[USN-6838-1] Ruby vulnerabilities

Affected Packages 16
CVEs 2

Several security issues were fixed in Ruby.

It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If
a user or automated system were tricked into parsing a specially crafted
.rdoc_options file, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2024-27281)

It was discovered that the Ruby regex compiler incorrectly handled certain
memory operations. A remote attacker could possibly use this issue to
obtain sensitive memory contents. (CVE-2024-27282)

Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/ruby3.2?distro=noble ubuntu ruby3.2 < 3.2.3-1ubuntu0.24.04.1 noble
Affected pkg:deb/ubuntu/ruby3.2-doc?distro=noble ubuntu ruby3.2-doc < 3.2.3-1ubuntu0.24.04.1 noble
Affected pkg:deb/ubuntu/ruby3.2-dev?distro=noble ubuntu ruby3.2-dev < 3.2.3-1ubuntu0.24.04.1 noble
Affected pkg:deb/ubuntu/ruby3.1?distro=mantic ubuntu ruby3.1 < 3.1.2-7ubuntu3.2 mantic
Affected pkg:deb/ubuntu/ruby3.1-doc?distro=mantic ubuntu ruby3.1-doc < 3.1.2-7ubuntu3.2 mantic
Affected pkg:deb/ubuntu/ruby3.1-dev?distro=mantic ubuntu ruby3.1-dev < 3.1.2-7ubuntu3.2 mantic
Affected pkg:deb/ubuntu/ruby3.0?distro=jammy ubuntu ruby3.0 < 3.0.2-7ubuntu2.6 jammy
Affected pkg:deb/ubuntu/ruby3.0-doc?distro=jammy ubuntu ruby3.0-doc < 3.0.2-7ubuntu2.6 jammy
Affected pkg:deb/ubuntu/ruby3.0-dev?distro=jammy ubuntu ruby3.0-dev < 3.0.2-7ubuntu2.6 jammy
Affected pkg:deb/ubuntu/ruby2.7?distro=focal ubuntu ruby2.7 < 2.7.0-5ubuntu1.13 focal
Affected pkg:deb/ubuntu/ruby2.7-doc?distro=focal ubuntu ruby2.7-doc < 2.7.0-5ubuntu1.13 focal
Affected pkg:deb/ubuntu/ruby2.7-dev?distro=focal ubuntu ruby2.7-dev < 2.7.0-5ubuntu1.13 focal
Affected pkg:deb/ubuntu/libruby3.2?distro=noble ubuntu libruby3.2 < 3.2.3-1ubuntu0.24.04.1 noble
Affected pkg:deb/ubuntu/libruby3.1?distro=mantic ubuntu libruby3.1 < 3.1.2-7ubuntu3.2 mantic
Affected pkg:deb/ubuntu/libruby3.0?distro=jammy ubuntu libruby3.0 < 3.0.2-7ubuntu2.6 jammy
Affected pkg:deb/ubuntu/libruby2.7?distro=focal ubuntu libruby2.7 < 2.7.0-5ubuntu1.13 focal
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date