ELSA-2024-10850

Опубликовано: 09 дек. 2024

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2024-10850: ruby:2.5 security update (IMPORTANT)

ruby [2.5.9-113.0.1]

Fix REXML ReDoS vulnerability CVE-2024-49761.

rubygem-abrt [0.3.0-4]

Execute test suite unconditionally.
Upload correct sources.

rubygem-bson rubygem-bundler rubygem-mongo [2.5.1-2]

Disable tests to fix FTBFS by dropped MongoDB module. Resolves: rhbz#1710863

rubygem-mysql2 [0.4.10-4]

Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

rubygem-pg [1.0.0-3]

Fix FTBFS with PostgreSQL 10.6 and above.

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module ruby:2.5 is enabled

ruby

2.5.9-113.0.1.module+el8.10.0+90463+6f2d71f2

ruby-devel

2.5.9-113.0.1.module+el8.10.0+90463+6f2d71f2

ruby-doc

2.5.9-113.0.1.module+el8.10.0+90463+6f2d71f2

ruby-irb

2.5.9-113.0.1.module+el8.10.0+90463+6f2d71f2

ruby-libs

2.5.9-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-abrt

0.3.0-4.module+el8.10.0+90367+ae9e8511

rubygem-abrt-doc

0.3.0-4.module+el8.10.0+90367+ae9e8511

rubygem-bigdecimal

1.3.4-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-bundler

1.16.1-4.module+el8.10.0+90367+ae9e8511

rubygem-bundler-doc

1.16.1-4.module+el8.10.0+90367+ae9e8511

rubygem-did_you_mean

1.2.0-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-io-console

0.4.6-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-json

2.1.0-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-minitest

5.10.3-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-net-telnet

0.1.1-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-openssl

2.1.2-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-power_assert

1.1.1-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-psych

3.0.2-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-rake

12.3.3-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-rdoc

6.0.1.1-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-test-unit

3.2.7-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-xmlrpc

0.3.0-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygems

2.7.6.3-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygems-devel

2.7.6.3-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-mongo-doc

2.5.1-2.module+el8.9.0+90042+a65659a6

rubygem-pg

1.0.0-3.module+el8.9.0+90042+a65659a6

rubygem-bson

4.3.0-2.module+el8.9.0+90042+a65659a6

rubygem-bson-doc

4.3.0-2.module+el8.9.0+90042+a65659a6

rubygem-mongo

2.5.1-2.module+el8.9.0+90042+a65659a6

rubygem-mysql2

0.4.10-4.module+el8.9.0+90042+a65659a6

rubygem-mysql2-doc

0.4.10-4.module+el8.9.0+90042+a65659a6

rubygem-pg-doc

1.0.0-3.module+el8.9.0+90042+a65659a6

Oracle Linux x86_64

Module ruby:2.5 is enabled

ruby

2.5.9-113.0.1.module+el8.10.0+90463+6f2d71f2

ruby-devel

2.5.9-113.0.1.module+el8.10.0+90463+6f2d71f2

ruby-doc

2.5.9-113.0.1.module+el8.10.0+90463+6f2d71f2

ruby-irb

2.5.9-113.0.1.module+el8.10.0+90463+6f2d71f2

ruby-libs

2.5.9-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-abrt

0.3.0-4.module+el8.10.0+90367+ae9e8511

rubygem-abrt-doc

0.3.0-4.module+el8.10.0+90367+ae9e8511

rubygem-bigdecimal

1.3.4-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-bundler

1.16.1-4.module+el8.10.0+90367+ae9e8511

rubygem-bundler-doc

1.16.1-4.module+el8.10.0+90367+ae9e8511

rubygem-did_you_mean

1.2.0-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-io-console

0.4.6-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-json

2.1.0-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-minitest

5.10.3-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-net-telnet

0.1.1-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-openssl

2.1.2-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-power_assert

1.1.1-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-psych

3.0.2-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-rake

12.3.3-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-rdoc

6.0.1.1-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-test-unit

3.2.7-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-xmlrpc

0.3.0-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygems

2.7.6.3-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygems-devel

2.7.6.3-113.0.1.module+el8.10.0+90463+6f2d71f2

rubygem-bson

4.3.0-2.module+el8.9.0+90042+a65659a6

rubygem-bson-doc

4.3.0-2.module+el8.9.0+90042+a65659a6

rubygem-mongo

2.5.1-2.module+el8.9.0+90042+a65659a6

rubygem-mongo-doc

2.5.1-2.module+el8.9.0+90042+a65659a6

rubygem-mysql2

0.4.10-4.module+el8.9.0+90042+a65659a6

rubygem-mysql2-doc

0.4.10-4.module+el8.9.0+90042+a65659a6

rubygem-pg

1.0.0-3.module+el8.9.0+90042+a65659a6

rubygem-pg-doc

1.0.0-3.module+el8.9.0+90042+a65659a6

Связанные CVE

CVE-2024-49761

Ссылки на источники

Связанные уязвимости

CVE-2024-49761

CVSS3: 7.5

ubuntu

8 месяцев назад

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.