Alerts This Week
Warning Icon 1 1,179
Alerts This Week
Warning Icon 1 1,179

Oracle Linux 9 ELSA-2024-10858 Important Ruby Update for ReDoS

oracle
Calendar Grey December 13, 2024
Oracle Linux Logo Esm H88
Red Hat Linux Security Update RHSA-2024-20497 delivers essential patches for Python, aimed at addressing vulnerabilities.
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

[3.0.7-163] - Fix REXML ReDoS vulnerability. (CVE-2024-49761) Resolves: rbhz#2322153 [3.0.7-162] - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35746 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35747 [3.0.4-161] - Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-12724 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-12724 [3.0.4-160] - Bypass git submodule test failure on Git >= 2.38.1. - Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. - Fix for tzdata-2022g. - Fix File.utime test.

Topics%20covered

Topics Covered

security advisory update threat important ruby oracle reDoS

SRPMs

http://oss.oracle.com/ol9/SRPMS-updates//ruby-3.0.7-163.el9_5.src.rpm

x86_64

ruby-3.0.7-163.el9_5.i686.rpm ruby-3.0.7-163.el9_5.x86_64.rpm ruby-default-gems-3.0.7-163.el9_5.noarch.rpm ruby-devel-3.0.7-163.el9_5.i686.rpm ruby-devel-3.0.7-163.el9_5.x86_64.rpm ruby-libs-3.0.7-163.el9_5.i686.rpm ruby-libs-3.0.7-163.el9_5.x86_64.rpm rubygem-bigdecimal-3.0.0-163.el9_5.x86_64.rpm rubygem-bundler-2.2.33-163.el9_5.noarch.rpm rubygem-io-console-0.5.7-163.el9_5.x86_64.rpm rubygem-irb-1.3.5-163.el9_5.noarch.rpm rubygem-json-2.5.1-163.el9_5.x86_64.rpm rubygem-minitest-5.14.2-163.el9_5.noarch.rpm rubygem-power_assert-1.2.1-163.el9_5.noarch.rpm rubygem-psych-3.3.2-163.el9_5.x86_64.rpm rubygem-rake-13.0.3-163.el9_5.noarch.rpm rubygem-rbs-1.4.0-163.el9_5.noarch.rpm rubygem-rdoc-6.3.4.1-163.el9_5.noarch.rpm rubygem-rexml-3.2.5-163.el9_5.noarch.rpm rubygem-rss-0.2.9-163.el9_5.noarch.rpm rubygem-test-unit-3.3.7-163.el9_5.noarch.rpm rubygem-typeprof-0.15.2-163.el9_5.noarch.rpm rubygems-3.2.33-163.el9_5.noarch.rpm rubygems-devel-3.2.33-163.el9_5.noarch.rpm ruby-doc-3.0.7-163.el9_...

Read the Full Advisory

aarch64

ruby-3.0.7-163.el9_5.aarch64.rpm ruby-default-gems-3.0.7-163.el9_5.noarch.rpm ruby-devel-3.0.7-163.el9_5.aarch64.rpm ruby-libs-3.0.7-163.el9_5.aarch64.rpm rubygem-bigdecimal-3.0.0-163.el9_5.aarch64.rpm rubygem-bundler-2.2.33-163.el9_5.noarch.rpm rubygem-io-console-0.5.7-163.el9_5.aarch64.rpm rubygem-irb-1.3.5-163.el9_5.noarch.rpm rubygem-json-2.5.1-163.el9_5.aarch64.rpm rubygem-minitest-5.14.2-163.el9_5.noarch.rpm rubygem-power_assert-1.2.1-163.el9_5.noarch.rpm rubygem-psych-3.3.2-163.el9_5.aarch64.rpm rubygem-rake-13.0.3-163.el9_5.noarch.rpm rubygem-rbs-1.4.0-163.el9_5.noarch.rpm rubygem-rdoc-6.3.4.1-163.el9_5.noarch.rpm rubygem-rexml-3.2.5-163.el9_5.noarch.rpm rubygem-rss-0.2.9-163.el9_5.noarch.rpm rubygem-test-unit-3.3.7-163.el9_5.noarch.rpm rubygem-typeprof-0.15.2-163.el9_5.noarch.rpm rubygems-3.2.33-163.el9_5.noarch.rpm rubygems-devel-3.2.33-163.el9_5.noarch.rpm ruby-doc-3.0.7-163.el9_5.noarch.rpm

Severity
important
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2024-49761

Topics%20covered

Topics Covered

security advisory update threat important ruby oracle reDoS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here