[ELSA-2024-3838] ruby security update
[3.0.7-162]
- Upgrade to Ruby 3.0.7.
Resolves: RHEL-35740
- Fix HTTP response splitting in CGI.
Resolves: RHEL-35741
- Fix ReDoS vulnerability in URI.
Resolves: RHEL-35742
- Fix ReDoS vulnerability in Time.
Resolves: RHEL-35743
- Fix buffer overread vulnerability in StringIO.
Resolves: RHEL-35744
- Fix RCE vulnerability with .rdoc_options in RDoc.
Resolves: RHEL-35746
- Fix arbitrary memory address read vulnerability with Regex search.
Resolves: RHEL-35747
[3.0.4-161]
- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS.
Resolves: RHEL-12724
- ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters
Related: RHEL-12724
[3.0.4-160]
- Bypass git submodule test failure on Git >= 2.38.1.
- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
- Fix for tzdata-2022g.
- Fix File.utime test.
[3.0.4-160]
- Upgrade to Ruby 3.0.4.
Resolves: rhbz#2096347
- OpenSSL test suite fixes due to disabled SHA1.
Resolves: rbhz#2107696
- Fix double free in Regexp compilation.
Resolves: CVE-2022-28738
- Fix buffer overrun in String-to-Float conversion.
Resolves: CVE-2022-28739
Affected
- ID
- ELSA-2024-3838
- Severity
- moderate
- URL
- https://linux.oracle.com/errata/ELSA-2024-3838.html
- Published
-
2024-06-13T00:00:00
(7 months ago) - Modified
-
2024-06-13T00:00:00
(7 months ago) - Rights
- Copyright 2024 Oracle, Inc.
- Other Advisories
-
- ALAS2-2023-2084
- ALAS2-2024-2503
- ALAS2-2024-2634
- ALAS2-2024-2637
- ALPINE:CVE-2021-33621
- ALPINE:CVE-2023-28755
- ALPINE:CVE-2023-28756
- ALPINE:CVE-2024-27280
- ALPINE:CVE-2024-27281
- ALPINE:CVE-2024-27282
- ALSA-2023:3821
- ALSA-2023:7025
- ALSA-2024:1431
- ALSA-2024:1576
- ALSA-2024:3500
- ALSA-2024:3546
- ALSA-2024:3668
- ALSA-2024:3670
- ALSA-2024:3671
- ALSA-2024:3838
- ALSA-2024:4499
- AZURELINUX:40520-1
- AZURELINUX:40523-1
- CBLMARINER:40675-1
- CBLMARINER:40733-1
- DSA-5677-1
- ELSA-2023-3821
- ELSA-2023-7025
- ELSA-2024-1431
- ELSA-2024-1576
- ELSA-2024-3500
- ELSA-2024-3546
- ELSA-2024-3668
- ELSA-2024-3670
- ELSA-2024-3671
- ELSA-2024-4499
- FEDORA-2022-b9b710f199
- FEDORA-2022-ef96a58bbe
- FEDORA-2022-f0f6c6bec2
- FEDORA-2023-6b924d3b75
- FEDORA-2023-a7be7ea1aa
- FEDORA-2023-f58d72c700
- FEDORA-2024-14db7b21a2
- FEDORA-2024-31cac8b8ec
- FEDORA-2024-48bdd3abbf
- FREEBSD:2CE1A2F1-0177-11EF-A45E-08002784C58D
- FREEBSD:6BD2773C-CF1A-11ED-BD44-080027F5FEC9
- FREEBSD:84AB03B6-6C20-11ED-B519-080027F5FEC9
- FREEBSD:9B60BBA1-CF18-11ED-BD44-080027F5FEC9
- GLSA-202401-27
- GLSA-202406-03
- MS:CVE-2024-27281
- MS:CVE-2024-27282
- RHSA-2023:3291
- RHSA-2023:3821
- RHSA-2023:7025
- RHSA-2024:1431
- RHSA-2024:1576
- RHSA-2024:3500
- RHSA-2024:3546
- RHSA-2024:3668
- RHSA-2024:3670
- RHSA-2024:3671
- RHSA-2024:3838
- RHSA-2024:4499
- RHSA-2024:4542
- RUBYSEC:CGI-2021-33621
- RUBYSEC:RDOC-2024-27281
- RUBYSEC:STRINGIO-2024-27280
- RUBYSEC:TIME-2023-28756
- RUBYSEC:URI-2023-28755
- RUBYSEC:URI-2023-36617
- SSA:2022-328-01
- SSA:2023-090-01
- SSA:2024-114-01
- SUSE-SU-2023:4176-1
- USN-5806-1
- USN-5806-2
- USN-5806-3
- USN-6055-1
- USN-6055-2
- USN-6087-1
- USN-6181-1
- USN-6219-1
- USN-6838-1
- USN-6853-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2024-3838 | https://linux.oracle.com/errata/ELSA-2024-3838.html | |
