[CLSA-2026:1781714463] Fix CVE(s): CVE-2025-61594
Type:
security
Severity:
Important
Release date:
2026-06-17 16:41:19 UTC
Description:
* SECURITY UPDATE: credential leak in bundled uri when combining URIs - debian/patches/CVE-2025-61594.patch: clear stale userinfo when setting authority components and replace authority atomically on merge in the bundled uri 0.12.4 (lib/uri/generic.rb), so combining URIs with + / merge no longer re-attaches the base URI's password; backport of upstream uri 0.12.5 (commit d3116ca). Bypass of the CVE-2025-27221 fix. - CVE-2025-61594
CVEs fixed:
Updated packages:
  • alt-ruby31_3.1.7-11_amd64.deb
    sha:ee974a7d7b0de16861d823a066c3bedc5f5d8299
  • alt-ruby31-bundled-gems_3.1.7-11_amd64.deb
    sha:ff11aa6807e47d6791db1fb4fe165a9268345059
  • alt-ruby31-default-gems_3.1.7-11_amd64.deb
    sha:26ca895295b1075f2addbbc7ca138d8f29ffa6e7
  • alt-ruby31-devel_3.1.7-11_amd64.deb
    sha:79b4b7ce5be7719a48928ca618a2d53799646a14
  • alt-ruby31-doc_3.1.7-11_amd64.deb
    sha:f6a0ec03de0d2979d9be6124379c40291a6b0dbc
  • alt-ruby31-libs_3.1.7-11_amd64.deb
    sha:b91ce47bc60e067273854ff6c2790c39d1ede364
  • alt-ruby31-rubygem-bigdecimal_3.1.1-11_amd64.deb
    sha:de3e5cee940f8e7f995bdee4f576811e33e6f0dc
  • alt-ruby31-rubygem-bundler_2.3.27-11_amd64.deb
    sha:2b8649f51624b62b761e5e3049c9c4ca654abc2e
  • alt-ruby31-rubygem-io-console_0.5.11-11_amd64.deb
    sha:8db39da8f943af1e4552ff1971be4ef3af5b7f02
  • alt-ruby31-rubygem-irb_1.4.1-11_amd64.deb
    sha:1cc4f30a6f8491b371cfbda138609e98b4b461a2
  • alt-ruby31-rubygem-json_2.6.1-11_amd64.deb
    sha:1b6cc95e8ae3483994ce4bd51315ef94ab0e4bf6
  • alt-ruby31-rubygem-minitest_5.15.0-11_amd64.deb
    sha:7073a00e8a7207769b1c8c6362dcb288c5764242
  • alt-ruby31-rubygem-power-assert_2.0.1-11_amd64.deb
    sha:1ce64440eca73aad9562df453db9e0530fcac60e
  • alt-ruby31-rubygem-psych_4.0.4-11_amd64.deb
    sha:ff2207771aa075be3215350e16c6741273120e06
  • alt-ruby31-rubygem-rake_13.0.6-11_amd64.deb
    sha:4ab1281d3f8f852c700b7890eba5ab4d2716d372
  • alt-ruby31-rubygem-rbs_2.7.0-11_amd64.deb
    sha:a11b1c9e494af0fa4deb00bd99f6d5973c2dc152
  • alt-ruby31-rubygem-rdoc_6.4.1.1-11_amd64.deb
    sha:be989fccf9e75a415073fadc8c34a4c19a46a11a
  • alt-ruby31-rubygem-rexml_3.3.9-11_amd64.deb
    sha:58fcf3b54e5f30694f64846cdd3b146771976e6f
  • alt-ruby31-rubygem-rss_0.3.1-11_amd64.deb
    sha:77a7e4046741214032d69d2e5e2f440b36b27cf2
  • alt-ruby31-rubygem-test-unit_3.5.3-11_amd64.deb
    sha:d7b030406a16cf568364eb4911e607da4591c785
  • alt-ruby31-rubygem-typeprof_0.21.3-11_amd64.deb
    sha:f933a9ed16c7a39618839a42224bb21ca7dfc136
  • alt-ruby31-rubygems_3.3.27-11_amd64.deb
    sha:2ceb2283a411c91e110684b3510e1c56edccf822
  • alt-ruby31-rubygems-devel_3.3.27-11_amd64.deb
    sha:7ea45ebd3d0d5be8692fff247e9d5fe9917d5519
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.