ALSA-2024:3500
- Source
- https://errata.almalinux.org/8/ALSA-2024-3500.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3500.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2024:3500
- Related
- Published
- 2024-05-30T00:00:00Z
- Modified
- 2024-05-31T14:51:49Z
- Summary
- Moderate: ruby:3.0 security update
- Details
-
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
- ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)
- ruby: ReDoS vulnerability in URI (CVE-2023-28755)
- ruby: ReDoS vulnerability in Time (CVE-2023-28756)
- ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)
- ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)
- ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2024:3500
- https://access.redhat.com/security/cve/CVE-2021-33621
- https://access.redhat.com/security/cve/CVE-2023-28755
- https://access.redhat.com/security/cve/CVE-2023-28756
- https://access.redhat.com/security/cve/CVE-2024-27280
- https://access.redhat.com/security/cve/CVE-2024-27281
- https://access.redhat.com/security/cve/CVE-2024-27282
- https://bugzilla.redhat.com/2149706
- https://bugzilla.redhat.com/2184059
- https://bugzilla.redhat.com/2184061
- https://bugzilla.redhat.com/2270749
- https://bugzilla.redhat.com/2270750
- https://bugzilla.redhat.com/2276810
- https://errata.almalinux.org/8/ALSA-2024-3500.html
Affected packages
AlmaLinux:8 / ruby
Package
- Name
- ruby
AlmaLinux:8 / ruby-default-gems
Package
- Name
- ruby-default-gems
AlmaLinux:8 / ruby-devel
Package
- Name
- ruby-devel
AlmaLinux:8 / ruby-doc
Package
- Name
- ruby-doc
AlmaLinux:8 / ruby-libs
Package
- Name
- ruby-libs
AlmaLinux:8 / rubygem-abrt
Package
- Name
- rubygem-abrt
AlmaLinux:8 / rubygem-abrt-doc
Package
- Name
- rubygem-abrt-doc
AlmaLinux:8 / rubygem-bigdecimal
Package
- Name
- rubygem-bigdecimal
AlmaLinux:8 / rubygem-bundler
Package
- Name
- rubygem-bundler
AlmaLinux:8 / rubygem-io-console
Package
- Name
- rubygem-io-console
AlmaLinux:8 / rubygem-irb
Package
- Name
- rubygem-irb
AlmaLinux:8 / rubygem-json
Package
- Name
- rubygem-json
AlmaLinux:8 / rubygem-minitest
Package
- Name
- rubygem-minitest
AlmaLinux:8 / rubygem-mysql2
Package
- Name
- rubygem-mysql2
AlmaLinux:8 / rubygem-mysql2-doc
Package
- Name
- rubygem-mysql2-doc
AlmaLinux:8 / rubygem-pg
Package
- Name
- rubygem-pg
AlmaLinux:8 / rubygem-pg
Package
- Name
- rubygem-pg
AlmaLinux:8 / rubygem-pg
Package
- Name
- rubygem-pg
AlmaLinux:8 / rubygem-pg-doc
Package
- Name
- rubygem-pg-doc
AlmaLinux:8 / rubygem-pg-doc
Package
- Name
- rubygem-pg-doc
AlmaLinux:8 / rubygem-power_assert
Package
- Name
- rubygem-power_assert
AlmaLinux:8 / rubygem-psych
Package
- Name
- rubygem-psych
AlmaLinux:8 / rubygem-rake
Package
- Name
- rubygem-rake
AlmaLinux:8 / rubygem-rbs
Package
- Name
- rubygem-rbs
AlmaLinux:8 / rubygem-rdoc
Package
- Name
- rubygem-rdoc
AlmaLinux:8 / rubygem-rexml
Package
- Name
- rubygem-rexml
AlmaLinux:8 / rubygem-rss
Package
- Name
- rubygem-rss
AlmaLinux:8 / rubygem-test-unit
Package
- Name
- rubygem-test-unit
AlmaLinux:8 / rubygem-typeprof
Package
- Name
- rubygem-typeprof
AlmaLinux:8 / rubygems
Package
- Name
- rubygems