[Apollo] Advisories Statistics light light Login

RLSA-2024:4499

Security Mirrored from RHSA-2024:4499
Issued at: 2024-07-15
Updated at: 2024-07-15

Synopsis

Moderate: ruby security update



Description

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

* rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617)

* ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)

* ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)

* ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)

* REXML: DoS parsing an XML with many `<`s in an attribute value (CVE-2024-35176)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2218614 2270749 2270750 2276810 2280894

CVEs

CVE-2023-36617 CVE-2024-27280 CVE-2024-27281 CVE-2024-27282 CVE-2024-35176

Affected packages

Rocky Linux 8 aarch64 - AppStream

ruby-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm ruby-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.src.rpm ruby-debuginfo-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm ruby-debugsource-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm ruby-devel-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm ruby-doc-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-abrt-0:0.3.0-4.module+el8.5.0+738+032c9c02.noarch.rpm rubygem-abrt-0:0.3.0-4.module+el8.5.0+738+032c9c02.src.rpm rubygem-abrt-doc-0:0.3.0-4.module+el8.5.0+738+032c9c02.noarch.rpm rubygem-bigdecimal-0:1.3.4-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm rubygem-bigdecimal-debuginfo-0:1.3.4-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm rubygem-bson-0:4.3.0-2.module+el8.9.0+1536+5f79634e.aarch64.rpm rubygem-bson-0:4.3.0-2.module+el8.9.0+1536+5f79634e.src.rpm rubygem-bson-debuginfo-0:4.3.0-2.module+el8.9.0+1536+5f79634e.aarch64.rpm rubygem-bson-debugsource-0:4.3.0-2.module+el8.9.0+1536+5f79634e.aarch64.rpm rubygem-bson-doc-0:4.3.0-2.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-bundler-0:1.16.1-4.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-bundler-0:1.16.1-4.module+el8.9.0+1536+5f79634e.src.rpm rubygem-bundler-doc-0:1.16.1-4.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-did_you_mean-0:1.2.0-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-io-console-0:0.4.6-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm rubygem-io-console-debuginfo-0:0.4.6-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm rubygem-json-0:2.1.0-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm rubygem-json-debuginfo-0:2.1.0-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm rubygem-minitest-0:5.10.3-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-mongo-0:2.5.1-2.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-mongo-0:2.5.1-2.module+el8.9.0+1536+5f79634e.src.rpm rubygem-mongo-doc-0:2.5.1-2.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-mysql2-0:0.4.10-4.module+el8.9.0+1536+5f79634e.aarch64.rpm rubygem-mysql2-0:0.4.10-4.module+el8.9.0+1536+5f79634e.src.rpm rubygem-mysql2-debuginfo-0:0.4.10-4.module+el8.9.0+1536+5f79634e.aarch64.rpm rubygem-mysql2-debugsource-0:0.4.10-4.module+el8.9.0+1536+5f79634e.aarch64.rpm rubygem-mysql2-doc-0:0.4.10-4.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-net-telnet-0:0.1.1-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-openssl-0:2.1.2-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm rubygem-openssl-debuginfo-0:2.1.2-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm rubygem-pg-0:1.0.0-3.module+el8.9.0+1536+5f79634e.aarch64.rpm rubygem-pg-0:1.0.0-3.module+el8.9.0+1536+5f79634e.src.rpm rubygem-pg-debuginfo-0:1.0.0-3.module+el8.9.0+1536+5f79634e.aarch64.rpm rubygem-pg-debugsource-0:1.0.0-3.module+el8.9.0+1536+5f79634e.aarch64.rpm rubygem-pg-doc-0:1.0.0-3.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-power_assert-0:1.1.1-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-psych-0:3.0.2-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm rubygem-psych-debuginfo-0:3.0.2-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm rubygem-rake-0:12.3.3-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-rdoc-0:6.0.1.1-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygems-0:2.7.6.3-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygems-devel-0:2.7.6.3-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-test-unit-0:3.2.7-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-xmlrpc-0:0.3.0-112.module+el8.10.0+1839+f1f156ae.noarch.rpm ruby-irb-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.noarch.rpm ruby-libs-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm ruby-libs-debuginfo-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

