Описание
ELSA-2024-4499: ruby security update (MODERATE)
ruby [2.5.9-112]
- Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755. (CVE-2023-36617) Resolves: RHEL-5614
- Fix Buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-34125
- Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-34117
- Fix Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282) Resolves: RHEL-33867
- Fix REXML DoS parsing an XML with many <'s in an attribute value. (CVE-2024-35176) Resolves: RHEL-37877
rubygem-abrt rubygem-bson rubygem-bundler rubygem-mongo rubygem-mysql2 rubygem-pg
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module ruby:2.5 is enabled
ruby
2.5.9-112.module+el8.10.0+90367+ae9e8511
ruby-devel
2.5.9-112.module+el8.10.0+90367+ae9e8511
ruby-doc
2.5.9-112.module+el8.10.0+90367+ae9e8511
ruby-irb
2.5.9-112.module+el8.10.0+90367+ae9e8511
ruby-libs
2.5.9-112.module+el8.10.0+90367+ae9e8511
rubygem-abrt
0.3.0-4.module+el8.10.0+90367+ae9e8511
rubygem-abrt-doc
0.3.0-4.module+el8.10.0+90367+ae9e8511
rubygem-bigdecimal
1.3.4-112.module+el8.10.0+90367+ae9e8511
rubygem-bson
4.3.0-2.module+el8.9.0+90042+a65659a6
rubygem-bson-doc
4.3.0-2.module+el8.9.0+90042+a65659a6
rubygem-bundler
1.16.1-4.module+el8.10.0+90367+ae9e8511
rubygem-bundler-doc
1.16.1-4.module+el8.10.0+90367+ae9e8511
rubygem-did_you_mean
1.2.0-112.module+el8.10.0+90367+ae9e8511
rubygem-io-console
0.4.6-112.module+el8.10.0+90367+ae9e8511
rubygem-json
2.1.0-112.module+el8.10.0+90367+ae9e8511
rubygem-minitest
5.10.3-112.module+el8.10.0+90367+ae9e8511
rubygem-mongo
2.5.1-2.module+el8.9.0+90042+a65659a6
rubygem-mongo-doc
2.5.1-2.module+el8.9.0+90042+a65659a6
rubygem-mysql2
0.4.10-4.module+el8.9.0+90042+a65659a6
rubygem-mysql2-doc
0.4.10-4.module+el8.9.0+90042+a65659a6
rubygem-net-telnet
0.1.1-112.module+el8.10.0+90367+ae9e8511
rubygem-openssl
2.1.2-112.module+el8.10.0+90367+ae9e8511
rubygem-pg
1.0.0-3.module+el8.9.0+90042+a65659a6
rubygem-pg-doc
1.0.0-3.module+el8.9.0+90042+a65659a6
rubygem-power_assert
1.1.1-112.module+el8.10.0+90367+ae9e8511
rubygem-psych
3.0.2-112.module+el8.10.0+90367+ae9e8511
rubygem-rake
12.3.3-112.module+el8.10.0+90367+ae9e8511
rubygem-rdoc
6.0.1.1-112.module+el8.10.0+90367+ae9e8511
rubygem-test-unit
3.2.7-112.module+el8.10.0+90367+ae9e8511
rubygem-xmlrpc
0.3.0-112.module+el8.10.0+90367+ae9e8511
rubygems
2.7.6.3-112.module+el8.10.0+90367+ae9e8511
rubygems-devel
2.7.6.3-112.module+el8.10.0+90367+ae9e8511
Oracle Linux x86_64
Module ruby:2.5 is enabled
ruby
2.5.9-112.module+el8.10.0+90367+ae9e8511
ruby-devel
2.5.9-112.module+el8.10.0+90367+ae9e8511
ruby-doc
2.5.9-112.module+el8.10.0+90367+ae9e8511
ruby-irb
2.5.9-112.module+el8.10.0+90367+ae9e8511
ruby-libs
2.5.9-112.module+el8.10.0+90367+ae9e8511
rubygem-abrt
0.3.0-4.module+el8.10.0+90367+ae9e8511
rubygem-abrt-doc
0.3.0-4.module+el8.10.0+90367+ae9e8511
rubygem-bigdecimal
1.3.4-112.module+el8.10.0+90367+ae9e8511
rubygem-bson
4.3.0-2.module+el8.9.0+90042+a65659a6
rubygem-bson-doc
4.3.0-2.module+el8.9.0+90042+a65659a6
rubygem-bundler
1.16.1-4.module+el8.10.0+90367+ae9e8511
rubygem-bundler-doc
1.16.1-4.module+el8.10.0+90367+ae9e8511
rubygem-did_you_mean
1.2.0-112.module+el8.10.0+90367+ae9e8511
rubygem-io-console
0.4.6-112.module+el8.10.0+90367+ae9e8511
rubygem-json
2.1.0-112.module+el8.10.0+90367+ae9e8511
rubygem-minitest
5.10.3-112.module+el8.10.0+90367+ae9e8511
rubygem-mongo
2.5.1-2.module+el8.9.0+90042+a65659a6
rubygem-mongo-doc
2.5.1-2.module+el8.9.0+90042+a65659a6
rubygem-mysql2
0.4.10-4.module+el8.9.0+90042+a65659a6
rubygem-mysql2-doc
0.4.10-4.module+el8.9.0+90042+a65659a6
rubygem-net-telnet
0.1.1-112.module+el8.10.0+90367+ae9e8511
rubygem-openssl
2.1.2-112.module+el8.10.0+90367+ae9e8511
rubygem-pg
1.0.0-3.module+el8.9.0+90042+a65659a6
rubygem-pg-doc
1.0.0-3.module+el8.9.0+90042+a65659a6
rubygem-power_assert
1.1.1-112.module+el8.10.0+90367+ae9e8511
rubygem-psych
3.0.2-112.module+el8.10.0+90367+ae9e8511
rubygem-rake
12.3.3-112.module+el8.10.0+90367+ae9e8511
rubygem-rdoc
6.0.1.1-112.module+el8.10.0+90367+ae9e8511
rubygem-test-unit
3.2.7-112.module+el8.10.0+90367+ae9e8511
rubygem-xmlrpc
0.3.0-112.module+el8.10.0+90367+ae9e8511
rubygems
2.7.6.3-112.module+el8.10.0+90367+ae9e8511
rubygems-devel
2.7.6.3-112.module+el8.10.0+90367+ae9e8511
Ссылки на источники
Связанные уязвимости
ELSA-2024-3671: ruby:3.3 security, bug fix, and enhancement update (MODERATE)
ELSA-2024-3670: ruby:3.3 security, bug fix, and enhancement update (MODERATE)
ELSA-2024-3668: ruby:3.1 security, bug fix, and enhancement update (MODERATE)
ELSA-2024-3546: ruby:3.1 security, bug fix, and enhancement update (MODERATE)
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.