Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:6450

Опубликовано: 13 сент. 2022
Источник: rocky
Оценка: Moderate

Описание

Moderate: ruby:3.0 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109431)

Security Fix(es):

  • ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)

  • ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)

  • Ruby: Double free in Regexp compilation (CVE-2022-28738)

  • Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • ruby 3.0: User-installed rubygems plugins are not being loaded [Rocky Linux8] (BZ#2110981)

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
rubyx86_64141.module+el8.6.0+1002+a7dba0acruby-3.0.4-141.module+el8.6.0+1002+a7dba0ac.x86_64.rpm
ruby-default-gemsnoarch141.module+el8.6.0+1002+a7dba0acruby-default-gems-3.0.4-141.module+el8.6.0+1002+a7dba0ac.noarch.rpm
ruby-develx86_64141.module+el8.6.0+1002+a7dba0acruby-devel-3.0.4-141.module+el8.6.0+1002+a7dba0ac.x86_64.rpm
ruby-docnoarch141.module+el8.6.0+1002+a7dba0acruby-doc-3.0.4-141.module+el8.6.0+1002+a7dba0ac.noarch.rpm
rubygem-abrtnoarch1.module+el8.5.0+668+665814farubygem-abrt-0.4.0-1.module+el8.5.0+668+665814fa.noarch.rpm
rubygem-abrt-docnoarch1.module+el8.5.0+668+665814farubygem-abrt-doc-0.4.0-1.module+el8.5.0+668+665814fa.noarch.rpm
rubygem-bigdecimalx86_64141.module+el8.6.0+1002+a7dba0acrubygem-bigdecimal-3.0.0-141.module+el8.6.0+1002+a7dba0ac.x86_64.rpm
rubygem-bundlernoarch141.module+el8.6.0+1002+a7dba0acrubygem-bundler-2.2.33-141.module+el8.6.0+1002+a7dba0ac.noarch.rpm
rubygem-io-consolex86_64141.module+el8.6.0+1002+a7dba0acrubygem-io-console-0.5.7-141.module+el8.6.0+1002+a7dba0ac.x86_64.rpm
rubygem-irbnoarch141.module+el8.6.0+1002+a7dba0acrubygem-irb-1.3.5-141.module+el8.6.0+1002+a7dba0ac.noarch.rpm

Показывать по

Связанные CVE

CVE-2021-41817
CVE-2021-41819
CVE-2022-28738
CVE-2022-28739

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2022-6450

oracle-oval
почти 3 года назад

ELSA-2022-6450: ruby:3.0 security, bug fix, and enhancement update (MODERATE)

rocky логотип

RLSA-2022:6447

rocky
почти 3 года назад

Moderate: ruby:2.7 security, bug fix, and enhancement update

oracle-oval логотип

ELSA-2022-6447

oracle-oval
почти 3 года назад

ELSA-2022-6447: ruby:2.7 security, bug fix, and enhancement update (MODERATE)

rocky логотип

RLSA-2022:5779

rocky
почти 3 года назад

Moderate: ruby:2.5 security update

oracle-oval логотип

ELSA-2022-5779

oracle-oval
почти 3 года назад

ELSA-2022-5779: ruby:2.5 security update (MODERATE)