Oracle Linux 9 ELSA-2024-3668 Moderate: Ruby 3.1 Buffer Overread Fix
oracle
June 10, 2024
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
Summary
ruby [3.1.5-144] - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-34121 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-33871 [3.1.4-143] - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI. Resolves: RHEL-28919 Resolves: RHEL-5612 - Fix ReDos vulnerability in Time. Resolves: RHEL-28920 - Make RDoc soft dependency in IRB. Resolves: RHEL-5613 [3.1.2-142] - Bypass git submodule test failure on Git >= 2.38.1. - Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. - Fix for tzdata-2022g. - Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-5590 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-5590 - Disable fiddle tests that use FF...
Read the Full Advisory
SRPMs
Warning: Undefined array key "references" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3238872_8ef039c68d1d756f705e7dee9ba3d15b on line 11
http://oss.oracle.com/ol9/SRPMS-updates//ruby-3.1.5-144.module+el9.4.0+90348+c2ef46bf.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//rubygem-mysql2-0.5.4-1.module+el9.1.0+20815+286161bd.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//rubygem-pg-1.3.5-1.module+el9.1.0+20815+286161bd.src.rpm
x86_64
ruby-3.1.5-144.module+el9.4.0+90348+c2ef46bf.i686.rpm ruby-3.1.5-144.module+el9.4.0+90348+c2ef46bf.x86_64.rpm ruby-bundled-gems-3.1.5-144.module+el9.4.0+90348+c2ef46bf.i686.rpm ruby-bundled-gems-3.1.5-144.module+el9.4.0+90348+c2ef46bf.x86_64.rpm ruby-default-gems-3.1.5-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm ruby-devel-3.1.5-144.module+el9.4.0+90348+c2ef46bf.i686.rpm ruby-devel-3.1.5-144.module+el9.4.0+90348+c2ef46bf.x86_64.rpm ruby-doc-3.1.5-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygem-bigdecimal-3.1.1-144.module+el9.4.0+90348+c2ef46bf.i686.rpm rubygem-bigdecimal-3.1.1-144.module+el9.4.0+90348+c2ef46bf.x86_64.rpm rubygem-bundler-2.3.27-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygem-io-console-0.5.11-144.module+el9.4.0+90348+c2ef46bf.i686.rpm rubygem-io-console-0.5.11-144.module+el9.4.0+90348+c2ef46bf.x86_64.rpm rubygem-irb-1.4.1-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygem-json-2.6.1-144.module+el9.4.0+90348+c2ef46bf.i686.rpm rubygem-json-2.6.1-144.module...
Read the Full Advisoryaarch64
ruby-3.1.5-144.module+el9.4.0+90348+c2ef46bf.aarch64.rpm ruby-bundled-gems-3.1.5-144.module+el9.4.0+90348+c2ef46bf.aarch64.rpm ruby-default-gems-3.1.5-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm ruby-devel-3.1.5-144.module+el9.4.0+90348+c2ef46bf.aarch64.rpm ruby-doc-3.1.5-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygem-bigdecimal-3.1.1-144.module+el9.4.0+90348+c2ef46bf.aarch64.rpm rubygem-bundler-2.3.27-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygem-io-console-0.5.11-144.module+el9.4.0+90348+c2ef46bf.aarch64.rpm rubygem-irb-1.4.1-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygem-json-2.6.1-144.module+el9.4.0+90348+c2ef46bf.aarch64.rpm rubygem-minitest-5.15.0-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygem-mysql2-0.5.4-1.module+el9.1.0+20815+286161bd.aarch64.rpm rubygem-mysql2-doc-0.5.4-1.module+el9.1.0+20815+286161bd.noarch.rpm rubygem-pg-1.3.5-1.module+el9.1.0+20815+286161bd.aarch64.rpm rubygem-pg-doc-1.3.5-1.module+el9.1.0+20815+286161bd.noarch.rpm rubygem-power_assert-2.0.1-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygem-psych-4.0.4-144.module+el9.4.0+90348+c2ef46bf.aarch64.rpm rubygem-rake-13.0.6-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygem-rbs-2.7.0-144.module+el9.4.0+90348+c2ef46bf.aarch64.rpm rubygem-rdoc-6.4.1.1-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygem-rexml-3.2.5-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygem-rss-0.2.9-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygems-3.3.27-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygems-devel-3.3.27-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygem-test-unit-3.5.3-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm rubygem-typeprof-0.21.3-144.module+el9.4.0+90348+c2ef46bf.noarch.rpm ruby-libs-3.1.5-144.module+el9.4.0+90348+c2ef46bf.aarch64.rpm
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Related CVEs:
CVE-2024-27280
CVE-2024-27281
CVE-2024-27282
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!