Oracle Linux 9 ELSA-2024-3838 Moderate: Addressing Buffer Overread Risks
oracle
June 13, 2024
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
Summary
[3.0.7-162] - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35746 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35747 [3.0.4-161] - Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-12724 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-12724 [3.0.4-160] - Bypass git submodule test failure on Git >= 2.38.1. - Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. - Fix for tzdata-2022g. - Fix File.utime test. [3.0.4-160] - Upgrade to Ruby 3.0.4. Resolves: rhbz#2096347 - OpenSSL test suite fixes due to disabled SHA1. Resolves: rbhz#2107696 - F...
Read the Full Advisory
SRPMs
http://oss.oracle.com/ol9/SRPMS-updates//ruby-3.0.7-162.el9_4.src.rpm
x86_64
ruby-3.0.7-162.el9_4.i686.rpm ruby-3.0.7-162.el9_4.x86_64.rpm ruby-default-gems-3.0.7-162.el9_4.noarch.rpm ruby-devel-3.0.7-162.el9_4.i686.rpm ruby-devel-3.0.7-162.el9_4.x86_64.rpm ruby-libs-3.0.7-162.el9_4.i686.rpm ruby-libs-3.0.7-162.el9_4.x86_64.rpm rubygem-bigdecimal-3.0.0-162.el9_4.x86_64.rpm rubygem-bundler-2.2.33-162.el9_4.noarch.rpm rubygem-io-console-0.5.7-162.el9_4.x86_64.rpm rubygem-irb-1.3.5-162.el9_4.noarch.rpm rubygem-json-2.5.1-162.el9_4.x86_64.rpm rubygem-minitest-5.14.2-162.el9_4.noarch.rpm rubygem-power_assert-1.2.1-162.el9_4.noarch.rpm rubygem-psych-3.3.2-162.el9_4.x86_64.rpm rubygem-rake-13.0.3-162.el9_4.noarch.rpm rubygem-rbs-1.4.0-162.el9_4.noarch.rpm rubygem-rdoc-6.3.4.1-162.el9_4.noarch.rpm rubygem-rexml-3.2.5-162.el9_4.noarch.rpm rubygem-rss-0.2.9-162.el9_4.noarch.rpm rubygem-test-unit-3.3.7-162.el9_4.noarch.rpm rubygem-typeprof-0.15.2-162.el9_4.noarch.rpm rubygems-3.2.33-162.el9_4.noarch.rpm rubygems-devel-3.2.33-162.el9_4.noarch.rpm ruby-doc-3.0.7-162.el9_...
Read the Full Advisoryaarch64
ruby-3.0.7-162.el9_4.aarch64.rpm ruby-default-gems-3.0.7-162.el9_4.noarch.rpm ruby-devel-3.0.7-162.el9_4.aarch64.rpm ruby-libs-3.0.7-162.el9_4.aarch64.rpm rubygem-bigdecimal-3.0.0-162.el9_4.aarch64.rpm rubygem-bundler-2.2.33-162.el9_4.noarch.rpm rubygem-io-console-0.5.7-162.el9_4.aarch64.rpm rubygem-irb-1.3.5-162.el9_4.noarch.rpm rubygem-json-2.5.1-162.el9_4.aarch64.rpm rubygem-minitest-5.14.2-162.el9_4.noarch.rpm rubygem-power_assert-1.2.1-162.el9_4.noarch.rpm rubygem-psych-3.3.2-162.el9_4.aarch64.rpm rubygem-rake-13.0.3-162.el9_4.noarch.rpm rubygem-rbs-1.4.0-162.el9_4.noarch.rpm rubygem-rdoc-6.3.4.1-162.el9_4.noarch.rpm rubygem-rexml-3.2.5-162.el9_4.noarch.rpm rubygem-rss-0.2.9-162.el9_4.noarch.rpm rubygem-test-unit-3.3.7-162.el9_4.noarch.rpm rubygem-typeprof-0.15.2-162.el9_4.noarch.rpm rubygems-3.2.33-162.el9_4.noarch.rpm rubygems-devel-3.2.33-162.el9_4.noarch.rpm ruby-doc-3.0.7-162.el9_4.noarch.rpm
PREVIOUS
NEXT
Related CVEs:
CVE-2021-33621
CVE-2023-28755
CVE-2023-28756
CVE-2024-27280
CVE-2024-27281
CVE-2024-27282
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!