ELSA-2024-3838

ULN >
Oracle Linux Errata repository >
ELSA-2024-3838

ELSA-2024-3838 - ruby security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-06-13

Description

[3.0.7-162]
- Upgrade to Ruby 3.0.7.
Resolves: RHEL-35740
- Fix HTTP response splitting in CGI.
Resolves: RHEL-35741
- Fix ReDoS vulnerability in URI.
Resolves: RHEL-35742
- Fix ReDoS vulnerability in Time.
Resolves: RHEL-35743
- Fix buffer overread vulnerability in StringIO.
Resolves: RHEL-35744
- Fix RCE vulnerability with .rdoc_options in RDoc.
Resolves: RHEL-35746
- Fix arbitrary memory address read vulnerability with Regex search.
Resolves: RHEL-35747

[3.0.4-161]
- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS.
Resolves: RHEL-12724
- ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters
Related: RHEL-12724

[3.0.4-160]
- Bypass git submodule test failure on Git >= 2.38.1.
- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
- Fix for tzdata-2022g.
- Fix File.utime test.

[3.0.4-160]
- Upgrade to Ruby 3.0.4.
Resolves: rhbz#2096347
- OpenSSL test suite fixes due to disabled SHA1.
Resolves: rbhz#2107696
- Fix double free in Regexp compilation.
Resolves: CVE-2022-28738
- Fix buffer overrun in String-to-Float conversion.
Resolves: CVE-2022-28739

