ELSA-2024-3838

Опубликовано: 13 июн. 2024

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2024-3838: ruby security update (MODERATE)

[3.0.7-162]

Upgrade to Ruby 3.0.7. Resolves: RHEL-35740
Fix HTTP response splitting in CGI. Resolves: RHEL-35741
Fix ReDoS vulnerability in URI. Resolves: RHEL-35742
Fix ReDoS vulnerability in Time. Resolves: RHEL-35743
Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744
Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35746
Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35747

[3.0.4-161]

Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-12724
ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-12724

[3.0.4-160]

Bypass git submodule test failure on Git >= 2.38.1.
Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
Fix for tzdata-2022g.
Fix File.utime test.

[3.0.4-160]

Upgrade to Ruby 3.0.4. Resolves: rhbz#2096347
OpenSSL test suite fixes due to disabled SHA1. Resolves: rbhz#2107696
Fix double free in Regexp compilation. Resolves: CVE-2022-28738
Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

ruby

3.0.7-162.el9_4

ruby-default-gems

3.0.7-162.el9_4

ruby-devel

3.0.7-162.el9_4

ruby-doc

3.0.7-162.el9_4

ruby-libs

3.0.7-162.el9_4

rubygem-bigdecimal

3.0.0-162.el9_4

rubygem-bundler

2.2.33-162.el9_4

rubygem-io-console

0.5.7-162.el9_4

rubygem-irb

1.3.5-162.el9_4

rubygem-json

2.5.1-162.el9_4

rubygem-minitest

5.14.2-162.el9_4

rubygem-power_assert

1.2.1-162.el9_4

rubygem-psych

3.3.2-162.el9_4

rubygem-rake

13.0.3-162.el9_4

rubygem-rbs

1.4.0-162.el9_4

rubygem-rdoc

6.3.4.1-162.el9_4

rubygem-rexml

3.2.5-162.el9_4

rubygem-rss

0.2.9-162.el9_4

rubygem-test-unit

3.3.7-162.el9_4

rubygem-typeprof

0.15.2-162.el9_4

rubygems

3.2.33-162.el9_4

rubygems-devel

3.2.33-162.el9_4

Oracle Linux x86_64

ruby

3.0.7-162.el9_4

ruby-default-gems

3.0.7-162.el9_4

ruby-devel

3.0.7-162.el9_4

ruby-doc

3.0.7-162.el9_4

ruby-libs

3.0.7-162.el9_4

rubygem-bigdecimal

3.0.0-162.el9_4

rubygem-bundler

2.2.33-162.el9_4

rubygem-io-console

0.5.7-162.el9_4

rubygem-irb

1.3.5-162.el9_4

rubygem-json

2.5.1-162.el9_4

rubygem-minitest

5.14.2-162.el9_4

rubygem-power_assert

1.2.1-162.el9_4

rubygem-psych

3.3.2-162.el9_4

rubygem-rake

13.0.3-162.el9_4

rubygem-rbs

1.4.0-162.el9_4

rubygem-rdoc

6.3.4.1-162.el9_4

rubygem-rexml

3.2.5-162.el9_4

rubygem-rss

0.2.9-162.el9_4

rubygem-test-unit

3.3.7-162.el9_4

rubygem-typeprof

0.15.2-162.el9_4

rubygems

3.2.33-162.el9_4

rubygems-devel

3.2.33-162.el9_4

Связанные CVE

Ссылки на источники

Связанные уязвимости

ELSA-2024-3500

oracle-oval

около 1 года назад

ELSA-2024-3500: ruby:3.0 security update (MODERATE)

ELSA-2023-3821

oracle-oval

почти 2 года назад

ELSA-2023-3821: ruby:2.7 security, bug fix, and enhancement update (MODERATE)

SUSE-SU-2023:4176-1

suse-cvrf

больше 1 года назад

Security update for ruby2.5

ELSA-2024-1576

oracle-oval

около 1 года назад

ELSA-2024-1576: ruby:3.1 security, bug fix, and enhancement update (MODERATE)

ELSA-2024-1431

oracle-oval

больше 1 года назад

ELSA-2024-1431: ruby:3.1 security, bug fix, and enhancement update (MODERATE)