[FEDORA-2023-a7be7ea1aa] Fedora 36: ruby
Severity
Medium
Affected Packages
1
CVEs
2
Upgrade to Ruby 3.1.4. * Fix ReDoS vulnerability in URI (CVE-2023-28755) * Fix
ReDoS vulnerability in Time (CVE-2023-28756) Fix bundler improperly resolving
archful gems in Gemfile.lock. (rhbz#2178171)
Package | Affected Version |
---|---|
pkg:rpm/fedora/ruby?distro=fedora-36 | < 3.1.4.175.fc36 |
- ID
- FEDORA-2023-a7be7ea1aa
- Severity
- medium
- Severity from
- CVE-2023-28755
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-a7be7ea1aa
- Published
-
2023-04-21T01:25:27
(17 months ago) - Modified
-
2023-04-21T01:25:27
(17 months ago) - Rights
- Copyright 2023 Red Hat, Inc.
- Other Advisories
-
- ALAS2-2023-2084
- ALPINE:CVE-2023-28755
- ALPINE:CVE-2023-28756
- ALSA-2023:3821
- ALSA-2023:7025
- ALSA-2024:1431
- ALSA-2024:1576
- ALSA-2024:3500
- ALSA-2024:3838
- ELSA-2023-3821
- ELSA-2023-7025
- ELSA-2024-1431
- ELSA-2024-1576
- ELSA-2024-3500
- ELSA-2024-3838
- FEDORA-2023-6b924d3b75
- FEDORA-2023-f58d72c700
- FEDORA-2024-31cac8b8ec
- FEDORA-2024-48bdd3abbf
- FREEBSD:6BD2773C-CF1A-11ED-BD44-080027F5FEC9
- FREEBSD:9B60BBA1-CF18-11ED-BD44-080027F5FEC9
- GLSA-202401-27
- RHSA-2023:3821
- RHSA-2023:7025
- RHSA-2024:1431
- RHSA-2024:1576
- RHSA-2024:3500
- RHSA-2024:3838
- RUBYSEC:TIME-2023-28756
- RUBYSEC:URI-2023-28755
- RUBYSEC:URI-2023-36617
- SSA:2023-090-01
- SUSE-SU-2023:4176-1
- USN-6055-1
- USN-6055-2
- USN-6087-1
- USN-6181-1
- USN-6219-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 2184061 | Bug #2184061 - CVE-2023-28756 ruby: ReDoS vulnerability in Time | https://bugzilla.redhat.com/show_bug.cgi?id=2184061 |
Bugzilla | 2184059 | Bug #2184059 - CVE-2023-28755 ruby: ReDoS vulnerability in URI | https://bugzilla.redhat.com/show_bug.cgi?id=2184059 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/ruby?distro=fedora-36 | fedora | ruby | < 3.1.4.175.fc36 | fedora-36 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |