Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Oracle Linux 9: ELSA-2024-3671 Moderate: Ruby RCE And Buffer Overread Fixes

oracle
Calendar Grey June 10, 2024
Oracle Linux Logo Esm H88
The updates for Ruby 3.3.1 in Oracle Linux tackle moderate concerns such as buffer overflow and remote code execution (RCE) vulnerabilities.
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37699 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282) Resolves: RHEL-37698 rubygem-mysql2 [0.5.5-1] - Upgrade to mysql2 0.5.5. Related: RHEL-17089 rubygem-pg [1.5.4-1] - Upgrade to pg 1.5.4. Related: RHEL-17089

Topics%20covered

Topics Covered

security advisory code execution Ruby Oracle Linux buffer overread rpm updates RCD threat

SRPMs

http://oss.oracle.com/ol9/SRPMS-updates//ruby-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//rubygem-mysql2-0.5.5-1.module+el9.4.0+90257+8524dee7.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//rubygem-pg-1.5.4-1.module+el9.4.0+90257+8524dee7.src.rpm

x86_64

ruby-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.i686.rpm ruby-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.x86_64.rpm ruby-bundled-gems-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.i686.rpm ruby-bundled-gems-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.x86_64.rpm ruby-default-gems-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm ruby-devel-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.i686.rpm ruby-devel-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.x86_64.rpm ruby-doc-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygem-bigdecimal-3.1.5-2.module+el9.4.0+90346+4cb4c4f5.i686.rpm rubygem-bigdecimal-3.1.5-2.module+el9.4.0+90346+4cb4c4f5.x86_64.rpm rubygem-bundler-2.5.9-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygem-io-console-0.7.1-2.module+el9.4.0+90346+4cb4c4f5.i686.rpm rubygem-io-console-0.7.1-2.module+el9.4.0+90346+4cb4c4f5.x86_64.rpm rubygem-irb-1.11.0-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygem-json-2.7.1-2.module+el9.4.0+90346+4cb4c4f5.i686.rpm rubygem-json-2.7.1-2.module+el9.4.0+90346+4cb4c4f5.x86_64.rpm ...

Read the Full Advisory

aarch64

ruby-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.aarch64.rpm ruby-bundled-gems-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.aarch64.rpm ruby-default-gems-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm ruby-devel-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.aarch64.rpm ruby-doc-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygem-bigdecimal-3.1.5-2.module+el9.4.0+90346+4cb4c4f5.aarch64.rpm rubygem-bundler-2.5.9-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygem-io-console-0.7.1-2.module+el9.4.0+90346+4cb4c4f5.aarch64.rpm rubygem-irb-1.11.0-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygem-json-2.7.1-2.module+el9.4.0+90346+4cb4c4f5.aarch64.rpm rubygem-minitest-5.20.0-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygem-mysql2-0.5.5-1.module+el9.4.0+90257+8524dee7.aarch64.rpm rubygem-mysql2-doc-0.5.5-1.module+el9.4.0+90257+8524dee7.noarch.rpm rubygem-pg-1.5.4-1.module+el9.4.0+90257+8524dee7.aarch64.rpm rubygem-pg-doc-1.5.4-1.module+el9.4.0+90257+8524dee7.noarch.rpm rubygem-power_assert-2.0.3-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygem-psych-5.1.2-2.module+el9.4.0+90346+4cb4c4f5.aarch64.rpm rubygem-racc-1.7.3-2.module+el9.4.0+90346+4cb4c4f5.aarch64.rpm rubygem-rake-13.1.0-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygem-rbs-3.4.0-2.module+el9.4.0+90346+4cb4c4f5.aarch64.rpm rubygem-rdoc-6.6.3.1-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygem-rexml-3.2.6-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygem-rss-0.3.0-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygems-3.5.9-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygems-devel-3.5.9-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygem-test-unit-3.6.1-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm rubygem-typeprof-0.21.9-2.module+el9.4.0+90346+4cb4c4f5.noarch.rpm ruby-libs-3.3.1-2.module+el9.4.0+90346+4cb4c4f5.aarch64.rpm

Related CVEs: CVE-2024-27280 CVE-2024-27281 CVE-2024-27282

Topics%20covered

Topics Covered

security advisory code execution Ruby Oracle Linux buffer overread rpm updates RCD threat

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here