SUSE: 2024:3874-1 important: ruby2.5 Security Advisory Updates

suse

November 1, 2024

* bsc#1224390 * bsc#1228072 * bsc#1228794 * bsc#1228799 * bsc#1229673

Summary

## This update for ruby2.5 fixes the following issues: * CVE-2024-43398: Fixed DoS when parsing a XML that has many deep elements with the same local name attributes (bsc#1229673) * CVE-2024-41123: Fixed DoS when parsing an XML that contains many specific characters such as whitespaces, >] and ]> (bsc#1228794) * CVE-2024-41946: Fixed DoS when parsing an XML that has many entity expansions with SAX2 or pull parser API (bsc#1228799) * CVE-2024-35176: Fixed DoS when parsing an XML that has many left angled brackets in an attribute value (bsc#1224390) * CVE-2024-39908: Fixed ReDos when parsing an XML that has many specific characters (bsc#1228072) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics Covered

No topics assigned

References

* bsc#1224390

* bsc#1228072

* bsc#1228794

* bsc#1228799

* bsc#1229673

Cross-

* CVE-2024-35176

* CVE-2024-39908

* CVE-2024-41123

* CVE-2024-41946

* CVE-2024-43398

CVSS scores:

* CVE-2024-35176 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-39908 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-41123 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2024-41123 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-41123 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-41123 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-41946 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2024:3874-1

Release Date: 2024-11-01T15:26:07Z

Rating: important

Topics Covered

No topics assigned

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2024:3874-1 important: ruby2.5 Security Advisory Updates

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2024:3874-1 important: ruby2.5 Security Advisory Updates

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!