Amazon Linux 2023 Security Advisory: ALAS2023-2025-928
Advisory Released Date: 2025-04-14
Advisory Updated Date: 2025-04-14
Severity:
Medium
Issue Overview:
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. (CVE-2025-27221)
Affected Packages:
ruby3.2
Issue Correction:
Run dnf update ruby3.2 --releasever 2023.7.20250414 to update your system.
New Packages:
aarch64:
ruby3.2-rubygem-io-console-0.6.0-183.amzn2023.0.2.aarch64
ruby3.2-rubygem-rbs-debuginfo-2.8.2-183.amzn2023.0.2.aarch64
ruby3.2-devel-3.2.7-183.amzn2023.0.2.aarch64
ruby3.2-rubygem-psych-5.0.1-183.amzn2023.0.2.aarch64
ruby3.2-rubygem-json-debuginfo-2.6.3-183.amzn2023.0.2.aarch64
ruby3.2-rubygem-io-console-debuginfo-0.6.0-183.amzn2023.0.2.aarch64
ruby3.2-debugsource-3.2.7-183.amzn2023.0.2.aarch64
ruby3.2-rubygem-psych-debuginfo-5.0.1-183.amzn2023.0.2.aarch64
ruby3.2-debuginfo-3.2.7-183.amzn2023.0.2.aarch64
ruby3.2-libs-debuginfo-3.2.7-183.amzn2023.0.2.aarch64
ruby3.2-bundled-gems-3.2.7-183.amzn2023.0.2.aarch64
ruby3.2-rubygem-bigdecimal-debuginfo-3.1.3-183.amzn2023.0.2.aarch64
ruby3.2-rubygem-rbs-2.8.2-183.amzn2023.0.2.aarch64
ruby3.2-rubygem-bigdecimal-3.1.3-183.amzn2023.0.2.aarch64
ruby3.2-rubygem-json-2.6.3-183.amzn2023.0.2.aarch64
ruby3.2-bundled-gems-debuginfo-3.2.7-183.amzn2023.0.2.aarch64
ruby3.2-3.2.7-183.amzn2023.0.2.aarch64
ruby3.2-libs-3.2.7-183.amzn2023.0.2.aarch64
noarch:
ruby3.2-default-gems-3.2.7-183.amzn2023.0.2.noarch
ruby3.2-rubygem-power_assert-2.0.3-183.amzn2023.0.2.noarch
ruby3.2-rubygem-irb-1.6.2-183.amzn2023.0.2.noarch
ruby3.2-rubygem-rdoc-6.5.1.1-183.amzn2023.0.2.noarch
ruby3.2-rubygem-rexml-3.3.9-183.amzn2023.0.2.noarch
ruby3.2-rubygem-rake-13.0.6-183.amzn2023.0.2.noarch
ruby3.2-rubygem-test-unit-3.5.7-183.amzn2023.0.2.noarch
ruby3.2-rubygems-3.4.19-183.amzn2023.0.2.noarch
ruby3.2-rubygems-devel-3.4.19-183.amzn2023.0.2.noarch
ruby3.2-rubygem-typeprof-0.21.3-183.amzn2023.0.2.noarch
ruby3.2-rubygem-rss-0.3.1-183.amzn2023.0.2.noarch
ruby3.2-rubygem-minitest-5.25.1-183.amzn2023.0.2.noarch
ruby3.2-rubygem-bundler-2.4.19-183.amzn2023.0.2.noarch
ruby3.2-doc-3.2.7-183.amzn2023.0.2.noarch
src:
ruby3.2-3.2.7-183.amzn2023.0.2.src
x86_64:
ruby3.2-rubygem-io-console-debuginfo-0.6.0-183.amzn2023.0.2.x86_64
ruby3.2-debugsource-3.2.7-183.amzn2023.0.2.x86_64
ruby3.2-bundled-gems-3.2.7-183.amzn2023.0.2.x86_64
ruby3.2-libs-3.2.7-183.amzn2023.0.2.x86_64
ruby3.2-libs-debuginfo-3.2.7-183.amzn2023.0.2.x86_64
ruby3.2-debuginfo-3.2.7-183.amzn2023.0.2.x86_64
ruby3.2-rubygem-psych-debuginfo-5.0.1-183.amzn2023.0.2.x86_64
ruby3.2-rubygem-rbs-debuginfo-2.8.2-183.amzn2023.0.2.x86_64
ruby3.2-rubygem-bigdecimal-debuginfo-3.1.3-183.amzn2023.0.2.x86_64
ruby3.2-rubygem-psych-5.0.1-183.amzn2023.0.2.x86_64
ruby3.2-rubygem-json-debuginfo-2.6.3-183.amzn2023.0.2.x86_64
ruby3.2-rubygem-bigdecimal-3.1.3-183.amzn2023.0.2.x86_64
ruby3.2-bundled-gems-debuginfo-3.2.7-183.amzn2023.0.2.x86_64
ruby3.2-devel-3.2.7-183.amzn2023.0.2.x86_64
ruby3.2-3.2.7-183.amzn2023.0.2.x86_64
ruby3.2-rubygem-json-2.6.3-183.amzn2023.0.2.x86_64
ruby3.2-rubygem-rbs-2.8.2-183.amzn2023.0.2.x86_64
ruby3.2-rubygem-io-console-0.6.0-183.amzn2023.0.2.x86_64