Back

Critical Path Traversal Vulnerabilities in rubygem-yard for Fedora 43 and 44

Severity: High (Score: 70.5)

Sources: Linuxsecurity

Published: 2026-06-05 · Updated: 2026-06-05

Keywords: path, traversal, mamoru, tasaka, backport, fixes, fedora

Severity indicators: path traversal

Summary

On June 5, 2026, Fedora released updates addressing critical path traversal vulnerabilities in the rubygem-yard documentation tool. The vulnerabilities were backported from versions 0.9.41 and 0.9.44 and affect Fedora 43 and 44 systems. Users are advised to upgrade to the patched versions to mitigate potential exploitation risks. The vulnerabilities could allow unauthorized access to sensitive files, posing a significant risk to affected systems. The updates were announced by Mamoru Tasaka on May 28, 2026, and are available through the 'dnf' update program. The affected versions are 0.9.40-2 for Fedora 44 and 0.9.37-5 for Fedora 43. Administrators are urged to apply the updates promptly to ensure system security. Key Points: • Critical path traversal vulnerabilities identified in rubygem-yard for Fedora 43 and 44. • Updates backported from versions 0.9.41 and 0.9.44 to address the issues. • Users must upgrade to patched versions to prevent unauthorized file access.

Detailed Analysis

**Impact** Users of Fedora 43 and Fedora 44 running the rubygem-yard package are affected by the path traversal vulnerabilities. This includes developers and organizations relying on YARD for Ruby documentation generation, potentially impacting software development and documentation workflows. No specific sectors, geographies, or data breach details are provided in the articles. **Technical Details** The vulnerability involves path traversal issues in rubygem-yard versions prior to 0.9.41 and 0.9.44, allowing attackers to manipulate file paths during documentation generation. The updates backport fixes from versions 0.9.41 and 0.9.44 to Fedora 43 (version 0.9.37-5) and Fedora 44 (version 0.9.40-2). No CVE identifiers or specific attack tools, malware, or IOCs are mentioned in the articles. **Recommended Response** Apply the security updates using the Fedora package manager with the advisories FEDORA-2026-2d0a32ddc0 for Fedora 43 and FEDORA-2026-acefc1fe48 for Fedora 44 by running `dnf upgrade --advisory`. Monitor systems for unusual file access patterns related to documentation generation processes. No additional detection signatures or mitigation steps are provided in the source information.

Source articles (2)

  • Fedora 43 rubygem-yard Critical Path Traversal Advisory 2026 — Linuxsecurity · 2026-06-05
    * Thu May 28 2026 Mamoru TASAKA - 0.9.37-5 - Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues - - * Thu May 28 2026 Mamoru TASAKA - 0.9.37-5 - Backport 0.9.41 / 0.9.44 fixes for possi…
  • Fedora 44 rubygem-yard High Path Traversal Fix Vuln 2026 — Linuxsecurity · 2026-06-05
    * Thu May 28 2026 Mamoru TASAKA - 0.9.40-2 - Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues - - * Thu May 28 2026 Mamoru TASAKA - 0.9.40-2 - Backport 0.9.41 / 0.9.44 fixes for possi…

Timeline

  • 2026-05-28 — Backporting of fixes initiated: Mamoru Tasaka backported fixes for path traversal vulnerabilities in rubygem-yard for Fedora 43 and 44.
  • 2026-06-05 — Updates released for Fedora 43 and 44: Fedora announced updates for rubygem-yard, addressing critical vulnerabilities affecting both versions.

Related entities

  • Zero-day Exploit (Attack Type)
  • CWE-22 - Path Traversal (Cwe)
  • Fedora (Company)
  • Ruby (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed