Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-6585

Опубликовано: 21 сент. 2022
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2022-6585: ruby security, bug fix, and enhancement update (MODERATE)

[3.0.4-160]

  • Upgrade to Ruby 3.0.4. Resolves: rhbz#2109428
  • OpenSSL test suite fixes due to disabled SHA1. Related: rbhz#2109428
  • Fix double free in Regexp compilation. Resolves: CVE-2022-28738
  • Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

ruby

3.0.4-160.el9_0

ruby-default-gems

3.0.4-160.el9_0

ruby-devel

3.0.4-160.el9_0

ruby-doc

3.0.4-160.el9_0

ruby-libs

3.0.4-160.el9_0

rubygem-bigdecimal

3.0.0-160.el9_0

rubygem-bundler

2.2.33-160.el9_0

rubygem-io-console

0.5.7-160.el9_0

rubygem-irb

1.3.5-160.el9_0

rubygem-json

2.5.1-160.el9_0

rubygem-minitest

5.14.2-160.el9_0

rubygem-power_assert

1.2.0-160.el9_0

rubygem-psych

3.3.2-160.el9_0

rubygem-rake

13.0.3-160.el9_0

rubygem-rbs

1.4.0-160.el9_0

rubygem-rdoc

6.3.3-160.el9_0

rubygem-rexml

3.2.5-160.el9_0

rubygem-rss

0.2.9-160.el9_0

rubygem-test-unit

3.3.7-160.el9_0

rubygem-typeprof

0.15.2-160.el9_0

rubygems

3.2.33-160.el9_0

rubygems-devel

3.2.33-160.el9_0

Oracle Linux x86_64

ruby

3.0.4-160.el9_0

ruby-default-gems

3.0.4-160.el9_0

ruby-devel

3.0.4-160.el9_0

ruby-doc

3.0.4-160.el9_0

ruby-libs

3.0.4-160.el9_0

rubygem-bigdecimal

3.0.0-160.el9_0

rubygem-bundler

2.2.33-160.el9_0

rubygem-io-console

0.5.7-160.el9_0

rubygem-irb

1.3.5-160.el9_0

rubygem-json

2.5.1-160.el9_0

rubygem-minitest

5.14.2-160.el9_0

rubygem-power_assert

1.2.0-160.el9_0

rubygem-psych

3.3.2-160.el9_0

rubygem-rake

13.0.3-160.el9_0

rubygem-rbs

1.4.0-160.el9_0

rubygem-rdoc

6.3.3-160.el9_0

rubygem-rexml

3.2.5-160.el9_0

rubygem-rss

0.2.9-160.el9_0

rubygem-test-unit

3.3.7-160.el9_0

rubygem-typeprof

0.15.2-160.el9_0

rubygems

3.2.33-160.el9_0

rubygems-devel

3.2.33-160.el9_0

Связанные CVE

CVE-2022-28739
CVE-2022-28738

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2022:6585

rocky
больше 2 лет назад

Moderate: ruby security, bug fix, and enhancement update

redos логотип

ROS-20220516-06

redos
около 3 лет назад

Множественные уязвимости Ruby

rocky логотип

RLSA-2022:6450

rocky
почти 3 года назад

Moderate: ruby:3.0 security, bug fix, and enhancement update

oracle-oval логотип

ELSA-2022-6450

oracle-oval
почти 3 года назад

ELSA-2022-6450: ruby:3.0 security, bug fix, and enhancement update (MODERATE)

ubuntu логотип

CVE-2022-28738

CVSS3: 9.8
ubuntu
около 3 лет назад

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.