595c572f115aa131df1a00aee0241f5c
  • alt-ruby31-rubygem-psych_4.0.4-11_amd64.deb
    sha:1c7d2acdcddd185e311d6eeee2c273ad88fc4fe0
  • alt-ruby31-rubygem-rake_13.0.6-11_amd64.deb
    sha:fd86a1813ff13d5d3ed14defc8ebd77457a1fa12
  • alt-ruby31-rubygem-rbs_2.7.0-11_amd64.deb
    sha:83ef9632e1fb63a1593f389f3e103cb7d815f380
  • alt-ruby31-rubygem-rdoc_6.4.1.1-11_amd64.deb
    sha:25eafe1adcf4a17c850eef72034063be80410ef8
  • alt-ruby31-rubygem-rexml_3.3.9-11_amd64.deb
    sha:39e414489eecb43effcbb4757a6f58ed937a1e54
  • alt-ruby31-rubygem-rss_0.3.1-11_amd64.deb
    sha:dcbd40a389fc8f637f5d9acc697f97afc3fb9f27
  • alt-ruby31-rubygem-test-unit_3.5.3-11_amd64.deb
    sha:fa3ff559db3452248c6c79dc42993ae70adbe5de
  • alt-ruby31-rubygem-typeprof_0.21.3-11_amd64.deb
    sha:936e29178a13aabdadf26806f271d61a732ff2ee
  • alt-ruby31-rubygems_3.3.27-11_amd64.deb
    sha:bc484e173eb9a675e39884fb5a432a50438b40f5
  • alt-ruby31-rubygems-devel_3.3.27-11_amd64.deb
    sha:2fd45f5fb47379915b41cec7cc2354c8f7d1ca1d
  • alt-ruby31_3.1.7-11_arm64.deb
    sha:332755cca662c593fc1d4ac89f49cd405c0dc340
  • alt-ruby31-bundled-gems_3.1.7-11_arm64.deb
    sha:38a776cd10562bac540943ec60cae7fb550c1a8a
  • alt-ruby31-default-gems_3.1.7-11_arm64.deb
    sha:2f5b7cd8b8e917386b6fdabc3b96e56cb534fd41
  • alt-ruby31-devel_3.1.7-11_arm64.deb
    sha:4c0729cb3cd508f952e6c0119980f06ce633bb40
  • alt-ruby31-doc_3.1.7-11_arm64.deb
    sha:b938b9c1626c143d86fc4d4e9dab777007c9ba92
  • alt-ruby31-libs_3.1.7-11_arm64.deb
    sha:918184e0d1adc7553e35d8cb4a19d0d56d50c621
  • alt-ruby31-rubygem-bigdecimal_3.1.1-11_arm64.deb
    sha:2ff2b98bcab77e32eff5012ec70b4f260117edfa
  • alt-ruby31-rubygem-bundler_2.3.27-11_arm64.deb
    sha:132bf4c199680204c5f0ca1337f3933210be1312
  • alt-ruby31-rubygem-io-console_0.5.11-11_arm64.deb
    sha:4422df96a16bc92103a1753e146b5838c45ead40
  • alt-ruby31-rubygem-irb_1.4.1-11_arm64.deb
    sha:f3ddfa5c51bafa7268d942e217b9c0056c24221e
  • alt-ruby31-rubygem-json_2.6.1-11_arm64.deb
    sha:099d53d23f5ade373106278ce89999dd03329ffb
  • alt-ruby31-rubygem-minitest_5.15.0-11_arm64.deb
    sha:8acd4b10dfb8a5baa89ead3f47fc7316078a1fe2
  • alt-ruby31-rubygem-power-assert_2.0.1-11_arm64.deb
    sha:9ac03dd7c9174319025f8317a7edd3c0f33c5c34
  • alt-ruby31-rubygem-psych_4.0.4-11_arm64.deb
    sha:18f784ea27139adacfa5fce9e9bf336f8ec51b85
  • alt-ruby31-rubygem-rake_13.0.6-11_arm64.deb
    sha:deb71cc0c635ef615c6ce3aadedd5b730f0c919c
  • alt-ruby31-rubygem-rbs_2.7.0-11_arm64.deb
    sha:41f894b65d1c8ec38c778d30c571b7edbbaa705a
  • alt-ruby31-rubygem-rdoc_6.4.1.1-11_arm64.deb
    sha:4c5ca9b8f30a87df6e406f024d817ff85ae1e9e8
  • alt-ruby31-rubygem-rexml_3.3.9-11_arm64.deb
    sha:06c330a659f2ab684352a7efd4d24c1c4d1fb7fe
  • alt-ruby31-rubygem-rss_0.3.1-11_arm64.deb
    sha:2fabafc2ea3669daeba848f98213cfc2eb112170
  • alt-ruby31-rubygem-test-unit_3.5.3-11_arm64.deb
    sha:175448190fa5c8c6f4f93babf17b5984a0532379
  • alt-ruby31-rubygem-typeprof_0.21.3-11_arm64.deb
    sha:9cae926eccec1e97f329941f7d909db01f947aad
  • alt-ruby31-rubygems_3.3.27-11_arm64.deb
    sha:d2dde00f1b06a2df3aef81958fda67860bb01100
  • alt-ruby31-rubygems-devel_3.3.27-11_arm64.deb
    sha:3dc4629d81d57340cb5ce8bde434ebbfad192580
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.