Amazon Linux 2023 Security Advisory: ALAS2023-2025-1204
Advisory Released Date: 2025-09-29
Advisory Updated Date: 2025-09-29
Severity:
Low
Issue Overview:
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities. (CVE-2025-58767)
Affected Packages:
ruby3.2
Issue Correction:
Run dnf update ruby3.2 --releasever 2023.9.20250929 or dnf update --advisory ALAS2023-2025-1204 --releasever 2023.9.20250929 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
ruby3.2-rubygem-rbs-debuginfo-2.8.2-184.amzn2023.0.6.aarch64
ruby3.2-3.2.8-184.amzn2023.0.6.aarch64
ruby3.2-devel-3.2.8-184.amzn2023.0.6.aarch64
ruby3.2-libs-debuginfo-3.2.8-184.amzn2023.0.6.aarch64
ruby3.2-rubygem-json-debuginfo-2.6.3-184.amzn2023.0.6.aarch64
ruby3.2-rubygem-psych-debuginfo-5.0.1-184.amzn2023.0.6.aarch64
ruby3.2-debugsource-3.2.8-184.amzn2023.0.6.aarch64
ruby3.2-rubygem-bigdecimal-debuginfo-3.1.3-184.amzn2023.0.6.aarch64
ruby3.2-rubygem-rbs-2.8.2-184.amzn2023.0.6.aarch64
ruby3.2-bundled-gems-3.2.8-184.amzn2023.0.6.aarch64
ruby3.2-debuginfo-3.2.8-184.amzn2023.0.6.aarch64
ruby3.2-libs-3.2.8-184.amzn2023.0.6.aarch64
ruby3.2-rubygem-io-console-0.6.0-184.amzn2023.0.6.aarch64
ruby3.2-rubygem-psych-5.0.1-184.amzn2023.0.6.aarch64
ruby3.2-rubygem-json-2.6.3-184.amzn2023.0.6.aarch64
ruby3.2-rubygem-bigdecimal-3.1.3-184.amzn2023.0.6.aarch64
ruby3.2-bundled-gems-debuginfo-3.2.8-184.amzn2023.0.6.aarch64
ruby3.2-rubygem-io-console-debuginfo-0.6.0-184.amzn2023.0.6.aarch64
noarch:
ruby3.2-rubygem-minitest-5.25.1-184.amzn2023.0.6.noarch
ruby3.2-rubygem-rake-13.0.6-184.amzn2023.0.6.noarch
ruby3.2-rubygem-rss-0.3.1-184.amzn2023.0.6.noarch
ruby3.2-rubygem-typeprof-0.21.3-184.amzn2023.0.6.noarch
ruby3.2-rubygem-rexml-3.4.2-184.amzn2023.0.6.noarch
ruby3.2-default-gems-3.2.8-184.amzn2023.0.6.noarch
ruby3.2-rubygems-devel-3.4.19-184.amzn2023.0.6.noarch
ruby3.2-rubygem-bundler-2.4.19-184.amzn2023.0.6.noarch
ruby3.2-rubygem-irb-1.6.2-184.amzn2023.0.6.noarch
ruby3.2-rubygem-test-unit-3.5.7-184.amzn2023.0.6.noarch
ruby3.2-rubygem-rdoc-6.5.1.1-184.amzn2023.0.6.noarch
ruby3.2-rubygem-power_assert-2.0.3-184.amzn2023.0.6.noarch
ruby3.2-rubygems-3.4.19-184.amzn2023.0.6.noarch
ruby3.2-doc-3.2.8-184.amzn2023.0.6.noarch
src:
ruby3.2-3.2.8-184.amzn2023.0.6.src
x86_64:
ruby3.2-rubygem-json-debuginfo-2.6.3-184.amzn2023.0.6.x86_64
ruby3.2-debugsource-3.2.8-184.amzn2023.0.6.x86_64
ruby3.2-rubygem-psych-debuginfo-5.0.1-184.amzn2023.0.6.x86_64
ruby3.2-rubygem-rbs-debuginfo-2.8.2-184.amzn2023.0.6.x86_64
ruby3.2-debuginfo-3.2.8-184.amzn2023.0.6.x86_64
ruby3.2-3.2.8-184.amzn2023.0.6.x86_64
ruby3.2-rubygem-rbs-2.8.2-184.amzn2023.0.6.x86_64
ruby3.2-rubygem-bigdecimal-debuginfo-3.1.3-184.amzn2023.0.6.x86_64
ruby3.2-bundled-gems-debuginfo-3.2.8-184.amzn2023.0.6.x86_64
ruby3.2-rubygem-json-2.6.3-184.amzn2023.0.6.x86_64
ruby3.2-rubygem-io-console-0.6.0-184.amzn2023.0.6.x86_64
ruby3.2-devel-3.2.8-184.amzn2023.0.6.x86_64
ruby3.2-rubygem-psych-5.0.1-184.amzn2023.0.6.x86_64
ruby3.2-bundled-gems-3.2.8-184.amzn2023.0.6.x86_64
ruby3.2-rubygem-bigdecimal-3.1.3-184.amzn2023.0.6.x86_64
ruby3.2-rubygem-io-console-debuginfo-0.6.0-184.amzn2023.0.6.x86_64
ruby3.2-libs-debuginfo-3.2.8-184.amzn2023.0.6.x86_64
ruby3.2-libs-3.2.8-184.amzn2023.0.6.x86_64