Ubuntu alert USN-8137-1 (ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2, ruby3.3)

From:
             
 
noreply+usn-bot@canonical.com
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-8137-1] Ruby vulnerability
Date:
             
 
Wed, 01 Apr 2026 06:13:08 +0000
Message-ID:
             
 
<E1w7opA-0000QX-MF@lists.ubuntu.com>
==========================================================================
Ubuntu Security Notice USN-8137-1
March 31, 2026

ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Ruby could be made to expose sensitive information.

Software Description:
- ruby3.3: Object-oriented scripting language
- ruby3.2: Object-oriented scripting language
- ruby3.0: Object-oriented scripting language
- ruby2.7: Object-oriented scripting language
- ruby2.5: Object-oriented scripting language
- ruby2.3: Object-oriented scripting language

Details:

It was discovered that the Ruby URI gem did not properly handle sensitive
information when combining URIs. A remote attacker could possibly use this
issue to leak authentication credentials.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  libruby3.3                      3.3.8-2ubuntu2.1
  ruby3.3                         3.3.8-2ubuntu2.1

Ubuntu 24.04 LTS
  libruby3.2                      3.2.3-1ubuntu0.24.04.7
  ruby3.2                         3.2.3-1ubuntu0.24.04.7

Ubuntu 22.04 LTS
  libruby3.0                      3.0.2-7ubuntu2.12
  ruby3.0                         3.0.2-7ubuntu2.12

Ubuntu 20.04 LTS
  libruby2.7                      2.7.0-5ubuntu1.18+esm4
                                  Available with Ubuntu Pro
  ruby2.7                         2.7.0-5ubuntu1.18+esm4
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libruby2.5                      2.5.1-1ubuntu1.16+esm7
                                  Available with Ubuntu Pro
  ruby2.5                         2.5.1-1ubuntu1.16+esm7
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libruby2.3                      2.3.1-2~ubuntu16.04.16+esm12
                                  Available with Ubuntu Pro
  ruby2.3                         2.3.1-2~ubuntu16.04.16+esm12
                                  Available with Ubuntu Pro
  ruby2.3-tcltk                   2.3.1-2~ubuntu16.04.16+esm12
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8137-1
  CVE-2025-61594

Package Information:
  https://launchpad.net/ubuntu/+source/ruby3.3/3.3.8-2ubunt...
  https://launchpad.net/ubuntu/+source/ruby3.2/3.2.3-1ubunt...
  https://launchpad.net/ubuntu/+source/ruby3.0/3.0.2-7ubunt...


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnMtYsACgkQcpJm3tlz
hgE6Ug/9EEhLDHBf0whr/C1HXlGbZIGBXOsEHPSFoLZlOH4w9xBxFXaLRQxICKsx
3cZJxlZ0HmpL98z8n2MVHk3QOsk1FBc3c4t7UoHmpOLzzc2/J6xc1E4cf2M/cvjJ
qFTyXYcN9QPGr67jAJI0hXSrZ6vij4E//ZgYioT4iOD3YWK+NTgGeYqX4R1+3j3N
i58PdkoSDNA6R1uuM7cd9WdqmHNg0YN54oAS1viGDxoy8OtmZOpnY1IL+jV3GQdt
PCDeXPutw1m9yyh78OYs/8270oFQqmWFIqap8XxDumlTwOKX2Gh0foGRwEqFDgxZ
bg05fsTpm/3zHdKVPAavmHMMCIHJDm5IaEFDgKuhJGZF3lHl6f4dOExhvdDgQynE
jRuCuSrMbrACXUu7iUhA7rCWvFP7yZeLtx/a/QbepAdt5Rk1KpkjIqdGmerMfqrg
A59tPsTEnIfDRh6nlSHfDhzQhpsdj9/MjCNNdmRkIdPLSOmhYP8PETBCTtTHoJ40
ssT+5fET+HVyqRSiub9HePHS2CSgr/TFZz+Zyun5EqSLCgF3QQnOYTYt8tThx9nz
gB8dkynqZ1R8Jyln2McOnhHaPSLBN3bZ3Wa5BR2ITD6x8yTvSulOj7W1mmgyelFE
u7HPCPKR7drEhIVD64dx73Hi+eGUMSqD1uT9C50Rf+JAYtPvqDA=
=q7aE
-----END PGP SIGNATURE-----