ruby-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.i686.rpm ruby-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.src.rpm ruby-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm ruby-debuginfo-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.i686.rpm ruby-debuginfo-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm ruby-debugsource-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.i686.rpm ruby-debugsource-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm ruby-devel-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.i686.rpm ruby-devel-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm ruby-doc-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-abrt-0:0.3.0-4.module+el8.5.0+738+032c9c02.noarch.rpm rubygem-abrt-0:0.3.0-4.module+el8.5.0+738+032c9c02.src.rpm rubygem-abrt-doc-0:0.3.0-4.module+el8.5.0+738+032c9c02.noarch.rpm rubygem-bigdecimal-0:1.3.4-112.module+el8.10.0+1839+f1f156ae.i686.rpm rubygem-bigdecimal-0:1.3.4-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm rubygem-bigdecimal-debuginfo-0:1.3.4-112.module+el8.10.0+1839+f1f156ae.i686.rpm rubygem-bigdecimal-debuginfo-0:1.3.4-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm rubygem-bson-0:4.3.0-2.module+el8.9.0+1536+5f79634e.src.rpm rubygem-bson-0:4.3.0-2.module+el8.9.0+1536+5f79634e.x86_64.rpm rubygem-bson-debuginfo-0:4.3.0-2.module+el8.9.0+1536+5f79634e.x86_64.rpm rubygem-bson-debugsource-0:4.3.0-2.module+el8.9.0+1536+5f79634e.x86_64.rpm rubygem-bson-doc-0:4.3.0-2.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-bundler-0:1.16.1-4.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-bundler-0:1.16.1-4.module+el8.9.0+1536+5f79634e.src.rpm rubygem-bundler-doc-0:1.16.1-4.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-did_you_mean-0:1.2.0-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-io-console-0:0.4.6-112.module+el8.10.0+1839+f1f156ae.i686.rpm rubygem-io-console-0:0.4.6-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm rubygem-io-console-debuginfo-0:0.4.6-112.module+el8.10.0+1839+f1f156ae.i686.rpm rubygem-io-console-debuginfo-0:0.4.6-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm rubygem-json-0:2.1.0-112.module+el8.10.0+1839+f1f156ae.i686.rpm rubygem-json-0:2.1.0-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm rubygem-json-debuginfo-0:2.1.0-112.module+el8.10.0+1839+f1f156ae.i686.rpm rubygem-json-debuginfo-0:2.1.0-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm rubygem-minitest-0:5.10.3-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-mongo-0:2.5.1-2.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-mongo-0:2.5.1-2.module+el8.9.0+1536+5f79634e.src.rpm rubygem-mongo-doc-0:2.5.1-2.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-mysql2-0:0.4.10-4.module+el8.9.0+1536+5f79634e.src.rpm rubygem-mysql2-0:0.4.10-4.module+el8.9.0+1536+5f79634e.x86_64.rpm rubygem-mysql2-debuginfo-0:0.4.10-4.module+el8.9.0+1536+5f79634e.x86_64.rpm rubygem-mysql2-debugsource-0:0.4.10-4.module+el8.9.0+1536+5f79634e.x86_64.rpm rubygem-mysql2-doc-0:0.4.10-4.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-net-telnet-0:0.1.1-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-openssl-0:2.1.2-112.module+el8.10.0+1839+f1f156ae.i686.rpm rubygem-openssl-0:2.1.2-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm rubygem-openssl-debuginfo-0:2.1.2-112.module+el8.10.0+1839+f1f156ae.i686.rpm rubygem-openssl-debuginfo-0:2.1.2-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm rubygem-pg-0:1.0.0-3.module+el8.9.0+1536+5f79634e.src.rpm rubygem-pg-0:1.0.0-3.module+el8.9.0+1536+5f79634e.x86_64.rpm rubygem-pg-debuginfo-0:1.0.0-3.module+el8.9.0+1536+5f79634e.x86_64.rpm rubygem-pg-debugsource-0:1.0.0-3.module+el8.9.0+1536+5f79634e.x86_64.rpm rubygem-pg-doc-0:1.0.0-3.module+el8.9.0+1536+5f79634e.noarch.rpm rubygem-power_assert-0:1.1.1-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-psych-0:3.0.2-112.module+el8.10.0+1839+f1f156ae.i686.rpm rubygem-psych-0:3.0.2-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm rubygem-psych-debuginfo-0:3.0.2-112.module+el8.10.0+1839+f1f156ae.i686.rpm rubygem-psych-debuginfo-0:3.0.2-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm rubygem-rake-0:12.3.3-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-rdoc-0:6.0.1.1-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygems-0:2.7.6.3-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygems-devel-0:2.7.6.3-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-test-unit-0:3.2.7-112.module+el8.10.0+1839+f1f156ae.noarch.rpm rubygem-xmlrpc-0:0.3.0-112.module+el8.10.0+1839+f1f156ae.noarch.rpm ruby-irb-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.noarch.rpm ruby-libs-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.i686.rpm ruby-libs-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm ruby-libs-debuginfo-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.i686.rpm ruby-libs-debuginfo-0:2.5.9-112.module+el8.10.0+1839+f1f156ae.x86_64.rpm