An update for ruby is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2578 Final 1.0 1.0 2026-06-05 Initial 2026-06-05 2026-06-05 openEuler SA Tool V1.0 2026-06-05 ruby security update An update for ruby is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3 Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl). Security Fix(es): Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.(CVE-2026-42245) Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.(CVE-2026-42246) Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.(CVE-2026-42257) Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.(CVE-2026-42258) An update for ruby is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical ruby https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2578 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-42245 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-42246 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-42257 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-42258 https://nvd.nist.gov/vuln/detail/CVE-2026-42245 https://nvd.nist.gov/vuln/detail/CVE-2026-42246 https://nvd.nist.gov/vuln/detail/CVE-2026-42257 https://nvd.nist.gov/vuln/detail/CVE-2026-42258 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 ruby-2.5.8-138.oe2003sp4.src.rpm ruby-3.0.3-146.oe2203sp4.src.rpm ruby-3.2.2-154.oe2403sp1.src.rpm ruby-3.2.2-154.oe2403sp3.src.rpm ruby-2.5.8-138.oe2003sp4.x86_64.rpm ruby-debuginfo-2.5.8-138.oe2003sp4.x86_64.rpm ruby-debugsource-2.5.8-138.oe2003sp4.x86_64.rpm ruby-devel-2.5.8-138.oe2003sp4.x86_64.rpm rubygem-bigdecimal-1.3.4-138.oe2003sp4.x86_64.rpm rubygem-io-console-0.4.6-138.oe2003sp4.x86_64.rpm rubygem-json-2.1.0-138.oe2003sp4.x86_64.rpm rubygem-openssl-2.1.2-138.oe2003sp4.x86_64.rpm rubygem-psych-3.0.2-138.oe2003sp4.x86_64.rpm ruby-3.0.3-146.oe2203sp4.x86_64.rpm ruby-debuginfo-3.0.3-146.oe2203sp4.x86_64.rpm ruby-debugsource-3.0.3-146.oe2203sp4.x86_64.rpm ruby-devel-3.0.3-146.oe2203sp4.x86_64.rpm rubygem-bigdecimal-3.0.0-146.oe2203sp4.x86_64.rpm rubygem-io-console-0.5.7-146.oe2203sp4.x86_64.rpm rubygem-json-2.5.1-146.oe2203sp4.x86_64.rpm rubygem-openssl-2.2.1-146.oe2203sp4.x86_64.rpm rubygem-psych-3.3.2-146.oe2203sp4.x86_64.rpm ruby-3.2.2-154.oe2403sp1.x86_64.rpm ruby-bundled-gems-3.2.2-154.oe2403sp1.x86_64.rpm ruby-debuginfo-3.2.2-154.oe2403sp1.x86_64.rpm ruby-debugsource-3.2.2-154.oe2403sp1.x86_64.rpm ruby-devel-3.2.2-154.oe2403sp1.x86_64.rpm rubygem-bigdecimal-3.1.3-154.oe2403sp1.x86_64.rpm rubygem-io-console-0.6.0-154.oe2403sp1.x86_64.rpm rubygem-json-2.6.3-154.oe2403sp1.x86_64.rpm rubygem-openssl-3.1.0-154.oe2403sp1.x86_64.rpm rubygem-psych-5.0.1-154.oe2403sp1.x86_64.rpm rubygem-rbs-2.8.2-154.oe2403sp1.x86_64.rpm ruby-3.2.2-154.oe2403sp3.x86_64.rpm ruby-bundled-gems-3.2.2-154.oe2403sp3.x86_64.rpm