ELSA-2024-3838

ULN >
Oracle Linux Errata repository >
ELSA-2024-3838

ELSA-2024-3838 - ruby security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-06-13

Description

[3.0.7-162]
- Upgrade to Ruby 3.0.7.
Resolves: RHEL-35740
- Fix HTTP response splitting in CGI.
Resolves: RHEL-35741
- Fix ReDoS vulnerability in URI.
Resolves: RHEL-35742
- Fix ReDoS vulnerability in Time.
Resolves: RHEL-35743
- Fix buffer overread vulnerability in StringIO.
Resolves: RHEL-35744
- Fix RCE vulnerability with .rdoc_options in RDoc.
Resolves: RHEL-35746
- Fix arbitrary memory address read vulnerability with Regex search.
Resolves: RHEL-35747

[3.0.4-161]
- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS.
Resolves: RHEL-12724
- ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters
Related: RHEL-12724

[3.0.4-160]
- Bypass git submodule test failure on Git >= 2.38.1.
- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
- Fix for tzdata-2022g.
- Fix File.utime test.

[3.0.4-160]
- Upgrade to Ruby 3.0.4.
Resolves: rhbz#2096347
- OpenSSL test suite fixes due to disabled SHA1.
Resolves: rbhz#2107696
- Fix double free in Regexp compilation.
Resolves: CVE-2022-28738
- Fix buffer overrun in String-to-Float conversion.
Resolves: CVE-2022-28739

