ELSA-2024-10858

ULN >
Oracle Linux Errata repository >
ELSA-2024-10858

ELSA-2024-10858 - ruby security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2024-12-10

Description

[3.0.7-163]
- Fix REXML ReDoS vulnerability. (CVE-2024-49761)
Resolves: rbhz#2322153

[3.0.7-162]
- Upgrade to Ruby 3.0.7.
Resolves: RHEL-35740
- Fix HTTP response splitting in CGI.
Resolves: RHEL-35741
- Fix ReDoS vulnerability in URI.
Resolves: RHEL-35742
- Fix ReDoS vulnerability in Time.
Resolves: RHEL-35743
- Fix buffer overread vulnerability in StringIO.
Resolves: RHEL-35744
- Fix RCE vulnerability with .rdoc_options in RDoc.
Resolves: RHEL-35746
- Fix arbitrary memory address read vulnerability with Regex search.
Resolves: RHEL-35747

[3.0.4-161]
- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS.
Resolves: RHEL-12724
- ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters
Related: RHEL-12724

[3.0.4-160]
- Bypass git submodule test failure on Git >= 2.38.1.
- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
- Fix for tzdata-2022g.
- Fix File.utime test.

Related CVEs

CVE-2024-49761

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	ruby-3.0.7-163.el9_5.src.rpm	3d3ab27dd8a51a336dbd9f105dafc83b	-	ol9_aarch64_appstream
	ruby-3.0.7-163.el9_5.src.rpm	3d3ab27dd8a51a336dbd9f105dafc83b	-	ol9_aarch64_codeready_builder
	ruby-3.0.7-163.el9_5.aarch64.rpm	832d33b7d3db0f9bf6b40b6958514732	-	ol9_aarch64_appstream
	ruby-default-gems-3.0.7-163.el9_5.noarch.rpm	ef55106fe6ba2346a984923ea6095f80	-	ol9_aarch64_appstream
	ruby-devel-3.0.7-163.el9_5.aarch64.rpm	4f684a66640092c9085ec17f4cc5659d	-	ol9_aarch64_appstream
	ruby-doc-3.0.7-163.el9_5.noarch.rpm	3cd77f5e12b4d83a580e5adfa6d7308b	-	ol9_aarch64_codeready_builder
	ruby-libs-3.0.7-163.el9_5.aarch64.rpm	eda08b89face79d21440c50bf4a4d886	-	ol9_aarch64_appstream
	rubygem-bigdecimal-3.0.0-163.el9_5.aarch64.rpm	cfc0c07f0d331072a9be2e43157d3523	-	ol9_aarch64_appstream
	rubygem-bundler-2.2.33-163.el9_5.noarch.rpm	6ad05e6ad577eb8c61eb3aeca4b677a0	-	ol9_aarch64_appstream
	rubygem-io-console-0.5.7-163.el9_5.aarch64.rpm	a5a1c5c169ef578f1c860a8dce94028a	-	ol9_aarch64_appstream
	rubygem-irb-1.3.5-163.el9_5.noarch.rpm	97d5352e8c428c636c9527b7519f8888	-	ol9_aarch64_appstream
	rubygem-json-2.5.1-163.el9_5.aarch64.rpm	2f883dcdbe9a6ea6fa1a93628aabb8a4	-	ol9_aarch64_appstream
	rubygem-minitest-5.14.2-163.el9_5.noarch.rpm	74b5874fe72fcecfa7e880c8018def69	-	ol9_aarch64_appstream
	rubygem-power_assert-1.2.1-163.el9_5.noarch.rpm	d6a4a1e8dbb35a4d50b2b4562d602bd2	-	ol9_aarch64_appstream
	rubygem-psych-3.3.2-163.el9_5.aarch64.rpm	7e7bd7bb30d673736c9f4fb568b2fd9f	-	ol9_aarch64_appstream
	rubygem-rake-13.0.3-163.el9_5.noarch.rpm	9e3b4ea3876aef69a17f7bb7c79bcbe9	-	ol9_aarch64_appstream
	rubygem-rbs-1.4.0-163.el9_5.noarch.rpm	d9828a92faf5298b100efdb6cd227379	-	ol9_aarch64_appstream
	rubygem-rdoc-6.3.4.1-163.el9_5.noarch.rpm	8dda3bf1538da78d453e122ac194b75f	-	ol9_aarch64_appstream
	rubygem-rexml-3.2.5-163.el9_5.noarch.rpm	b942a8209c08901ba23dabfc62002339	-	ol9_aarch64_appstream
	rubygem-rss-0.2.9-163.el9_5.noarch.rpm	9a6c5b4e392558861f045286fb1bebc3	-	ol9_aarch64_appstream
	rubygem-test-unit-3.3.7-163.el9_5.noarch.rpm	c7b1ff56c1e6a2b845fc8d4a63eb508e	-	ol9_aarch64_appstream
	rubygem-typeprof-0.15.2-163.el9_5.noarch.rpm	67ea21b7069fe07e04880288dd86ea6e	-	ol9_aarch64_appstream
	rubygems-3.2.33-163.el9_5.noarch.rpm	98b973ab5949ec624872619a2c75dc7c	-	ol9_aarch64_appstream
	rubygems-devel-3.2.33-163.el9_5.noarch.rpm	0acfd926c45bb425427d341670213824	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	ruby-3.0.7-163.el9_5.src.rpm	3d3ab27dd8a51a336dbd9f105dafc83b	-	ol9_x86_64_appstream
	ruby-3.0.7-163.el9_5.src.rpm	3d3ab27dd8a51a336dbd9f105dafc83b	-	ol9_x86_64_codeready_builder
	ruby-3.0.7-163.el9_5.i686.rpm	997dc08eae28958b87b672da89957f3a	-	ol9_x86_64_appstream
	ruby-3.0.7-163.el9_5.x86_64.rpm	44275879dd58b864848ffcce991abde1	-	ol9_x86_64_appstream
	ruby-default-gems-3.0.7-163.el9_5.noarch.rpm	ef55106fe6ba2346a984923ea6095f80	-	ol9_x86_64_appstream
	ruby-devel-3.0.7-163.el9_5.i686.rpm	9d3da1b41ff60159f3e2207888621099	-	ol9_x86_64_appstream
	ruby-devel-3.0.7-163.el9_5.x86_64.rpm	f5f5133fd96cd34f2bc9524947ad603c	-	ol9_x86_64_appstream
	ruby-doc-3.0.7-163.el9_5.noarch.rpm	3cd77f5e12b4d83a580e5adfa6d7308b	-	ol9_x86_64_codeready_builder
	ruby-libs-3.0.7-163.el9_5.i686.rpm	759fe688562872df03067e6ff419ea2e	-	ol9_x86_64_appstream
	ruby-libs-3.0.7-163.el9_5.x86_64.rpm	2995f88c3cd9a6b7e6d35699c0e400ea	-	ol9_x86_64_appstream
	rubygem-bigdecimal-3.0.0-163.el9_5.x86_64.rpm	8526a23cad9a7aba3a5a58aba6df0fd8	-	ol9_x86_64_appstream
	rubygem-bundler-2.2.33-163.el9_5.noarch.rpm	6ad05e6ad577eb8c61eb3aeca4b677a0	-	ol9_x86_64_appstream
	rubygem-io-console-0.5.7-163.el9_5.x86_64.rpm	4a605f1ebed6afef049fef3649177e87	-	ol9_x86_64_appstream
	rubygem-irb-1.3.5-163.el9_5.noarch.rpm	97d5352e8c428c636c9527b7519f8888	-	ol9_x86_64_appstream
	rubygem-json-2.5.1-163.el9_5.x86_64.rpm	365e6b33fab501bda873a09582d29d4c	-	ol9_x86_64_appstream
	rubygem-minitest-5.14.2-163.el9_5.noarch.rpm	74b5874fe72fcecfa7e880c8018def69	-	ol9_x86_64_appstream
	rubygem-power_assert-1.2.1-163.el9_5.noarch.rpm	d6a4a1e8dbb35a4d50b2b4562d602bd2	-	ol9_x86_64_appstream
	rubygem-psych-3.3.2-163.el9_5.x86_64.rpm	2e12533f7d59654b766a3483295bca62	-	ol9_x86_64_appstream
	rubygem-rake-13.0.3-163.el9_5.noarch.rpm	9e3b4ea3876aef69a17f7bb7c79bcbe9	-	ol9_x86_64_appstream
	rubygem-rbs-1.4.0-163.el9_5.noarch.rpm	d9828a92faf5298b100efdb6cd227379	-	ol9_x86_64_appstream
	rubygem-rdoc-6.3.4.1-163.el9_5.noarch.rpm	8dda3bf1538da78d453e122ac194b75f	-	ol9_x86_64_appstream
	rubygem-rexml-3.2.5-163.el9_5.noarch.rpm	b942a8209c08901ba23dabfc62002339	-	ol9_x86_64_appstream
	rubygem-rss-0.2.9-163.el9_5.noarch.rpm	9a6c5b4e392558861f045286fb1bebc3	-	ol9_x86_64_appstream
	rubygem-test-unit-3.3.7-163.el9_5.noarch.rpm	c7b1ff56c1e6a2b845fc8d4a63eb508e	-	ol9_x86_64_appstream
	rubygem-typeprof-0.15.2-163.el9_5.noarch.rpm	67ea21b7069fe07e04880288dd86ea6e	-	ol9_x86_64_appstream
	rubygems-3.2.33-163.el9_5.noarch.rpm	98b973ab5949ec624872619a2c75dc7c	-	ol9_x86_64_appstream
	rubygems-devel-3.2.33-163.el9_5.noarch.rpm	0acfd926c45bb425427d341670213824	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691