1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-6838-1

[USN-6838-1] Ruby vulnerabilities

Severity Medium
Affected Packages 16
CVEs 2
Info Packages Vulnerabilities

Several security issues were fixed in Ruby.

It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If
a user or automated system were tricked into parsing a specially crafted
.rdoc_options file, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2024-27281)

It was discovered that the Ruby regex compiler incorrectly handled certain
memory operations. A remote attacker could possibly use this issue to
obtain sensitive memory contents. (CVE-2024-27282)

Package Affected Version
pkg:deb/ubuntu/ruby3.2?distro=noble < 3.2.3-1ubuntu0.24.04.1
pkg:deb/ubuntu/ruby3.2-doc?distro=noble < 3.2.3-1ubuntu0.24.04.1
pkg:deb/ubuntu/ruby3.2-dev?distro=noble < 3.2.3-1ubuntu0.24.04.1
pkg:deb/ubuntu/ruby3.1?distro=mantic < 3.1.2-7ubuntu3.2
pkg:deb/ubuntu/ruby3.1-doc?distro=mantic < 3.1.2-7ubuntu3.2
pkg:deb/ubuntu/ruby3.1-dev?distro=mantic < 3.1.2-7ubuntu3.2
pkg:deb/ubuntu/ruby3.0?distro=jammy < 3.0.2-7ubuntu2.6
pkg:deb/ubuntu/ruby3.0-doc?distro=jammy < 3.0.2-7ubuntu2.6
pkg:deb/ubuntu/ruby3.0-dev?distro=jammy < 3.0.2-7ubuntu2.6
pkg:deb/ubuntu/ruby2.7?distro=focal < 2.7.0-5ubuntu1.13
pkg:deb/ubuntu/ruby2.7-doc?distro=focal < 2.7.0-5ubuntu1.13
pkg:deb/ubuntu/ruby2.7-dev?distro=focal < 2.7.0-5ubuntu1.13
pkg:deb/ubuntu/libruby3.2?distro=noble < 3.2.3-1ubuntu0.24.04.1
pkg:deb/ubuntu/libruby3.1?distro=mantic < 3.1.2-7ubuntu3.2
pkg:deb/ubuntu/libruby3.0?distro=jammy < 3.0.2-7ubuntu2.6
pkg:deb/ubuntu/libruby2.7?distro=focal < 2.7.0-5ubuntu1.13
ID
USN-6838-1
Severity
medium
Severity from
CVE-2024-27281
URL
https://ubuntu.com/security/notices/USN-6838-1
Published
2024-06-17T14:24:17
(2 months ago)
Modified
2024-06-17T14:24:17
(2 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/ruby3.2?distro=noble ubuntu ruby3.2 < 3.2.3-1ubuntu0.24.04.1 noble
Affected pkg:deb/ubuntu/ruby3.2-doc?distro=noble ubuntu ruby3.2-doc < 3.2.3-1ubuntu0.24.04.1 noble
Affected pkg:deb/ubuntu/ruby3.2-dev?distro=noble ubuntu ruby3.2-dev < 3.2.3-1ubuntu0.24.04.1 noble
Affected pkg:deb/ubuntu/ruby3.1?distro=mantic ubuntu ruby3.1 < 3.1.2-7ubuntu3.2 mantic
Affected pkg:deb/ubuntu/ruby3.1-doc?distro=mantic ubuntu ruby3.1-doc < 3.1.2-7ubuntu3.2 mantic
Affected pkg:deb/ubuntu/ruby3.1-dev?distro=mantic ubuntu ruby3.1-dev < 3.1.2-7ubuntu3.2 mantic
Affected pkg:deb/ubuntu/ruby3.0?distro=jammy ubuntu ruby3.0 < 3.0.2-7ubuntu2.6 jammy
Affected pkg:deb/ubuntu/ruby3.0-doc?distro=jammy ubuntu ruby3.0-doc < 3.0.2-7ubuntu2.6 jammy
Affected pkg:deb/ubuntu/ruby3.0-dev?distro=jammy ubuntu ruby3.0-dev < 3.0.2-7ubuntu2.6 jammy
Affected pkg:deb/ubuntu/ruby2.7?distro=focal ubuntu ruby2.7 < 2.7.0-5ubuntu1.13 focal
Affected pkg:deb/ubuntu/ruby2.7-doc?distro=focal ubuntu ruby2.7-doc < 2.7.0-5ubuntu1.13 focal
Affected pkg:deb/ubuntu/ruby2.7-dev?distro=focal ubuntu ruby2.7-dev < 2.7.0-5ubuntu1.13 focal
Affected pkg:deb/ubuntu/libruby3.2?distro=noble ubuntu libruby3.2 < 3.2.3-1ubuntu0.24.04.1 noble
Affected pkg:deb/ubuntu/libruby3.1?distro=mantic ubuntu libruby3.1 < 3.1.2-7ubuntu3.2 mantic
Affected pkg:deb/ubuntu/libruby3.0?distro=jammy ubuntu libruby3.0 < 3.0.2-7ubuntu2.6 jammy
Affected pkg:deb/ubuntu/libruby2.7?distro=focal ubuntu libruby2.7 < 2.7.0-5ubuntu1.13 focal
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date