Описание
ELSA-2024-10858: ruby security update (IMPORTANT)
[3.0.7-163]
- Fix REXML ReDoS vulnerability. (CVE-2024-49761) Resolves: rbhz#2322153
[3.0.7-162]
- Upgrade to Ruby 3.0.7. Resolves: RHEL-35740
- Fix HTTP response splitting in CGI. Resolves: RHEL-35741
- Fix ReDoS vulnerability in URI. Resolves: RHEL-35742
- Fix ReDoS vulnerability in Time. Resolves: RHEL-35743
- Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744
- Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35746
- Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35747
[3.0.4-161]
- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-12724
- ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-12724
[3.0.4-160]
- Bypass git submodule test failure on Git >= 2.38.1.
- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
- Fix for tzdata-2022g.
- Fix File.utime test.
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
ruby-doc
3.0.7-163.el9_5
ruby
3.0.7-163.el9_5
ruby-default-gems
3.0.7-163.el9_5
ruby-devel
3.0.7-163.el9_5
ruby-libs
3.0.7-163.el9_5
rubygem-bigdecimal
3.0.0-163.el9_5
rubygem-bundler
2.2.33-163.el9_5
rubygem-io-console
0.5.7-163.el9_5
rubygem-irb
1.3.5-163.el9_5
rubygem-json
2.5.1-163.el9_5
rubygem-minitest
5.14.2-163.el9_5
rubygem-power_assert
1.2.1-163.el9_5
rubygem-psych
3.3.2-163.el9_5
rubygem-rake
13.0.3-163.el9_5
rubygem-rbs
1.4.0-163.el9_5
rubygem-rdoc
6.3.4.1-163.el9_5
rubygem-rexml
3.2.5-163.el9_5
rubygem-rss
0.2.9-163.el9_5
rubygem-test-unit
3.3.7-163.el9_5
rubygem-typeprof
0.15.2-163.el9_5
rubygems
3.2.33-163.el9_5
rubygems-devel
3.2.33-163.el9_5
Oracle Linux x86_64
ruby
3.0.7-163.el9_5
ruby-default-gems
3.0.7-163.el9_5
ruby-devel
3.0.7-163.el9_5
ruby-libs
3.0.7-163.el9_5
rubygem-bigdecimal
3.0.0-163.el9_5
rubygem-bundler
2.2.33-163.el9_5
rubygem-io-console
0.5.7-163.el9_5
rubygem-irb
1.3.5-163.el9_5
rubygem-json
2.5.1-163.el9_5
rubygem-minitest
5.14.2-163.el9_5
rubygem-power_assert
1.2.1-163.el9_5
rubygem-psych
3.3.2-163.el9_5
rubygem-rake
13.0.3-163.el9_5
rubygem-rbs
1.4.0-163.el9_5
rubygem-rdoc
6.3.4.1-163.el9_5
rubygem-rexml
3.2.5-163.el9_5
rubygem-rss
0.2.9-163.el9_5
rubygem-test-unit
3.3.7-163.el9_5
rubygem-typeprof
0.15.2-163.el9_5
rubygems
3.2.33-163.el9_5
rubygems-devel
3.2.33-163.el9_5
ruby-doc
3.0.7-163.el9_5
Связанные CVE
Связанные уязвимости
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReD ...