Amazon Linux 2023 Security Advisory: ALAS2023-2025-1115
Advisory Released Date: 2025-08-08
Advisory Updated Date: 2025-08-08
Severity:
Medium
Issue Overview:
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions.
The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876. (CVE-2025-6442)
Affected Packages:
ruby3.2
Issue Correction:
Run dnf update ruby3.2 --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1115 --releasever 2023.8.20250808 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
ruby3.2-rubygem-json-debuginfo-2.6.3-184.amzn2023.0.2.aarch64
ruby3.2-rubygem-io-console-0.6.0-184.amzn2023.0.2.aarch64
ruby3.2-rubygem-rbs-debuginfo-2.8.2-184.amzn2023.0.2.aarch64
ruby3.2-rubygem-psych-debuginfo-5.0.1-184.amzn2023.0.2.aarch64
ruby3.2-libs-debuginfo-3.2.8-184.amzn2023.0.2.aarch64
ruby3.2-rubygem-io-console-debuginfo-0.6.0-184.amzn2023.0.2.aarch64
ruby3.2-rubygem-rbs-2.8.2-184.amzn2023.0.2.aarch64
ruby3.2-bundled-gems-debuginfo-3.2.8-184.amzn2023.0.2.aarch64
ruby3.2-rubygem-bigdecimal-debuginfo-3.1.3-184.amzn2023.0.2.aarch64
ruby3.2-debugsource-3.2.8-184.amzn2023.0.2.aarch64
ruby3.2-libs-3.2.8-184.amzn2023.0.2.aarch64
ruby3.2-debuginfo-3.2.8-184.amzn2023.0.2.aarch64
ruby3.2-3.2.8-184.amzn2023.0.2.aarch64
ruby3.2-rubygem-bigdecimal-3.1.3-184.amzn2023.0.2.aarch64
ruby3.2-rubygem-psych-5.0.1-184.amzn2023.0.2.aarch64
ruby3.2-bundled-gems-3.2.8-184.amzn2023.0.2.aarch64
ruby3.2-rubygem-json-2.6.3-184.amzn2023.0.2.aarch64
ruby3.2-devel-3.2.8-184.amzn2023.0.2.aarch64
noarch:
ruby3.2-rubygem-rexml-3.3.9-184.amzn2023.0.2.noarch
ruby3.2-rubygem-minitest-5.25.1-184.amzn2023.0.2.noarch
ruby3.2-rubygem-test-unit-3.5.7-184.amzn2023.0.2.noarch
ruby3.2-rubygem-rdoc-6.5.1.1-184.amzn2023.0.2.noarch
ruby3.2-rubygem-bundler-2.4.19-184.amzn2023.0.2.noarch
ruby3.2-rubygems-devel-3.4.19-184.amzn2023.0.2.noarch
ruby3.2-default-gems-3.2.8-184.amzn2023.0.2.noarch
ruby3.2-rubygem-power_assert-2.0.3-184.amzn2023.0.2.noarch
ruby3.2-rubygem-irb-1.6.2-184.amzn2023.0.2.noarch
ruby3.2-rubygem-typeprof-0.21.3-184.amzn2023.0.2.noarch
ruby3.2-rubygem-rss-0.3.1-184.amzn2023.0.2.noarch
ruby3.2-rubygem-rake-13.0.6-184.amzn2023.0.2.noarch
ruby3.2-rubygems-3.4.19-184.amzn2023.0.2.noarch
ruby3.2-doc-3.2.8-184.amzn2023.0.2.noarch
src:
ruby3.2-3.2.8-184.amzn2023.0.2.src
x86_64:
ruby3.2-rubygem-bigdecimal-debuginfo-3.1.3-184.amzn2023.0.2.x86_64
ruby3.2-devel-3.2.8-184.amzn2023.0.2.x86_64
ruby3.2-bundled-gems-3.2.8-184.amzn2023.0.2.x86_64
ruby3.2-rubygem-psych-5.0.1-184.amzn2023.0.2.x86_64
ruby3.2-rubygem-rbs-2.8.2-184.amzn2023.0.2.x86_64
ruby3.2-debugsource-3.2.8-184.amzn2023.0.2.x86_64
ruby3.2-libs-debuginfo-3.2.8-184.amzn2023.0.2.x86_64
ruby3.2-rubygem-psych-debuginfo-5.0.1-184.amzn2023.0.2.x86_64
ruby3.2-debuginfo-3.2.8-184.amzn2023.0.2.x86_64
ruby3.2-rubygem-json-debuginfo-2.6.3-184.amzn2023.0.2.x86_64
ruby3.2-libs-3.2.8-184.amzn2023.0.2.x86_64
ruby3.2-rubygem-bigdecimal-3.1.3-184.amzn2023.0.2.x86_64
ruby3.2-bundled-gems-debuginfo-3.2.8-184.amzn2023.0.2.x86_64
ruby3.2-rubygem-json-2.6.3-184.amzn2023.0.2.x86_64
ruby3.2-rubygem-io-console-debuginfo-0.6.0-184.amzn2023.0.2.x86_64
ruby3.2-rubygem-rbs-debuginfo-2.8.2-184.amzn2023.0.2.x86_64
ruby3.2-3.2.8-184.amzn2023.0.2.x86_64
ruby3.2-rubygem-io-console-0.6.0-184.amzn2023.0.2.x86_64