{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2024:1431","synopsis":"Moderate: ruby:3.1 security, bug fix, and enhancement update","severity":"SEVERITY_MODERATE","topic":"An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nThe following packages have been upgraded to a later upstream version: ruby (3.1). (Rocky Linux-28565)\n\nSecurity Fix(es):\n\n* ruby\/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)\n\n* ruby: ReDoS vulnerability in URI (CVE-2023-28755)\n\n* ruby: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617)\n\n* ruby: ReDoS vulnerability in Time (CVE-2023-28756)\n\nBug Fix(es):\n\n* ruby\/rubygem-irb: IRB has hard dependency on rubygem-rdoc (Rocky Linux-28569)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"2149706","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2149706","description":""},{"ticket":"2184059","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2184059","description":""},{"ticket":"2184061","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2184061","description":""},{"ticket":"2218614","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2218614","description":""}],"cves":[{"name":"CVE-2021-33621","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-33621","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-28755","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-28755","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-28756","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-28756","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-36617","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-36617","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"}],"references":[],"publishedAt":"2024-03-27T04:34:32.999941Z","rpms":{"Rocky Linux 8":{"nvras":["ruby-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","ruby-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.i686.rpm","ruby-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.src.rpm","ruby-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","ruby-bundled-gems-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","ruby-bundled-gems-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.i686.rpm","ruby-bundled-gems-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","ruby-bundled-gems-debuginfo-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","ruby-bundled-gems-debuginfo-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.i686.rpm","ruby-bundled-gems-debuginfo-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","ruby-debuginfo-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","ruby-debuginfo-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.i686.rpm","ruby-debuginfo-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","ruby-debugsource-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","ruby-debugsource-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.i686.rpm","ruby-debugsource-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","ruby-default-gems-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","ruby-devel-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","ruby-devel-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.i686.rpm","ruby-devel-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","ruby-doc-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","rubygem-abrt-0:0.4.0-1.module+el8.5.0+668+665814fa.noarch.rpm","rubygem-abrt-0:0.4.0-1.module+el8.5.0+668+665814fa.src.rpm","rubygem-abrt-doc-0:0.4.0-1.module+el8.5.0+668+665814fa.noarch.rpm","rubygem-bigdecimal-0:3.1.1-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","rubygem-bigdecimal-0:3.1.1-142.module+el8.9.0+1759+ff68ae72.i686.rpm","rubygem-bigdecimal-0:3.1.1-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","rubygem-bigdecimal-debuginfo-0:3.1.1-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","rubygem-bigdecimal-debuginfo-0:3.1.1-142.module+el8.9.0+1759+ff68ae72.i686.rpm","rubygem-bigdecimal-debuginfo-0:3.1.1-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","rubygem-bundler-0:2.3.26-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","rubygem-io-console-0:0.5.11-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","rubygem-io-console-0:0.5.11-142.module+el8.9.0+1759+ff68ae72.i686.rpm","rubygem-io-console-0:0.5.11-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","rubygem-io-console-debuginfo-0:0.5.11-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","rubygem-io-console-debuginfo-0:0.5.11-142.module+el8.9.0+1759+ff68ae72.i686.rpm","rubygem-io-console-debuginfo-0:0.5.11-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","rubygem-irb-0:1.4.1-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","rubygem-json-0:2.6.1-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","rubygem-json-0:2.6.1-142.module+el8.9.0+1759+ff68ae72.i686.rpm","rubygem-json-0:2.6.1-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","rubygem-json-debuginfo-0:2.6.1-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","rubygem-json-debuginfo-0:2.6.1-142.module+el8.9.0+1759+ff68ae72.i686.rpm","rubygem-json-debuginfo-0:2.6.1-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","rubygem-minitest-0:5.15.0-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","rubygem-mysql2-0:0.5.3-3.module+el8.9.0+1759+ff68ae72.aarch64.rpm","rubygem-mysql2-0:0.5.3-3.module+el8.9.0+1759+ff68ae72.src.rpm","rubygem-mysql2-0:0.5.3-3.module+el8.9.0+1759+ff68ae72.x86_64.rpm","rubygem-mysql2-debuginfo-0:0.5.3-3.module+el8.9.0+1759+ff68ae72.aarch64.rpm","rubygem-mysql2-debuginfo-0:0.5.3-3.module+el8.9.0+1759+ff68ae72.x86_64.rpm","rubygem-mysql2-debugsource-0:0.5.3-3.module+el8.9.0+1759+ff68ae72.aarch64.rpm","rubygem-mysql2-debugsource-0:0.5.3-3.module+el8.9.0+1759+ff68ae72.x86_64.rpm","rubygem-mysql2-doc-0:0.5.3-3.module+el8.9.0+1759+ff68ae72.noarch.rpm","rubygem-pg-0:1.3.2-1.module+el8.7.0+1081+f0a69743.aarch64.rpm","rubygem-pg-0:1.3.2-1.module+el8.7.0+1081+f0a69743.src.rpm","rubygem-pg-0:1.3.2-1.module+el8.7.0+1081+f0a69743.x86_64.rpm","rubygem-pg-debuginfo-0:1.3.2-1.module+el8.7.0+1081+f0a69743.aarch64.rpm","rubygem-pg-debuginfo-0:1.3.2-1.module+el8.7.0+1081+f0a69743.x86_64.rpm","rubygem-pg-debugsource-0:1.3.2-1.module+el8.7.0+1081+f0a69743.aarch64.rpm","rubygem-pg-debugsource-0:1.3.2-1.module+el8.7.0+1081+f0a69743.x86_64.rpm","rubygem-pg-doc-0:1.3.2-1.module+el8.7.0+1081+f0a69743.noarch.rpm","rubygem-power_assert-0:2.0.1-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","rubygem-psych-0:4.0.4-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","rubygem-psych-0:4.0.4-142.module+el8.9.0+1759+ff68ae72.i686.rpm","rubygem-psych-0:4.0.4-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","rubygem-psych-debuginfo-0:4.0.4-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","rubygem-psych-debuginfo-0:4.0.4-142.module+el8.9.0+1759+ff68ae72.i686.rpm","rubygem-psych-debuginfo-0:4.0.4-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","rubygem-rake-0:13.0.6-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","rubygem-rbs-0:2.7.0-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","rubygem-rbs-0:2.7.0-142.module+el8.9.0+1759+ff68ae72.i686.rpm","rubygem-rbs-0:2.7.0-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","rubygem-rbs-debuginfo-0:2.7.0-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","rubygem-rbs-debuginfo-0:2.7.0-142.module+el8.9.0+1759+ff68ae72.i686.rpm","rubygem-rbs-debuginfo-0:2.7.0-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","rubygem-rdoc-0:6.4.0-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","rubygem-rexml-0:3.2.5-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","rubygem-rss-0:0.2.9-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","rubygems-0:3.3.26-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","rubygems-devel-0:3.3.26-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","rubygem-test-unit-0:3.5.3-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","rubygem-typeprof-0:0.21.3-142.module+el8.9.0+1759+ff68ae72.noarch.rpm","ruby-libs-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","ruby-libs-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.i686.rpm","ruby-libs-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm","ruby-libs-debuginfo-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.aarch64.rpm","ruby-libs-debuginfo-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.i686.rpm","ruby-libs-debuginfo-0:3.1.4-142.module+el8.9.0+1759+ff68ae72.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]}