[El-errata] ELSA-2026-33577 Important: Oracle Linux 9 ruby:4.0 security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Jul 7 23:13:38 UTC 2026


Oracle Linux Security Advisory ELSA-2026-33577

http://linux.oracle.com/errata/ELSA-2026-33577.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
ruby-4.0.3-33.module+el9.8.0+90938+383082f5.i686.rpm
ruby-4.0.3-33.module+el9.8.0+90938+383082f5.x86_64.rpm
ruby-bundled-gems-4.0.3-33.module+el9.8.0+90938+383082f5.i686.rpm
ruby-bundled-gems-4.0.3-33.module+el9.8.0+90938+383082f5.x86_64.rpm
ruby-default-gems-4.0.3-33.module+el9.8.0+90938+383082f5.noarch.rpm
ruby-devel-4.0.3-33.module+el9.8.0+90938+383082f5.i686.rpm
ruby-devel-4.0.3-33.module+el9.8.0+90938+383082f5.x86_64.rpm
ruby-doc-4.0.3-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-bigdecimal-4.0.1-33.module+el9.8.0+90938+383082f5.i686.rpm
rubygem-bigdecimal-4.0.1-33.module+el9.8.0+90938+383082f5.x86_64.rpm
rubygem-bundler-4.0.6-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-io-console-0.8.2-33.module+el9.8.0+90938+383082f5.i686.rpm
rubygem-io-console-0.8.2-33.module+el9.8.0+90938+383082f5.x86_64.rpm
rubygem-irb-1.16.0-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-json-2.18.0-33.module+el9.8.0+90938+383082f5.i686.rpm
rubygem-json-2.18.0-33.module+el9.8.0+90938+383082f5.x86_64.rpm
rubygem-minitest-6.0.0-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-mysql2-0.5.7-1.module+el9.8.0+90938+383082f5.x86_64.rpm
rubygem-mysql2-doc-0.5.7-1.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-pg-1.6.3-1.module+el9.8.0+90938+383082f5.x86_64.rpm
rubygem-pg-doc-1.6.3-1.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-power_assert-3.0.1-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-psych-5.3.1-33.module+el9.8.0+90938+383082f5.i686.rpm
rubygem-psych-5.3.1-33.module+el9.8.0+90938+383082f5.x86_64.rpm
rubygem-racc-1.8.1-33.module+el9.8.0+90938+383082f5.i686.rpm
rubygem-racc-1.8.1-33.module+el9.8.0+90938+383082f5.x86_64.rpm
rubygem-rake-13.3.1-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-rbs-3.10.0-33.module+el9.8.0+90938+383082f5.i686.rpm
rubygem-rbs-3.10.0-33.module+el9.8.0+90938+383082f5.x86_64.rpm
rubygem-rdoc-7.0.3-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-rexml-3.4.4-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-rss-0.3.2-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygems-4.0.6-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygems-devel-4.0.6-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-test-unit-3.7.5-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-typeprof-0.31.1-33.module+el9.8.0+90938+383082f5.noarch.rpm
ruby-libs-4.0.3-33.module+el9.8.0+90938+383082f5.i686.rpm
ruby-libs-4.0.3-33.module+el9.8.0+90938+383082f5.x86_64.rpm

aarch64:
ruby-4.0.3-33.module+el9.8.0+90938+383082f5.aarch64.rpm
ruby-bundled-gems-4.0.3-33.module+el9.8.0+90938+383082f5.aarch64.rpm
ruby-default-gems-4.0.3-33.module+el9.8.0+90938+383082f5.noarch.rpm
ruby-devel-4.0.3-33.module+el9.8.0+90938+383082f5.aarch64.rpm
ruby-doc-4.0.3-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-bigdecimal-4.0.1-33.module+el9.8.0+90938+383082f5.aarch64.rpm
rubygem-bundler-4.0.6-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-io-console-0.8.2-33.module+el9.8.0+90938+383082f5.aarch64.rpm
rubygem-irb-1.16.0-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-json-2.18.0-33.module+el9.8.0+90938+383082f5.aarch64.rpm
rubygem-minitest-6.0.0-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-mysql2-0.5.7-1.module+el9.8.0+90938+383082f5.aarch64.rpm
rubygem-mysql2-doc-0.5.7-1.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-pg-1.6.3-1.module+el9.8.0+90938+383082f5.aarch64.rpm
rubygem-pg-doc-1.6.3-1.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-power_assert-3.0.1-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-psych-5.3.1-33.module+el9.8.0+90938+383082f5.aarch64.rpm
rubygem-racc-1.8.1-33.module+el9.8.0+90938+383082f5.aarch64.rpm
rubygem-rake-13.3.1-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-rbs-3.10.0-33.module+el9.8.0+90938+383082f5.aarch64.rpm
rubygem-rdoc-7.0.3-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-rexml-3.4.4-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-rss-0.3.2-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygems-4.0.6-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygems-devel-4.0.6-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-test-unit-3.7.5-33.module+el9.8.0+90938+383082f5.noarch.rpm
rubygem-typeprof-0.31.1-33.module+el9.8.0+90938+383082f5.noarch.rpm
ruby-libs-4.0.3-33.module+el9.8.0+90938+383082f5.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/ruby-4.0.3-33.module+el9.8.0+90938+383082f5.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/rubygem-mysql2-0.5.7-1.module+el9.8.0+90938+383082f5.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/rubygem-pg-1.6.3-1.module+el9.8.0+90938+383082f5.src.rpm

Related CVEs:

CVE-2026-42245
CVE-2026-42246
CVE-2026-42258




Description of changes:

ruby
[4.0.3-33]
- Fix Net::IMAP ResponseReader quadratic complexity vulnerability. (CVE-2026-42245)
  Resolves: RHEL-181690
- Fix Net::IMAP STARTTLS stripping vulnerability. (CVE-2026-42246)
  Resolves: RHEL-181771
- Fix Net::IMAP command injection vulnerability via unvalidated Symbol arguments. (CVE-2026-42258)
  Resolves: RHEL-181803

[4.0.3-32]
- Upgrade to Ruby 4.0.3.
  Resolves: RHEL-171933
- Fix ERB: Arbitrary code execution via deserialization bypass
 (CVE-2026-41316)
  Resolves: RHEL-171258
- Fix JSON: Denial of Service or Information Disclosure via format string injection
 (CVE-2026-33210)
 Resolves: RHEL-173458

rubygem-mysql2
[0.5.7-1]
- Upgrade to mysql2 0.5.7.
  Related: RHEL-142278

rubygem-pg
[1.6.3-1]
- Upgrade to pg 1.6.3
  Related: RHEL-142278




More information about the El-errata mailing list