[ALAS2-2023-2084] Amazon Linux 2 2017.12 - ALAS2-2023-2084: medium priority package update for ruby
Severity
Medium
Affected Packages
34
CVEs
1
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2023-28756:
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
- ID
- ALAS2-2023-2084
- Severity
- medium
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2023-2084.html
- Published
-
2023-06-07T23:52:00
(15 months ago) - Modified
-
2023-06-12T23:09:00
(15 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALPINE:CVE-2023-28756
-
ALSA-2023:3821
-
ALSA-2023:7025
-
ALSA-2024:1431
-
ALSA-2024:1576
-
ALSA-2024:3500
-
ALSA-2024:3838
-
ELSA-2023-3821
-
ELSA-2023-7025
-
ELSA-2024-1431
-
ELSA-2024-1576
-
ELSA-2024-3500
-
ELSA-2024-3838
-
FEDORA-2023-6b924d3b75
-
FEDORA-2023-a7be7ea1aa
-
FEDORA-2023-f58d72c700
-
FREEBSD:6BD2773C-CF1A-11ED-BD44-080027F5FEC9
-
GLSA-202401-27
-
RHSA-2023:3821
-
RHSA-2023:7025
-
RHSA-2024:1431
-
RHSA-2024:1576
-
RHSA-2024:3500
-
RHSA-2024:3838
-
RUBYSEC:TIME-2023-28756
-
SSA:2023-090-01
-
SUSE-SU-2023:4176-1
-
USN-6055-1
-
USN-6087-1
-
USN-6181-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2023-28756 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/rubygems?arch=noarch&distro=amazonlinux-2 | amazonlinux |
 rubygems
|
< 2.0.14.1-36.amzn2.0.4 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygems-devel?arch=noarch&distro=amazonlinux-2 | amazonlinux |
rubygems-devel
|
< 2.0.14.1-36.amzn2.0.4 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem-rdoc?arch=noarch&distro=amazonlinux-2 | amazonlinux |
rubygem-rdoc
|
< 4.0.0-36.amzn2.0.4 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem-rake?arch=noarch&distro=amazonlinux-2 | amazonlinux |
rubygem-rake
|
< 0.9.6-36.amzn2.0.4 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
rubygem-psych
|
< 2.0.0-36.amzn2.0.4 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=i686&distro=amazonlinux-2 | amazonlinux |
rubygem-psych
|
< 2.0.0-36.amzn2.0.4 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
rubygem-psych
|
< 2.0.0-36.amzn2.0.4 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-minitest?arch=noarch&distro=amazonlinux-2 | amazonlinux |
rubygem-minitest
|
< 4.3.2-36.amzn2.0.4 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem-json?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
rubygem-json
|
< 1.7.7-36.amzn2.0.4 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-json?arch=i686&distro=amazonlinux-2 | amazonlinux |
rubygem-json
|
< 1.7.7-36.amzn2.0.4 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem-json?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
rubygem-json
|
< 1.7.7-36.amzn2.0.4 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
rubygem-io-console
|
< 0.4.2-36.amzn2.0.4 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=i686&distro=amazonlinux-2 | amazonlinux |
rubygem-io-console
|
< 0.4.2-36.amzn2.0.4 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
rubygem-io-console
|
< 0.4.2-36.amzn2.0.4 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
rubygem-bigdecimal
|
< 1.2.0-36.amzn2.0.4 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=i686&distro=amazonlinux-2 | amazonlinux |
rubygem-bigdecimal
|
< 1.2.0-36.amzn2.0.4 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
rubygem-bigdecimal
|
< 1.2.0-36.amzn2.0.4 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby-tcltk
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby-tcltk
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby-tcltk
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby-libs?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby-libs
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby-libs?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby-libs
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby-libs?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby-libs
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby-irb?arch=noarch&distro=amazonlinux-2 | amazonlinux |
ruby-irb
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/ruby-doc?arch=noarch&distro=amazonlinux-2 | amazonlinux |
ruby-doc
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/ruby-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby-devel
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby-devel?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby-devel
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby-devel
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby-debuginfo
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby-debuginfo
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby-debuginfo
|
< 2.0.0.648-36.amzn2.0.4 | amazonlinux-2 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |