Ruby vulnerabilities
Published: Mon, 15 Jun 2026 17:24
Summary
Ruby could allow unintended access to network services.
Details
It was discovered that Ruby's Net::IMAP library did not properly verify that Transport Layer Security (TLS) encryption was started after issuing a STARTTLS command. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and silently bypass TLS encryption. (CVE-2026-42246) It was also discovered that Ruby's Net::IMAP library did not validate string arguments passed to certain commands. A remote attacker could possibly use this issue to inject arbitrary IMAP commands. (CVE-2026-42257)
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu bionic
ruby2.5→2.5.1-1ubuntu1.16+esm8apt_upgradeStandard apt upgrade. Install 2.5.1-1ubuntu1.16+esm8 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y ruby2.5
Most apt upgrades restart their service automatically. needrestart lists anything else.
libruby2.5→2.5.1-1ubuntu1.16+esm8apt_upgradeStandard apt upgrade. Install 2.5.1-1ubuntu1.16+esm8 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libruby2.5
Most apt upgrades restart their service automatically. needrestart lists anything else.
ruby2.5→2.5.1-1ubuntu1.16+esm8apt_upgradeStandard apt upgrade. Install 2.5.1-1ubuntu1.16+esm8 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y ruby2.5
Most apt upgrades restart their service automatically. needrestart lists anything else.
ruby2.5-dev→2.5.1-1ubuntu1.16+esm8apt_upgradeStandard apt upgrade. Install 2.5.1-1ubuntu1.16+esm8 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y ruby2.5-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
ruby2.5-doc→2.5.1-1ubuntu1.16+esm8apt_upgradeStandard apt upgrade. Install 2.5.1-1ubuntu1.16+esm8 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y ruby2.5-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu xenial
ruby2.3→2.3.1-2~ubuntu16.04.16+esm14apt_upgradeStandard apt upgrade. Install 2.3.1-2~ubuntu16.04.16+esm14 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y ruby2.3
Most apt upgrades restart their service automatically. needrestart lists anything else.
libruby2.3→2.3.1-2~ubuntu16.04.16+esm14apt_upgradeStandard apt upgrade. Install 2.3.1-2~ubuntu16.04.16+esm14 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libruby2.3
Most apt upgrades restart their service automatically. needrestart lists anything else.
ruby2.3→2.3.1-2~ubuntu16.04.16+esm14apt_upgradeStandard apt upgrade. Install 2.3.1-2~ubuntu16.04.16+esm14 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y ruby2.3
Most apt upgrades restart their service automatically. needrestart lists anything else.
ruby2.3-dev→2.3.1-2~ubuntu16.04.16+esm14apt_upgradeStandard apt upgrade. Install 2.3.1-2~ubuntu16.04.16+esm14 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y ruby2.3-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
ruby2.3-doc→2.3.1-2~ubuntu16.04.16+esm14apt_upgradeStandard apt upgrade. Install 2.3.1-2~ubuntu16.04.16+esm14 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y ruby2.3-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
ruby2.3-tcltk→2.3.1-2~ubuntu16.04.16+esm14apt_upgradeStandard apt upgrade. Install 2.3.1-2~ubuntu16.04.16+esm14 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y ruby2.3-tcltk
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8431-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8431-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.