[CLSA-2026:1781714730] Fix CVE(s): CVE-2025-61594
Type:
security
Severity:
Important
Release date:
2026-06-17 16:45:46 UTC
Description:
* SECURITY UPDATE: credential leak in bundled uri when combining URIs - debian/patches/CVE-2025-61594.patch: clear stale userinfo when setting authority components and replace authority atomically on merge in the bundled uri 0.12.4 (lib/uri/generic.rb), so combining URIs with + / merge no longer re-attaches the base URI's password; backport of upstream uri 0.12.5 (commit d3116ca). Bypass of the CVE-2025-27221 fix. - CVE-2025-61594
CVEs fixed:
Updated packages:
  • alt-ruby31_3.1.7-11_amd64.deb
    sha:3ad46672b7f2e78632af9f4cb3e94d622436dbc8
  • alt-ruby31-bundled-gems_3.1.7-11_amd64.deb
    sha:62dcb6918decc550ad92254be37bca1e1686274a
  • alt-ruby31-default-gems_3.1.7-11_amd64.deb
    sha:bfb0c533bc1bf7673ef14092ae646c64e6d401b6
  • alt-ruby31-devel_3.1.7-11_amd64.deb
    sha:dcec3d32bc0a2ebcfa7e28c972bb62ea52824753
  • alt-ruby31-doc_3.1.7-11_amd64.deb
    sha:1cfef32bfc9063a808fcd402e3cb45e9aa0ac6d6
  • alt-ruby31-libs_3.1.7-11_amd64.deb
    sha:e27bd85838639efa50bb6cf9ba02f8288b2406bd
  • alt-ruby31-rubygem-bigdecimal_3.1.1-11_amd64.deb
    sha:c03707ca4179446a1d728fccedaf66e77d44e1b8
  • alt-ruby31-rubygem-bundler_2.3.27-11_amd64.deb
    sha:18d089e3b697204e16ca1125c3576422b16132f4
  • alt-ruby31-rubygem-io-console_0.5.11-11_amd64.deb
    sha:4af559952261f3b1399bf29c00fa2dce9e9e3260
  • alt-ruby31-rubygem-irb_1.4.1-11_amd64.deb
    sha:bbdf6ae8874d4b5ba60e9c092230d1c1b1980a81
  • alt-ruby31-rubygem-json_2.6.1-11_amd64.deb
    sha:ac2ea2dd63a8f64ac6aeaeac572fc2ff64200d0a
  • alt-ruby31-rubygem-minitest_5.15.0-11_amd64.deb
    sha:096f7f63fece1d1ca52589181e85bbf437ce5585
  • alt-ruby31-rubygem-power-assert_2.0.1-11_amd64.deb
    sha:d38cd650029a0b0e963b7026d00d03008cbb842d
  • alt-ruby31-rubygem-psych_4.0.4-11_amd64.deb
    sha:7857b9ac682210735a6cde32c83b42af0431ed45
  • alt-ruby31-rubygem-rake_13.0.6-11_amd64.deb
    sha:b3f31cd96d2d5360be3ca5604ca7ac7aebe4d9ef
  • alt-ruby31-rubygem-rbs_2.7.0-11_amd64.deb
    sha:8a66f9d0349e894aac3861a6f0e0190d782211d3
  • alt-ruby31-rubygem-rdoc_6.4.1.1-11_amd64.deb
    sha:44298f4e4d7b94ed99b97d58dc0d639b6d324ed1
  • alt-ruby31-rubygem-rexml_3.3.9-11_amd64.deb
    sha:41a47ca8c91e75e23311ea7b3336ac29414fb4e2
  • alt-ruby31-rubygem-rss_0.3.1-11_amd64.deb
    sha:db673904f99ec23cd419aaba006fb6e9dbb37da5
  • alt-ruby31-rubygem-test-unit_3.5.3-11_amd64.deb
    sha:bb0faed38e80024bedb06d186549cd84f2556ad8
  • alt-ruby31-rubygem-typeprof_0.21.3-11_amd64.deb
    sha:f022fece2e2ec0dfebe748f9728b95d6ace8552e
  • alt-ruby31-rubygems_3.3.27-11_amd64.deb
    sha:854cf3976a85dfbb7cd482876b36271dedb72620
  • alt-ruby31-rubygems-devel_3.3.27-11_amd64.deb
    sha:43b3e2086e148246cb02f3051f2f970a661b07e4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.