CVE | CVE-2021-33621 | https://linux.oracle.com/cve/CVE-2021-33621.html | |
CVE | CVE-2024-27281 | https://linux.oracle.com/cve/CVE-2024-27281.html | |
CVE | CVE-2023-28756 | https://linux.oracle.com/cve/CVE-2023-28756.html | |
CVE | CVE-2024-27282 | https://linux.oracle.com/cve/CVE-2024-27282.html | |
CVE | CVE-2024-27280 | https://linux.oracle.com/cve/CVE-2024-27280.html | |
CVE | CVE-2023-28755 | https://linux.oracle.com/cve/CVE-2023-28755.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/rubygems?distro=oraclelinux-9.4 | oraclelinux | rubygems | < 3.2.33-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygems-devel?distro=oraclelinux-9.4 | oraclelinux | rubygems-devel | < 3.2.33-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-typeprof?distro=oraclelinux-9.4 | oraclelinux | rubygem-typeprof | < 0.15.2-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-test-unit?distro=oraclelinux-9.4 | oraclelinux | rubygem-test-unit | < 3.3.7-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-rss?distro=oraclelinux-9.4 | oraclelinux | rubygem-rss | < 0.2.9-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-rexml?distro=oraclelinux-9.4 | oraclelinux | rubygem-rexml | < 3.2.5-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-rdoc?distro=oraclelinux-9.4 | oraclelinux | rubygem-rdoc | < 6.3.4.1-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-rbs?distro=oraclelinux-9.4 | oraclelinux | rubygem-rbs | < 1.4.0-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-rake?distro=oraclelinux-9.4 | oraclelinux | rubygem-rake | < 13.0.3-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-psych?distro=oraclelinux-9.4 | oraclelinux | rubygem-psych | < 3.3.2-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-power_assert?distro=oraclelinux-9.4 | oraclelinux | rubygem-power_assert | < 1.2.1-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-minitest?distro=oraclelinux-9.4 | oraclelinux | rubygem-minitest | < 5.14.2-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-json?distro=oraclelinux-9.4 | oraclelinux | rubygem-json | < 2.5.1-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-irb?distro=oraclelinux-9.4 | oraclelinux | rubygem-irb | < 1.3.5-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-io-console?distro=oraclelinux-9.4 | oraclelinux | rubygem-io-console | < 0.5.7-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-bundler?distro=oraclelinux-9.4 | oraclelinux | rubygem-bundler | < 2.2.33-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-bigdecimal?distro=oraclelinux-9.4 | oraclelinux | rubygem-bigdecimal | < 3.0.0-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/ruby?distro=oraclelinux-9.4 | oraclelinux | ruby | < 3.0.7-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/ruby-libs?distro=oraclelinux-9.4 | oraclelinux | ruby-libs | < 3.0.7-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/ruby-doc?distro=oraclelinux-9.4 | oraclelinux | ruby-doc | < 3.0.7-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/ruby-devel?distro=oraclelinux-9.4 | oraclelinux | ruby-devel | < 3.0.7-162.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/ruby-default-gems?distro=oraclelinux-9.4 | oraclelinux | ruby-default-gems | < 3.0.7-162.el9_4 | oraclelinux-9.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |