ELA-1358-1 libxslt security update
ELA-1359-1 ruby2.5 security update
ELA-1358-1 libxslt security update
Package : libxslt
Version : 1.1.28-2+deb8u8 (jessie), 1.1.29-2.1+deb9u4 (stretch), 1.1.32-2.2~deb10u3 (buster)
Related CVEs :
CVE-2024-55549
CVE-2025-24855
Two use-after-free vulnerabilities have been fixed in the XSLT processing library libxslt.
CVE-2024-55549
Use-after-free related to excluded namespaces
CVE-2025-24855
Use-after-free of XPath context nodeELA-1358-1 libxslt security update
ELA-1359-1 ruby2.5 security update
Package : ruby2.5
Version : 2.5.5-3+deb10u10 (buster)
Related CVEs :
CVE-2025-27219
CVE-2025-27220
CVE-2025-27221
Ruby, a popular scripting language, was affected by multiple vulnerabilities.
CVE-2025-27219
In the CGI gem, the CGI::Cookie.parse method in the CGI library
contains a potential Denial of Service (DoS) vulnerability.
The method does not impose any limit on the length of the raw cookie
value it processes. This oversight can lead to excessive
resource consumption when parsing extremely large cookies.
CVE-2025-27220
In the CGI gem, a Regular Expression Denial of Service (ReDoS)
vulnerability exists in the Util#escapeElement method.
CVE-2025-27221
In the URI gem, the URI handling methods
(URI.join, URI#merge, URI#+) have an inadvertent leakage of
authentication credentials because userinfo is retained
even after changing the host.ELA-1359-1 ruby2.5 security update
