Описание
ELSA-2024-10834: ruby:3.1 security update (IMPORTANT)
ruby [3.1.5-144]
- Fix REXML ReDoS vulnerability. (CVE-2024-49761) Resolves: RHEL-68520
rubygem-abrt rubygem-mysql2 rubygem-pg
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module ruby:3.1 is enabled
ruby
3.1.5-144.module+el8.10.0+90462+7a5de0fa
ruby-bundled-gems
3.1.5-144.module+el8.10.0+90462+7a5de0fa
ruby-default-gems
3.1.5-144.module+el8.10.0+90462+7a5de0fa
ruby-devel
3.1.5-144.module+el8.10.0+90462+7a5de0fa
ruby-doc
3.1.5-144.module+el8.10.0+90462+7a5de0fa
ruby-libs
3.1.5-144.module+el8.10.0+90462+7a5de0fa
rubygem-abrt
0.4.0-1.module+el8.9.0+90182+7bdfc9e5
rubygem-abrt-doc
0.4.0-1.module+el8.9.0+90182+7bdfc9e5
rubygem-bigdecimal
3.1.1-144.module+el8.10.0+90462+7a5de0fa
rubygem-bundler
2.3.27-144.module+el8.10.0+90462+7a5de0fa
rubygem-io-console
0.5.11-144.module+el8.10.0+90462+7a5de0fa
rubygem-irb
1.4.1-144.module+el8.10.0+90462+7a5de0fa
rubygem-json
2.6.1-144.module+el8.10.0+90462+7a5de0fa
rubygem-minitest
5.15.0-144.module+el8.10.0+90462+7a5de0fa
rubygem-mysql2
0.5.3-3.module+el8.9.0+90182+7bdfc9e5
rubygem-mysql2-doc
0.5.3-3.module+el8.9.0+90182+7bdfc9e5
rubygem-pg
1.3.2-1.module+el8.9.0+90182+7bdfc9e5
rubygem-pg-doc
1.3.2-1.module+el8.9.0+90182+7bdfc9e5
rubygem-power_assert
2.0.1-144.module+el8.10.0+90462+7a5de0fa
rubygem-psych
4.0.4-144.module+el8.10.0+90462+7a5de0fa
rubygem-rake
13.0.6-144.module+el8.10.0+90462+7a5de0fa
rubygem-rbs
2.7.0-144.module+el8.10.0+90462+7a5de0fa
rubygem-rdoc
6.4.1.1-144.module+el8.10.0+90462+7a5de0fa
rubygem-rexml
3.2.5-144.module+el8.10.0+90462+7a5de0fa
rubygem-rss
0.2.9-144.module+el8.10.0+90462+7a5de0fa
rubygem-test-unit
3.5.3-144.module+el8.10.0+90462+7a5de0fa
rubygem-typeprof
0.21.3-144.module+el8.10.0+90462+7a5de0fa
rubygems
3.3.27-144.module+el8.10.0+90462+7a5de0fa
rubygems-devel
3.3.27-144.module+el8.10.0+90462+7a5de0fa
Oracle Linux x86_64
Module ruby:3.1 is enabled
ruby
3.1.5-144.module+el8.10.0+90462+7a5de0fa
ruby-bundled-gems
3.1.5-144.module+el8.10.0+90462+7a5de0fa
ruby-default-gems
3.1.5-144.module+el8.10.0+90462+7a5de0fa
ruby-devel
3.1.5-144.module+el8.10.0+90462+7a5de0fa
ruby-doc
3.1.5-144.module+el8.10.0+90462+7a5de0fa
ruby-libs
3.1.5-144.module+el8.10.0+90462+7a5de0fa
rubygem-bigdecimal
3.1.1-144.module+el8.10.0+90462+7a5de0fa
rubygem-bundler
2.3.27-144.module+el8.10.0+90462+7a5de0fa
rubygem-io-console
0.5.11-144.module+el8.10.0+90462+7a5de0fa
rubygem-irb
1.4.1-144.module+el8.10.0+90462+7a5de0fa
rubygem-json
2.6.1-144.module+el8.10.0+90462+7a5de0fa
rubygem-minitest
5.15.0-144.module+el8.10.0+90462+7a5de0fa
rubygem-power_assert
2.0.1-144.module+el8.10.0+90462+7a5de0fa
rubygem-psych
4.0.4-144.module+el8.10.0+90462+7a5de0fa
rubygem-rake
13.0.6-144.module+el8.10.0+90462+7a5de0fa
rubygem-rbs
2.7.0-144.module+el8.10.0+90462+7a5de0fa
rubygem-rdoc
6.4.1.1-144.module+el8.10.0+90462+7a5de0fa
rubygem-rexml
3.2.5-144.module+el8.10.0+90462+7a5de0fa
rubygem-rss
0.2.9-144.module+el8.10.0+90462+7a5de0fa
rubygem-test-unit
3.5.3-144.module+el8.10.0+90462+7a5de0fa
rubygem-typeprof
0.21.3-144.module+el8.10.0+90462+7a5de0fa
rubygems
3.3.27-144.module+el8.10.0+90462+7a5de0fa
rubygems-devel
3.3.27-144.module+el8.10.0+90462+7a5de0fa
rubygem-abrt
0.4.0-1.module+el8.9.0+90182+7bdfc9e5
rubygem-abrt-doc
0.4.0-1.module+el8.9.0+90182+7bdfc9e5
rubygem-mysql2
0.5.3-3.module+el8.9.0+90182+7bdfc9e5
rubygem-mysql2-doc
0.5.3-3.module+el8.9.0+90182+7bdfc9e5
rubygem-pg
1.3.2-1.module+el8.9.0+90182+7bdfc9e5
rubygem-pg-doc
1.3.2-1.module+el8.9.0+90182+7bdfc9e5
Связанные CVE
Связанные уязвимости
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReD ...