Описание
ELSA-2024-10860: ruby:3.1 security update (IMPORTANT)
ruby [3.1.5-145]
- Fix REXML ReDoS vulnerability. (CVE-2024-49761) Resolves: RHEL-68530
[3.1.5-144]
- Upgrade to Ruby 3.1.5. Resolves: RHEL-33978
- Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129
- Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-34121
- Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-33871
[3.1.4-143]
- Upgrade to Ruby 3.1.4. Resolves: RHEL-5586
- Fix HTTP response splitting in CGI. Resolves: RHEL-5591
- Fix ReDos vulnerability in URI. Resolves: RHEL-28919 Resolves: RHEL-5612
- Fix ReDos vulnerability in Time. Resolves: RHEL-28920
- Make RDoc soft dependency in IRB. Resolves: RHEL-5613
[3.1.2-142]
- Bypass git submodule test failure on Git >= 2.38.1.
- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
- Fix for tzdata-2022g.
- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-5590
- ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-5590
- Disable fiddle tests that use FFI closures. Related: RHEL-5590
rubygem-mysql2 [0.5.4-1]
- New upstream release 0.5.4 by merging Fedora rawhide branch (commit: e21b5b9) Resolves: rhbz#2063773
[0.5.3-1]
- New upstream release 0.5.3 by merging Fedora master branch (commit: 674d475) Resolves: rhbz#1817135
rubygem-pg
- Thu May 26 2022 Jarek Prokop - 1.3.5-1
- Update to pg 1.3.5 Related: rhbz#2063773
[1.2.3-1]
- Update to pg 1.2.3 by merging Fedora master branch (commit: 5db4d26) Resolves: rhbz#1817135
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
Module ruby:3.1 is enabled
ruby
3.1.5-145.module+el9.5.0+90461+45a3a727
ruby-bundled-gems
3.1.5-145.module+el9.5.0+90461+45a3a727
ruby-default-gems
3.1.5-145.module+el9.5.0+90461+45a3a727
ruby-devel
3.1.5-145.module+el9.5.0+90461+45a3a727
ruby-doc
3.1.5-145.module+el9.5.0+90461+45a3a727
ruby-libs
3.1.5-145.module+el9.5.0+90461+45a3a727
rubygem-bigdecimal
3.1.1-145.module+el9.5.0+90461+45a3a727
rubygem-bundler
2.3.27-145.module+el9.5.0+90461+45a3a727
rubygem-io-console
0.5.11-145.module+el9.5.0+90461+45a3a727
rubygem-irb
1.4.1-145.module+el9.5.0+90461+45a3a727
rubygem-json
2.6.1-145.module+el9.5.0+90461+45a3a727
rubygem-minitest
5.15.0-145.module+el9.5.0+90461+45a3a727
rubygem-power_assert
2.0.1-145.module+el9.5.0+90461+45a3a727
rubygem-psych
4.0.4-145.module+el9.5.0+90461+45a3a727
rubygem-rake
13.0.6-145.module+el9.5.0+90461+45a3a727
rubygem-rbs
2.7.0-145.module+el9.5.0+90461+45a3a727
rubygem-rdoc
6.4.1.1-145.module+el9.5.0+90461+45a3a727
rubygem-rexml
3.2.5-145.module+el9.5.0+90461+45a3a727
rubygem-rss
0.2.9-145.module+el9.5.0+90461+45a3a727
rubygem-test-unit
3.5.3-145.module+el9.5.0+90461+45a3a727
rubygem-typeprof
0.21.3-145.module+el9.5.0+90461+45a3a727
rubygems
3.3.27-145.module+el9.5.0+90461+45a3a727
rubygems-devel
3.3.27-145.module+el9.5.0+90461+45a3a727
rubygem-mysql2
0.5.4-1.module+el9.1.0+20815+286161bd
rubygem-mysql2-doc
0.5.4-1.module+el9.1.0+20815+286161bd
rubygem-pg
1.3.5-1.module+el9.1.0+20815+286161bd
rubygem-pg-doc
1.3.5-1.module+el9.1.0+20815+286161bd
Oracle Linux x86_64
Module ruby:3.1 is enabled
ruby
3.1.5-145.module+el9.5.0+90461+45a3a727
ruby-bundled-gems
3.1.5-145.module+el9.5.0+90461+45a3a727
ruby-default-gems
3.1.5-145.module+el9.5.0+90461+45a3a727
ruby-devel
3.1.5-145.module+el9.5.0+90461+45a3a727
ruby-doc
3.1.5-145.module+el9.5.0+90461+45a3a727
ruby-libs
3.1.5-145.module+el9.5.0+90461+45a3a727
rubygem-bigdecimal
3.1.1-145.module+el9.5.0+90461+45a3a727
rubygem-bundler
2.3.27-145.module+el9.5.0+90461+45a3a727
rubygem-io-console
0.5.11-145.module+el9.5.0+90461+45a3a727
rubygem-irb
1.4.1-145.module+el9.5.0+90461+45a3a727
rubygem-json
2.6.1-145.module+el9.5.0+90461+45a3a727
rubygem-minitest
5.15.0-145.module+el9.5.0+90461+45a3a727
rubygem-power_assert
2.0.1-145.module+el9.5.0+90461+45a3a727
rubygem-psych
4.0.4-145.module+el9.5.0+90461+45a3a727
rubygem-rake
13.0.6-145.module+el9.5.0+90461+45a3a727
rubygem-rbs
2.7.0-145.module+el9.5.0+90461+45a3a727
rubygem-rdoc
6.4.1.1-145.module+el9.5.0+90461+45a3a727
rubygem-rexml
3.2.5-145.module+el9.5.0+90461+45a3a727
rubygem-rss
0.2.9-145.module+el9.5.0+90461+45a3a727
rubygem-test-unit
3.5.3-145.module+el9.5.0+90461+45a3a727
rubygem-typeprof
0.21.3-145.module+el9.5.0+90461+45a3a727
rubygems
3.3.27-145.module+el9.5.0+90461+45a3a727
rubygems-devel
3.3.27-145.module+el9.5.0+90461+45a3a727
rubygem-mysql2
0.5.4-1.module+el9.1.0+20815+286161bd
rubygem-mysql2-doc
0.5.4-1.module+el9.1.0+20815+286161bd
rubygem-pg
1.3.5-1.module+el9.1.0+20815+286161bd
rubygem-pg-doc
1.3.5-1.module+el9.1.0+20815+286161bd
Связанные CVE
Связанные уязвимости
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReD ...