ELSA-2024-10858

ULN >
Oracle Linux Errata repository >
ELSA-2024-10858

ELSA-2024-10858 - ruby security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2024-12-10

Description

[3.0.7-163]
- Fix REXML ReDoS vulnerability. (CVE-2024-49761)
Resolves: rbhz#2322153

[3.0.7-162]
- Upgrade to Ruby 3.0.7.
Resolves: RHEL-35740
- Fix HTTP response splitting in CGI.
Resolves: RHEL-35741
- Fix ReDoS vulnerability in URI.
Resolves: RHEL-35742
- Fix ReDoS vulnerability in Time.
Resolves: RHEL-35743
- Fix buffer overread vulnerability in StringIO.
Resolves: RHEL-35744
- Fix RCE vulnerability with .rdoc_options in RDoc.
Resolves: RHEL-35746
- Fix arbitrary memory address read vulnerability with Regex search.
Resolves: RHEL-35747

[3.0.4-161]
- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS.
Resolves: RHEL-12724
- ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters
Related: RHEL-12724

[3.0.4-160]
- Bypass git submodule test failure on Git >= 2.38.1.
- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
- Fix for tzdata-2022g.
- Fix File.utime test.

Related CVEs

CVE-2024-49761

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	ruby-3.0.7-163.el9_5.src.rpm	56407dd9aea0738957972f8d44536ca6bf6402cb48603424afdc3306bba1caa5	-	ol9_aarch64_appstream
	ruby-3.0.7-163.el9_5.src.rpm	56407dd9aea0738957972f8d44536ca6bf6402cb48603424afdc3306bba1caa5	-	ol9_aarch64_codeready_builder
	ruby-3.0.7-163.el9_5.aarch64.rpm	55080fc9b2f83982cb007a08a4ce10700fb72c923b861f803a441f30857620d5	-	ol9_aarch64_appstream
	ruby-default-gems-3.0.7-163.el9_5.noarch.rpm	ec96d486f5c6b0b7ff5117e931a6cfa970d170b46545e099dfe628656320f277	-	ol9_aarch64_appstream
	ruby-devel-3.0.7-163.el9_5.aarch64.rpm	f29202d3721619dfb19935c3b271555920fb247331a9308c2b84eebeba902bf3	-	ol9_aarch64_appstream
	ruby-doc-3.0.7-163.el9_5.noarch.rpm	2ae2255a6bbd2c256869cd75911a7ef706fb91592c18e14099530ecf921f501d	-	ol9_aarch64_codeready_builder
	ruby-libs-3.0.7-163.el9_5.aarch64.rpm	992384c799953d1d578ae78a94681226af55c24269d68b603d511368d44e35d1	-	ol9_aarch64_appstream
	rubygem-bigdecimal-3.0.0-163.el9_5.aarch64.rpm	ae320dee135b3aab22d58aa9d8b3be773eac9ac09551e40557d32e645c6bf858	-	ol9_aarch64_appstream
	rubygem-bundler-2.2.33-163.el9_5.noarch.rpm	592831e163ee702ecfd71010721c9302d22637a39046a4629bb88132085abd51	-	ol9_aarch64_appstream
	rubygem-io-console-0.5.7-163.el9_5.aarch64.rpm	ef16417580d75686e0a7062a77b8c910367b41531e25b2201d0ccea8a6059971	-	ol9_aarch64_appstream
	rubygem-irb-1.3.5-163.el9_5.noarch.rpm	6970cff51e9b3b7f1e43b65162c3574390ceeb46ee893d4b303c7e9d429dc729	-	ol9_aarch64_appstream
	rubygem-json-2.5.1-163.el9_5.aarch64.rpm	efddfe6bcca17e06fa06bcba85f76e3f9f122520b9c2a5dea3f6f9eee34058cf	-	ol9_aarch64_appstream
	rubygem-minitest-5.14.2-163.el9_5.noarch.rpm	3f44016077a675010c34206e8d20cbc4b635ca8ce76adc29ee064ef5567189ff	-	ol9_aarch64_appstream
	rubygem-power_assert-1.2.1-163.el9_5.noarch.rpm	d9104e723b1a0f43d28be5a2c396c007191f7031faa05ea4a8b7a414ec229eb1	-	ol9_aarch64_appstream
	rubygem-psych-3.3.2-163.el9_5.aarch64.rpm	cc8d57bad2d679d69352d1e9c015c93b0d1aa5fd732f3131705c2f80f6c9ab84	-	ol9_aarch64_appstream
	rubygem-rake-13.0.3-163.el9_5.noarch.rpm	0b2039799c6648ce2a222c5c65e4985e69811b290e41e41ee784b98e9f308a95	-	ol9_aarch64_appstream
	rubygem-rbs-1.4.0-163.el9_5.noarch.rpm	8fd76f52e01a9396bc344f00e57fe2055545fc7723f2d73f61c81d03f81bed67	-	ol9_aarch64_appstream
	rubygem-rdoc-6.3.4.1-163.el9_5.noarch.rpm	4a6e223646804d88178b142ea59f59b76bc5864f95aec2cde4b1b78dddcbc2fd	-	ol9_aarch64_appstream
	rubygem-rexml-3.2.5-163.el9_5.noarch.rpm	c3d63a8c04937d07fc8552c5decdb26cc32a9ed4db6b3bb86019f84e2e9b8124	-	ol9_aarch64_appstream
	rubygem-rss-0.2.9-163.el9_5.noarch.rpm	d6c79127e3622d84871f6d758206cdc0131a2e29d2ceab5bdb41377f77d0f61a	-	ol9_aarch64_appstream
	rubygem-test-unit-3.3.7-163.el9_5.noarch.rpm	acca627d19e9822f0ea2a05697f60c85fc31ee6ca431707e6d43d8b0f1753e05	-	ol9_aarch64_appstream
	rubygem-typeprof-0.15.2-163.el9_5.noarch.rpm	faa37ac05244020c8da2da70bd494c8e5a6eb1d167823a354d5964cd04d5f91a	-	ol9_aarch64_appstream
	rubygems-3.2.33-163.el9_5.noarch.rpm	1f4066aa5ea529ac67b05d61ac53c5454df29e15bb7e817ca9cabaf742f539ac	-	ol9_aarch64_appstream
	rubygems-devel-3.2.33-163.el9_5.noarch.rpm	e70ee3df5e9d15e36934f8d5d272ccc8d9264597261cd77a6d1b9a2d78901ed7	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	ruby-3.0.7-163.el9_5.src.rpm	56407dd9aea0738957972f8d44536ca6bf6402cb48603424afdc3306bba1caa5	-	ol9_x86_64_appstream
	ruby-3.0.7-163.el9_5.src.rpm	56407dd9aea0738957972f8d44536ca6bf6402cb48603424afdc3306bba1caa5	-	ol9_x86_64_codeready_builder
	ruby-3.0.7-163.el9_5.i686.rpm	0a5671cde80ede91ea2481d521b114b0a923600be37eafee2da4ef762754f168	-	ol9_x86_64_appstream
	ruby-3.0.7-163.el9_5.x86_64.rpm	4bb0bbc4b96eff16a589237092d00e1e17c4f6e80867dfad1f0aa103290968ee	-	ol9_x86_64_appstream
	ruby-default-gems-3.0.7-163.el9_5.noarch.rpm	ec96d486f5c6b0b7ff5117e931a6cfa970d170b46545e099dfe628656320f277	-	ol9_x86_64_appstream
	ruby-devel-3.0.7-163.el9_5.i686.rpm	1d1ed4b9ff7f45669ecf77473c378cf13a25bda9894dde0de9e172aeb57cb93d	-	ol9_x86_64_appstream
	ruby-devel-3.0.7-163.el9_5.x86_64.rpm	8e08a37e28de0a6c01a7eb5ea9c95fd83fdbc1115369e8315d90e379357bc15e	-	ol9_x86_64_appstream
	ruby-doc-3.0.7-163.el9_5.noarch.rpm	2ae2255a6bbd2c256869cd75911a7ef706fb91592c18e14099530ecf921f501d	-	ol9_x86_64_codeready_builder
	ruby-libs-3.0.7-163.el9_5.i686.rpm	aec0fee0111f6bbd295bdb535a657debe467e8e5482992bc525261741935ffc1	-	ol9_x86_64_appstream
	ruby-libs-3.0.7-163.el9_5.x86_64.rpm	34a700a243b08b109aa8f801f254cc43b04863299647d4ff79cce9d37c9f1f82	-	ol9_x86_64_appstream
	rubygem-bigdecimal-3.0.0-163.el9_5.x86_64.rpm	95598cf13b4d1a7a8f3f28e81f2da910d27a18919adf6272dff6f4749884b3e4	-	ol9_x86_64_appstream
	rubygem-bundler-2.2.33-163.el9_5.noarch.rpm	592831e163ee702ecfd71010721c9302d22637a39046a4629bb88132085abd51	-	ol9_x86_64_appstream
	rubygem-io-console-0.5.7-163.el9_5.x86_64.rpm	f665005ebbbb72dae70377c47b3f107934df8f12d90a556421697adbe7ccaa8c	-	ol9_x86_64_appstream
	rubygem-irb-1.3.5-163.el9_5.noarch.rpm	6970cff51e9b3b7f1e43b65162c3574390ceeb46ee893d4b303c7e9d429dc729	-	ol9_x86_64_appstream
	rubygem-json-2.5.1-163.el9_5.x86_64.rpm	51233c85aeb32bcd876a3cec8cd36d0e5dd23017cd8fac23706f9f864de3a1d2	-	ol9_x86_64_appstream
	rubygem-minitest-5.14.2-163.el9_5.noarch.rpm	3f44016077a675010c34206e8d20cbc4b635ca8ce76adc29ee064ef5567189ff	-	ol9_x86_64_appstream
	rubygem-power_assert-1.2.1-163.el9_5.noarch.rpm	d9104e723b1a0f43d28be5a2c396c007191f7031faa05ea4a8b7a414ec229eb1	-	ol9_x86_64_appstream
	rubygem-psych-3.3.2-163.el9_5.x86_64.rpm	467a2d4bbb2e70557bd86c8dab8b55a99143ce9f00e79c4608c5288dea6f0eba	-	ol9_x86_64_appstream
	rubygem-rake-13.0.3-163.el9_5.noarch.rpm	0b2039799c6648ce2a222c5c65e4985e69811b290e41e41ee784b98e9f308a95	-	ol9_x86_64_appstream
	rubygem-rbs-1.4.0-163.el9_5.noarch.rpm	8fd76f52e01a9396bc344f00e57fe2055545fc7723f2d73f61c81d03f81bed67	-	ol9_x86_64_appstream
	rubygem-rdoc-6.3.4.1-163.el9_5.noarch.rpm	4a6e223646804d88178b142ea59f59b76bc5864f95aec2cde4b1b78dddcbc2fd	-	ol9_x86_64_appstream
	rubygem-rexml-3.2.5-163.el9_5.noarch.rpm	c3d63a8c04937d07fc8552c5decdb26cc32a9ed4db6b3bb86019f84e2e9b8124	-	ol9_x86_64_appstream
	rubygem-rss-0.2.9-163.el9_5.noarch.rpm	d6c79127e3622d84871f6d758206cdc0131a2e29d2ceab5bdb41377f77d0f61a	-	ol9_x86_64_appstream
	rubygem-test-unit-3.3.7-163.el9_5.noarch.rpm	acca627d19e9822f0ea2a05697f60c85fc31ee6ca431707e6d43d8b0f1753e05	-	ol9_x86_64_appstream
	rubygem-typeprof-0.15.2-163.el9_5.noarch.rpm	faa37ac05244020c8da2da70bd494c8e5a6eb1d167823a354d5964cd04d5f91a	-	ol9_x86_64_appstream
	rubygems-3.2.33-163.el9_5.noarch.rpm	1f4066aa5ea529ac67b05d61ac53c5454df29e15bb7e817ca9cabaf742f539ac	-	ol9_x86_64_appstream
	rubygems-devel-3.2.33-163.el9_5.noarch.rpm	e70ee3df5e9d15e36934f8d5d272ccc8d9264597261cd77a6d1b9a2d78901ed7	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691