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	ruby-3.0.7-162.el9_4.src.rpm	9ec7485ca834bbe4bc77fdca26fcbafa	-	ol9_aarch64_appstream
	ruby-3.0.7-162.el9_4.src.rpm	9ec7485ca834bbe4bc77fdca26fcbafa	-	ol9_aarch64_codeready_builder
	ruby-3.0.7-162.el9_4.aarch64.rpm	1ad019863c4843d844d9419849d7fff2	-	ol9_aarch64_appstream
	ruby-default-gems-3.0.7-162.el9_4.noarch.rpm	be3897a69b25257998d8cc455d014b36	-	ol9_aarch64_appstream
	ruby-devel-3.0.7-162.el9_4.aarch64.rpm	c2fa13c43518a834d88f46bb748774f2	-	ol9_aarch64_appstream
	ruby-doc-3.0.7-162.el9_4.noarch.rpm	9978cf83b0b1be1c57a94135464ac1b1	-	ol9_aarch64_codeready_builder
	ruby-libs-3.0.7-162.el9_4.aarch64.rpm	b05a0291305347004efdd50623d45992	-	ol9_aarch64_appstream
	rubygem-bigdecimal-3.0.0-162.el9_4.aarch64.rpm	920b163eedd5018de436a04a5497ade3	-	ol9_aarch64_appstream
	rubygem-bundler-2.2.33-162.el9_4.noarch.rpm	336c2d9a8c00369ea094811586714690	-	ol9_aarch64_appstream
	rubygem-io-console-0.5.7-162.el9_4.aarch64.rpm	43d1ebfec9963ab1bf1b6f6ce3852286	-	ol9_aarch64_appstream
	rubygem-irb-1.3.5-162.el9_4.noarch.rpm	87f9cbaaba04b43ca22595f4dfba61af	-	ol9_aarch64_appstream
	rubygem-json-2.5.1-162.el9_4.aarch64.rpm	4fb6315621a025143ea9834af668e35c	-	ol9_aarch64_appstream
	rubygem-minitest-5.14.2-162.el9_4.noarch.rpm	68e8e503a93bd461c79cb9709030c196	-	ol9_aarch64_appstream
	rubygem-power_assert-1.2.1-162.el9_4.noarch.rpm	1f75269a13b7203e1f57386c49d55f8f	-	ol9_aarch64_appstream
	rubygem-psych-3.3.2-162.el9_4.aarch64.rpm	4904b52dd2114484824c3201aa97ce8a	-	ol9_aarch64_appstream
	rubygem-rake-13.0.3-162.el9_4.noarch.rpm	392d2d531e31a168a0c83acece01ad48	-	ol9_aarch64_appstream
	rubygem-rbs-1.4.0-162.el9_4.noarch.rpm	6251ac3f95d510add4d777cbf347b03a	-	ol9_aarch64_appstream
	rubygem-rdoc-6.3.4.1-162.el9_4.noarch.rpm	8f643f828258768218a1687087e3d2a6	-	ol9_aarch64_appstream
	rubygem-rexml-3.2.5-162.el9_4.noarch.rpm	20253d389a7b4d6334d5402c7948f9d1	-	ol9_aarch64_appstream
	rubygem-rss-0.2.9-162.el9_4.noarch.rpm	c7969e89a58eb2ed639134fdf9f53b85	-	ol9_aarch64_appstream
	rubygem-test-unit-3.3.7-162.el9_4.noarch.rpm	2ad61c8079638fdef566dab1e0726d52	-	ol9_aarch64_appstream
	rubygem-typeprof-0.15.2-162.el9_4.noarch.rpm	a98a12b994af42c47858db85636142dd	-	ol9_aarch64_appstream
	rubygems-3.2.33-162.el9_4.noarch.rpm	e4ab919b5819fd9fd65e4ecf27d7d367	-	ol9_aarch64_appstream
	rubygems-devel-3.2.33-162.el9_4.noarch.rpm	d5f19ebc32eea186bbc58de9ccf4da7f	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	ruby-3.0.7-162.el9_4.src.rpm	9ec7485ca834bbe4bc77fdca26fcbafa	-	ol9_x86_64_appstream
	ruby-3.0.7-162.el9_4.src.rpm	9ec7485ca834bbe4bc77fdca26fcbafa	-	ol9_x86_64_codeready_builder
	ruby-3.0.7-162.el9_4.i686.rpm	6811e922dd14035ff59e0c83ee165482	-	ol9_x86_64_appstream
	ruby-3.0.7-162.el9_4.x86_64.rpm	81230f4cae8cfc3a4f0e1d047bc73d86	-	ol9_x86_64_appstream
	ruby-default-gems-3.0.7-162.el9_4.noarch.rpm	be3897a69b25257998d8cc455d014b36	-	ol9_x86_64_appstream
	ruby-devel-3.0.7-162.el9_4.i686.rpm	3b9d002b4bebb0a7a4a8ce45397c440a	-	ol9_x86_64_appstream
	ruby-devel-3.0.7-162.el9_4.x86_64.rpm	3be067097a9cf2b6bb5b0b847d09a039	-	ol9_x86_64_appstream
	ruby-doc-3.0.7-162.el9_4.noarch.rpm	9978cf83b0b1be1c57a94135464ac1b1	-	ol9_x86_64_codeready_builder
	ruby-libs-3.0.7-162.el9_4.i686.rpm	4e07ec05cfb1ae29289373696bc87748	-	ol9_x86_64_appstream
	ruby-libs-3.0.7-162.el9_4.x86_64.rpm	ca023855bf4d0027f46bcba1bcc70625	-	ol9_x86_64_appstream
	rubygem-bigdecimal-3.0.0-162.el9_4.x86_64.rpm	7a6d55ae92ec6dcafa986a4f2c995b90	-	ol9_x86_64_appstream
	rubygem-bundler-2.2.33-162.el9_4.noarch.rpm	336c2d9a8c00369ea094811586714690	-	ol9_x86_64_appstream
	rubygem-io-console-0.5.7-162.el9_4.x86_64.rpm	8f011f917f742a94b79dbc072f2aa7a9	-	ol9_x86_64_appstream
	rubygem-irb-1.3.5-162.el9_4.noarch.rpm	87f9cbaaba04b43ca22595f4dfba61af	-	ol9_x86_64_appstream
	rubygem-json-2.5.1-162.el9_4.x86_64.rpm	53f500e1a14df5cefef1e51e06093833	-	ol9_x86_64_appstream
	rubygem-minitest-5.14.2-162.el9_4.noarch.rpm	68e8e503a93bd461c79cb9709030c196	-	ol9_x86_64_appstream
	rubygem-power_assert-1.2.1-162.el9_4.noarch.rpm	1f75269a13b7203e1f57386c49d55f8f	-	ol9_x86_64_appstream
	rubygem-psych-3.3.2-162.el9_4.x86_64.rpm	8727d370eabadba56fb85515b9ce630b	-	ol9_x86_64_appstream
	rubygem-rake-13.0.3-162.el9_4.noarch.rpm	392d2d531e31a168a0c83acece01ad48	-	ol9_x86_64_appstream
	rubygem-rbs-1.4.0-162.el9_4.noarch.rpm	6251ac3f95d510add4d777cbf347b03a	-	ol9_x86_64_appstream
	rubygem-rdoc-6.3.4.1-162.el9_4.noarch.rpm	8f643f828258768218a1687087e3d2a6	-	ol9_x86_64_appstream
	rubygem-rexml-3.2.5-162.el9_4.noarch.rpm	20253d389a7b4d6334d5402c7948f9d1	-	ol9_x86_64_appstream
	rubygem-rss-0.2.9-162.el9_4.noarch.rpm	c7969e89a58eb2ed639134fdf9f53b85	-	ol9_x86_64_appstream
	rubygem-test-unit-3.3.7-162.el9_4.noarch.rpm	2ad61c8079638fdef566dab1e0726d52	-	ol9_x86_64_appstream
	rubygem-typeprof-0.15.2-162.el9_4.noarch.rpm	a98a12b994af42c47858db85636142dd	-	ol9_x86_64_appstream
	rubygems-3.2.33-162.el9_4.noarch.rpm	e4ab919b5819fd9fd65e4ecf27d7d367	-	ol9_x86_64_appstream
	rubygems-devel-3.2.33-162.el9_4.noarch.rpm	d5f19ebc32eea186bbc58de9ccf4da7f	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691