ELSA-2023-12064

Опубликовано: 20 янв. 2023

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2023-12064: ruby:2.5 security update (IMPORTANT)

ruby [2.5.9-110.0.1]

Fix for CVE-2022-28739 [Orabug: 34824177]

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module ruby:2.5 is enabled

ruby

2.5.9-110.0.1.module+el8.6.0+20904+a5ad2c6b

ruby-devel

2.5.9-110.0.1.module+el8.6.0+20904+a5ad2c6b

ruby-doc

2.5.9-110.0.1.module+el8.6.0+20904+a5ad2c6b

ruby-irb

2.5.9-110.0.1.module+el8.6.0+20904+a5ad2c6b

ruby-libs

2.5.9-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-abrt

0.3.0-4.module+el8.3.0+7756+e45777e9

rubygem-abrt-doc

0.3.0-4.module+el8.3.0+7756+e45777e9

rubygem-bigdecimal

1.3.4-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-bson

4.3.0-2.module+el8.3.0+7756+e45777e9

rubygem-bson-doc

4.3.0-2.module+el8.3.0+7756+e45777e9

rubygem-bundler

1.16.1-4.module+el8.6.0+20712+84e27c2d

rubygem-bundler-doc

1.16.1-4.module+el8.6.0+20712+84e27c2d

rubygem-did_you_mean

1.2.0-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-io-console

0.4.6-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-json

2.1.0-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-minitest

5.10.3-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-mongo

2.5.1-2.module+el8.3.0+7756+e45777e9

rubygem-mongo-doc

2.5.1-2.module+el8.3.0+7756+e45777e9

rubygem-mysql2

0.4.10-4.module+el8.3.0+7756+e45777e9

rubygem-mysql2-doc

0.4.10-4.module+el8.3.0+7756+e45777e9

rubygem-net-telnet

0.1.1-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-openssl

2.1.2-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-pg

1.0.0-2.module+el8.3.0+7756+e45777e9

rubygem-pg-doc

1.0.0-2.module+el8.3.0+7756+e45777e9

rubygem-power_assert

1.1.1-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-psych

3.0.2-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-rake

12.3.3-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-rdoc

6.0.1.1-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-test-unit

3.2.7-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-xmlrpc

0.3.0-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygems

2.7.6.3-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygems-devel

2.7.6.3-110.0.1.module+el8.6.0+20904+a5ad2c6b

Oracle Linux x86_64

Module ruby:2.5 is enabled

ruby

2.5.9-110.0.1.module+el8.6.0+20904+a5ad2c6b

ruby-devel

2.5.9-110.0.1.module+el8.6.0+20904+a5ad2c6b

ruby-doc

2.5.9-110.0.1.module+el8.6.0+20904+a5ad2c6b

ruby-irb

2.5.9-110.0.1.module+el8.6.0+20904+a5ad2c6b

ruby-libs

2.5.9-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-abrt

0.3.0-4.module+el8.3.0+7756+e45777e9

rubygem-abrt-doc

0.3.0-4.module+el8.3.0+7756+e45777e9

rubygem-bigdecimal

1.3.4-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-bson

4.3.0-2.module+el8.3.0+7756+e45777e9

rubygem-bson-doc

4.3.0-2.module+el8.3.0+7756+e45777e9

rubygem-bundler

1.16.1-4.module+el8.6.0+20712+84e27c2d

rubygem-bundler-doc

1.16.1-4.module+el8.6.0+20712+84e27c2d

rubygem-did_you_mean

1.2.0-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-io-console

0.4.6-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-json

2.1.0-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-minitest

5.10.3-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-mongo

2.5.1-2.module+el8.3.0+7756+e45777e9

rubygem-mongo-doc

2.5.1-2.module+el8.3.0+7756+e45777e9

rubygem-mysql2

0.4.10-4.module+el8.3.0+7756+e45777e9

rubygem-mysql2-doc

0.4.10-4.module+el8.3.0+7756+e45777e9

rubygem-net-telnet

0.1.1-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-openssl

2.1.2-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-pg

1.0.0-2.module+el8.3.0+7756+e45777e9

rubygem-pg-doc

1.0.0-2.module+el8.3.0+7756+e45777e9

rubygem-power_assert

1.1.1-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-psych

3.0.2-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-rake

12.3.3-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-rdoc

6.0.1.1-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-test-unit

3.2.7-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygem-xmlrpc

0.3.0-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygems

2.7.6.3-110.0.1.module+el8.6.0+20904+a5ad2c6b

rubygems-devel

2.7.6.3-110.0.1.module+el8.6.0+20904+a5ad2c6b

Связанные CVE

CVE-2022-28739

Ссылки на источники

Связанные уязвимости

CVE-2022-28739

CVSS3: 7.5

ubuntu

около 3 лет назад

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

CVE-2022-28739

CVSS3: 6.2

redhat

около 3 лет назад

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

CVE-2022-28739

CVSS3: 7.5

nvd

около 3 лет назад

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

CVE-2022-28739

CVSS3: 7.5

msrc

около 3 лет назад

Описание отсутствует

CVE-2022-28739

CVSS3: 7.5

debian

около 3 лет назад

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, ...