ruby-debuginfo-3.2.2-154.oe2403sp3.x86_64.rpm ruby-debugsource-3.2.2-154.oe2403sp3.x86_64.rpm ruby-devel-3.2.2-154.oe2403sp3.x86_64.rpm rubygem-bigdecimal-3.1.3-154.oe2403sp3.x86_64.rpm rubygem-io-console-0.6.0-154.oe2403sp3.x86_64.rpm rubygem-json-2.6.3-154.oe2403sp3.x86_64.rpm rubygem-openssl-3.1.0-154.oe2403sp3.x86_64.rpm rubygem-psych-5.0.1-154.oe2403sp3.x86_64.rpm rubygem-rbs-2.8.2-154.oe2403sp3.x86_64.rpm ruby-help-2.5.8-138.oe2003sp4.noarch.rpm ruby-irb-2.5.8-138.oe2003sp4.noarch.rpm rubygem-did_you_mean-1.2.0-138.oe2003sp4.noarch.rpm rubygem-minitest-5.10.3-138.oe2003sp4.noarch.rpm rubygem-net-telnet-0.1.1-138.oe2003sp4.noarch.rpm rubygem-power_assert-1.1.1-138.oe2003sp4.noarch.rpm rubygem-rake-12.3.0-138.oe2003sp4.noarch.rpm rubygem-rdoc-6.0.1.1-138.oe2003sp4.noarch.rpm rubygem-test-unit-3.2.7-138.oe2003sp4.noarch.rpm rubygem-xmlrpc-0.3.0-138.oe2003sp4.noarch.rpm rubygems-2.7.6-138.oe2003sp4.noarch.rpm rubygems-devel-2.7.6-138.oe2003sp4.noarch.rpm ruby-help-3.0.3-146.oe2203sp4.noarch.rpm ruby-irb-3.0.3-146.oe2203sp4.noarch.rpm rubygem-bundler-2.2.32-146.oe2203sp4.noarch.rpm rubygem-did_you_mean-1.5.0-146.oe2203sp4.noarch.rpm rubygem-minitest-5.14.2-146.oe2203sp4.noarch.rpm rubygem-rake-13.0.3-146.oe2203sp4.noarch.rpm rubygem-rbs-1.4.0-146.oe2203sp4.noarch.rpm rubygem-rdoc-6.3.3-146.oe2203sp4.noarch.rpm rubygem-rexml-3.2.5-146.oe2203sp4.noarch.rpm rubygem-rss-0.2.9-146.oe2203sp4.noarch.rpm rubygem-test-unit-3.3.7-146.oe2203sp4.noarch.rpm rubygem-typeprof-0.15.2-146.oe2203sp4.noarch.rpm rubygems-3.2.32-146.oe2203sp4.noarch.rpm rubygems-devel-3.2.32-146.oe2203sp4.noarch.rpm ruby-help-3.2.2-154.oe2403sp1.noarch.rpm ruby-irb-3.2.2-154.oe2403sp1.noarch.rpm rubygem-did_you_mean-1.6.3-154.oe2403sp1.noarch.rpm rubygem-minitest-5.16.3-154.oe2403sp1.noarch.rpm rubygem-rake-13.0.6-154.oe2403sp1.noarch.rpm rubygem-rdoc-6.5.0-154.oe2403sp1.noarch.rpm rubygem-rexml-3.2.5-154.oe2403sp1.noarch.rpm rubygem-rss-0.2.9-154.oe2403sp1.noarch.rpm rubygem-test-unit-3.5.7-154.oe2403sp1.noarch.rpm rubygem-typeprof-0.21.3-154.oe2403sp1.noarch.rpm rubygems-3.4.10-154.oe2403sp1.noarch.rpm rubygems-devel-3.4.10-154.oe2403sp1.noarch.rpm ruby-help-3.2.2-154.oe2403sp3.noarch.rpm ruby-irb-3.2.2-154.oe2403sp3.noarch.rpm rubygem-did_you_mean-1.6.3-154.oe2403sp3.noarch.rpm rubygem-minitest-5.16.3-154.oe2403sp3.noarch.rpm rubygem-rake-13.0.6-154.oe2403sp3.noarch.rpm rubygem-rdoc-6.5.0-154.oe2403sp3.noarch.rpm rubygem-rexml-3.2.5-154.oe2403sp3.noarch.rpm rubygem-rss-0.2.9-154.oe2403sp3.noarch.rpm rubygem-test-unit-3.5.7-154.oe2403sp3.noarch.rpm rubygem-typeprof-0.21.3-154.oe2403sp3.noarch.rpm rubygems-3.4.10-154.oe2403sp3.noarch.rpm rubygems-devel-3.4.10-154.oe2403sp3.noarch.rpm ruby-2.5.8-138.oe2003sp4.aarch64.rpm