Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-6785

Опубликовано: 19 сент. 2024
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2024-6785: ruby:3.3 security update (MODERATE)

ruby [3.3.5-3]

  • Upgrade to Ruby 3.3.5 Resolves: RHEL-57576
  • Fix DoS vulnerability in rexml. (CVE-2024-39908) (CVE-2024-41946) (CVE-2024-43398) Resolves: RHEL-57573 Resolves: RHEL-57570 Resolves: RHEL-57578
  • Fix REXML DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>. (CVE-2024-41123) Resolves: RHEL-57567
  • Fix incorrect symlink for rubygem-irb's library. Resolves: RHEL-57597

[3.3.1-2]

  • Upgrade to Ruby 3.3.1. Resolves: RHEL-37697
  • Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37699
  • Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37696
  • Fix Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282) Resolves: RHEL-37698

[3.3.0-1]

  • Upgrade to Ruby 3.3.0. Resolves: RHEL-17089

[3.1.2-142]

  • Bypass git submodule test failure on Git >= 2.38.1.
  • Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
  • Fix for tzdata-2022g.
  • Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-5590
  • ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-5590
  • Disable fiddle tests that use FFI closures. Related: RHEL-5590

rubygem-mysql2 [0.5.5-1]

  • Upgrade to mysql2 0.5.5. Related: RHEL-17089

rubygem-pg [1.5.4-1]

  • Upgrade to pg 1.5.4. Related: RHEL-17089

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

Module ruby:3.3 is enabled

ruby

3.3.5-3.module+el9.4.0+90406+79f381be

ruby-bundled-gems

3.3.5-3.module+el9.4.0+90406+79f381be

ruby-default-gems

3.3.5-3.module+el9.4.0+90406+79f381be

ruby-devel

3.3.5-3.module+el9.4.0+90406+79f381be

ruby-doc

3.3.5-3.module+el9.4.0+90406+79f381be

ruby-libs

3.3.5-3.module+el9.4.0+90406+79f381be

rubygem-bigdecimal

3.1.5-3.module+el9.4.0+90406+79f381be

rubygem-bundler

2.5.16-3.module+el9.4.0+90406+79f381be

rubygem-io-console

0.7.1-3.module+el9.4.0+90406+79f381be

rubygem-irb

1.13.1-3.module+el9.4.0+90406+79f381be

rubygem-json

2.7.1-3.module+el9.4.0+90406+79f381be

rubygem-minitest

5.20.0-3.module+el9.4.0+90406+79f381be

rubygem-mysql2

0.5.5-1.module+el9.4.0+90257+8524dee7

rubygem-mysql2-doc

0.5.5-1.module+el9.4.0+90257+8524dee7

rubygem-pg

1.5.4-1.module+el9.4.0+90257+8524dee7

rubygem-pg-doc

1.5.4-1.module+el9.4.0+90257+8524dee7

rubygem-power_assert

2.0.3-3.module+el9.4.0+90406+79f381be

rubygem-psych

5.1.2-3.module+el9.4.0+90406+79f381be

rubygem-racc

1.7.3-3.module+el9.4.0+90406+79f381be

rubygem-rake

13.1.0-3.module+el9.4.0+90406+79f381be

rubygem-rbs

3.4.0-3.module+el9.4.0+90406+79f381be

rubygem-rdoc

6.6.3.1-3.module+el9.4.0+90406+79f381be

rubygem-rexml

3.3.6-3.module+el9.4.0+90406+79f381be

rubygem-rss

0.3.1-3.module+el9.4.0+90406+79f381be

rubygem-test-unit

3.6.1-3.module+el9.4.0+90406+79f381be

rubygem-typeprof

0.21.9-3.module+el9.4.0+90406+79f381be

rubygems

3.5.16-3.module+el9.4.0+90406+79f381be

rubygems-devel

3.5.16-3.module+el9.4.0+90406+79f381be

Oracle Linux x86_64

Module ruby:3.3 is enabled

ruby

3.3.5-3.module+el9.4.0+90406+79f381be

ruby-bundled-gems

3.3.5-3.module+el9.4.0+90406+79f381be

ruby-default-gems

3.3.5-3.module+el9.4.0+90406+79f381be

ruby-devel

3.3.5-3.module+el9.4.0+90406+79f381be

ruby-doc

3.3.5-3.module+el9.4.0+90406+79f381be

ruby-libs

3.3.5-3.module+el9.4.0+90406+79f381be

rubygem-bigdecimal

3.1.5-3.module+el9.4.0+90406+79f381be

rubygem-bundler

2.5.16-3.module+el9.4.0+90406+79f381be

rubygem-io-console

0.7.1-3.module+el9.4.0+90406+79f381be

rubygem-irb

1.13.1-3.module+el9.4.0+90406+79f381be

rubygem-json

2.7.1-3.module+el9.4.0+90406+79f381be

rubygem-minitest

5.20.0-3.module+el9.4.0+90406+79f381be

rubygem-mysql2

0.5.5-1.module+el9.4.0+90257+8524dee7

rubygem-mysql2-doc

0.5.5-1.module+el9.4.0+90257+8524dee7

rubygem-pg

1.5.4-1.module+el9.4.0+90257+8524dee7

rubygem-pg-doc

1.5.4-1.module+el9.4.0+90257+8524dee7

rubygem-power_assert

2.0.3-3.module+el9.4.0+90406+79f381be

rubygem-psych

5.1.2-3.module+el9.4.0+90406+79f381be

rubygem-racc

1.7.3-3.module+el9.4.0+90406+79f381be

rubygem-rake

13.1.0-3.module+el9.4.0+90406+79f381be

rubygem-rbs

3.4.0-3.module+el9.4.0+90406+79f381be

rubygem-rdoc

6.6.3.1-3.module+el9.4.0+90406+79f381be

rubygem-rexml

3.3.6-3.module+el9.4.0+90406+79f381be

rubygem-rss

0.3.1-3.module+el9.4.0+90406+79f381be

rubygem-test-unit

3.6.1-3.module+el9.4.0+90406+79f381be

rubygem-typeprof

0.21.9-3.module+el9.4.0+90406+79f381be

rubygems

3.5.16-3.module+el9.4.0+90406+79f381be

rubygems-devel

3.5.16-3.module+el9.4.0+90406+79f381be

Связанные CVE

CVE-2024-41123
CVE-2024-41946
CVE-2024-43398
CVE-2024-39908

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2024-6784

oracle-oval
9 месяцев назад

ELSA-2024-6784: ruby:3.3 security update (MODERATE)

suse-cvrf логотип

SUSE-SU-2024:3874-1

suse-cvrf
8 месяцев назад

Security update for ruby2.5

suse-cvrf логотип

openSUSE-SU-2025:0129-1

suse-cvrf
2 месяца назад

Security update for rubygem-rexml

oracle-oval логотип

ELSA-2025-4488

oracle-oval
около 2 месяцев назад

ELSA-2025-4488: ruby:3.1 security update (MODERATE)

oracle-oval логотип

ELSA-2025-4063

oracle-oval
около 2 месяцев назад

ELSA-2025-4063: ruby:3.1 security update (MODERATE)