ruby-debuginfo-2.5.8-138.oe2003sp4.aarch64.rpm ruby-debugsource-2.5.8-138.oe2003sp4.aarch64.rpm ruby-devel-2.5.8-138.oe2003sp4.aarch64.rpm rubygem-bigdecimal-1.3.4-138.oe2003sp4.aarch64.rpm rubygem-io-console-0.4.6-138.oe2003sp4.aarch64.rpm rubygem-json-2.1.0-138.oe2003sp4.aarch64.rpm rubygem-openssl-2.1.2-138.oe2003sp4.aarch64.rpm rubygem-psych-3.0.2-138.oe2003sp4.aarch64.rpm ruby-3.0.3-146.oe2203sp4.aarch64.rpm ruby-debuginfo-3.0.3-146.oe2203sp4.aarch64.rpm ruby-debugsource-3.0.3-146.oe2203sp4.aarch64.rpm ruby-devel-3.0.3-146.oe2203sp4.aarch64.rpm rubygem-bigdecimal-3.0.0-146.oe2203sp4.aarch64.rpm rubygem-io-console-0.5.7-146.oe2203sp4.aarch64.rpm rubygem-json-2.5.1-146.oe2203sp4.aarch64.rpm rubygem-openssl-2.2.1-146.oe2203sp4.aarch64.rpm rubygem-psych-3.3.2-146.oe2203sp4.aarch64.rpm ruby-3.2.2-154.oe2403sp1.aarch64.rpm ruby-bundled-gems-3.2.2-154.oe2403sp1.aarch64.rpm ruby-debuginfo-3.2.2-154.oe2403sp1.aarch64.rpm ruby-debugsource-3.2.2-154.oe2403sp1.aarch64.rpm ruby-devel-3.2.2-154.oe2403sp1.aarch64.rpm rubygem-bigdecimal-3.1.3-154.oe2403sp1.aarch64.rpm rubygem-io-console-0.6.0-154.oe2403sp1.aarch64.rpm rubygem-json-2.6.3-154.oe2403sp1.aarch64.rpm rubygem-openssl-3.1.0-154.oe2403sp1.aarch64.rpm rubygem-psych-5.0.1-154.oe2403sp1.aarch64.rpm rubygem-rbs-2.8.2-154.oe2403sp1.aarch64.rpm ruby-3.2.2-154.oe2403sp3.aarch64.rpm ruby-bundled-gems-3.2.2-154.oe2403sp3.aarch64.rpm ruby-debuginfo-3.2.2-154.oe2403sp3.aarch64.rpm ruby-debugsource-3.2.2-154.oe2403sp3.aarch64.rpm ruby-devel-3.2.2-154.oe2403sp3.aarch64.rpm rubygem-bigdecimal-3.1.3-154.oe2403sp3.aarch64.rpm rubygem-io-console-0.6.0-154.oe2403sp3.aarch64.rpm rubygem-json-2.6.3-154.oe2403sp3.aarch64.rpm rubygem-openssl-3.1.0-154.oe2403sp3.aarch64.rpm rubygem-psych-5.0.1-154.oe2403sp3.aarch64.rpm rubygem-rbs-2.8.2-154.oe2403sp3.aarch64.rpm Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4. 2026-06-05 CVE-2026-42245 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ruby security update 2026-06-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2578 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4. 2026-06-05 CVE-2026-42246 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 High 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N ruby security update 2026-06-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2578 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4. 2026-06-05 CVE-2026-42257 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ruby security update 2026-06-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2578 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4. 2026-06-05 CVE-2026-42258 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ruby security update 2026-06-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2578