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	ruby-3.0.7-162.el9_4.src.rpm	9eb197c3ea89ea6d0bc30f6270d010ea52913c24ad6b8489825e19fb3b2c5543	-	ol9_aarch64_appstream
	ruby-3.0.7-162.el9_4.src.rpm	9eb197c3ea89ea6d0bc30f6270d010ea52913c24ad6b8489825e19fb3b2c5543	-	ol9_aarch64_codeready_builder
	ruby-3.0.7-162.el9_4.aarch64.rpm	36c574983094f3867747fe937e047403869901deeca91b768b15558dc56292da	-	ol9_aarch64_appstream
	ruby-default-gems-3.0.7-162.el9_4.noarch.rpm	5007191b82cd34948472c0a0f29e25bf1357044411fce9c8cbccc4489fe07466	-	ol9_aarch64_appstream
	ruby-devel-3.0.7-162.el9_4.aarch64.rpm	0ebbd216017e25f30b12a83897e43126e3fc184d6349f3e4b01dff91bbed4981	-	ol9_aarch64_appstream
	ruby-doc-3.0.7-162.el9_4.noarch.rpm	978a941f7a5e6e10cf5c0a21ba04dc6da165be1e239390cfa49897b2ed0d1564	-	ol9_aarch64_codeready_builder
	ruby-libs-3.0.7-162.el9_4.aarch64.rpm	a42b2e96c44e4055368f64418a107bf67631dc5c71023997ee5d03225f7de79b	-	ol9_aarch64_appstream
	rubygem-bigdecimal-3.0.0-162.el9_4.aarch64.rpm	8c1f0e65554f22b386ea90120e5aa740371af73490f5ed7f4e03d75314fdbe49	-	ol9_aarch64_appstream
	rubygem-bundler-2.2.33-162.el9_4.noarch.rpm	e22690e6f03361aa207ea2f4b14faab91f80ccdff5a14e7885f18f68d4dff0eb	-	ol9_aarch64_appstream
	rubygem-io-console-0.5.7-162.el9_4.aarch64.rpm	5823b2009c0a0babeec4af87cc12c07e1c4d1c3d448060e3c07682b9a738abd4	-	ol9_aarch64_appstream
	rubygem-irb-1.3.5-162.el9_4.noarch.rpm	4d03ae89c1dade5cb3ecebcc84946149a0f0b38759e1ce6c06ca9447494a1b73	-	ol9_aarch64_appstream
	rubygem-json-2.5.1-162.el9_4.aarch64.rpm	a54ed38f7b807854b7c8e58d1464058de948b57795707ca9d5eae7eb9f424ce4	-	ol9_aarch64_appstream
	rubygem-minitest-5.14.2-162.el9_4.noarch.rpm	065fc1267f35ef647dbbfd8dc0ec8936944ea093b17a8f250abf50e760f9a9b6	-	ol9_aarch64_appstream
	rubygem-power_assert-1.2.1-162.el9_4.noarch.rpm	1652297ac540c7f98c87f6baf6dbf50660c7a8670ffc6b13fa2f9715c3ee8990	-	ol9_aarch64_appstream
	rubygem-psych-3.3.2-162.el9_4.aarch64.rpm	5bef4585160ddf937a1244ecc20f9cfc651e41f4b430b6c856cc59f353ca4e0d	-	ol9_aarch64_appstream
	rubygem-rake-13.0.3-162.el9_4.noarch.rpm	aadc389ca4c0c8f936bf4a971700dc99f42b2d8227178ba3c1d05db38835269b	-	ol9_aarch64_appstream
	rubygem-rbs-1.4.0-162.el9_4.noarch.rpm	15111e609da8441837739696bbfe7f018e2ff9565f941b1a6ba2d148ddf30529	-	ol9_aarch64_appstream
	rubygem-rdoc-6.3.4.1-162.el9_4.noarch.rpm	7ead557b18a6121ca9c2772b2d89562844dc60cd4e23f8108f5c647561110f05	-	ol9_aarch64_appstream
	rubygem-rexml-3.2.5-162.el9_4.noarch.rpm	a274fec9d7afe7aaa86d354eb95a1717fc251296262f452ea8c20b5b11561851	-	ol9_aarch64_appstream
	rubygem-rss-0.2.9-162.el9_4.noarch.rpm	2a9fe144163201ab3424deed9a675c050015db35f928e3671931c89e406fbd3b	-	ol9_aarch64_appstream
	rubygem-test-unit-3.3.7-162.el9_4.noarch.rpm	2c8e82ef8bd5c827812c657be22d5b12e85835da576e03e647af7dd1c211549c	-	ol9_aarch64_appstream
	rubygem-typeprof-0.15.2-162.el9_4.noarch.rpm	9c11b56ae3e9d4bc6b16320369ee5442ab2a457e6a27156df9788236db00cbbb	-	ol9_aarch64_appstream
	rubygems-3.2.33-162.el9_4.noarch.rpm	a276edf1890618164cd51e5b11d1be95642af16a49ebb910565f06da71c95d1f	-	ol9_aarch64_appstream
	rubygems-devel-3.2.33-162.el9_4.noarch.rpm	b8bb643eafe9c80db57c64aa382f904e6afa83e92f741dc13217a999bfa86717	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	ruby-3.0.7-162.el9_4.src.rpm	9eb197c3ea89ea6d0bc30f6270d010ea52913c24ad6b8489825e19fb3b2c5543	-	ol9_x86_64_appstream
	ruby-3.0.7-162.el9_4.src.rpm	9eb197c3ea89ea6d0bc30f6270d010ea52913c24ad6b8489825e19fb3b2c5543	-	ol9_x86_64_codeready_builder
	ruby-3.0.7-162.el9_4.i686.rpm	44581411b98dc000bc912fc30590e7779cca30c0a03e7ad3686cdea2e869d23f	-	ol9_x86_64_appstream
	ruby-3.0.7-162.el9_4.x86_64.rpm	0853371719ede431e7ffa75f8e2d1ee5c8c6005ea444b0fcbd45ca83832fd4c2	-	ol9_x86_64_appstream
	ruby-default-gems-3.0.7-162.el9_4.noarch.rpm	5007191b82cd34948472c0a0f29e25bf1357044411fce9c8cbccc4489fe07466	-	ol9_x86_64_appstream
	ruby-devel-3.0.7-162.el9_4.i686.rpm	8bf8601ad9ec068754fd8671715833b1a71154bed2745d2fb0c3aa5073d61b64	-	ol9_x86_64_appstream
	ruby-devel-3.0.7-162.el9_4.x86_64.rpm	dc74ab6144ded8f4c04d4b8d06d0dd148e67eeb252e76e90799b291094ace1fe	-	ol9_x86_64_appstream
	ruby-doc-3.0.7-162.el9_4.noarch.rpm	978a941f7a5e6e10cf5c0a21ba04dc6da165be1e239390cfa49897b2ed0d1564	-	ol9_x86_64_codeready_builder
	ruby-libs-3.0.7-162.el9_4.i686.rpm	6be678e82d2f6f41e7b6b203ade73a5c7cd2b61244c93db9c38ae591056f6da8	-	ol9_x86_64_appstream
	ruby-libs-3.0.7-162.el9_4.x86_64.rpm	f0bb65182bb46bd13c4f513fe116928f8b95eea13899f791e40f2f103a879cf3	-	ol9_x86_64_appstream
	rubygem-bigdecimal-3.0.0-162.el9_4.x86_64.rpm	69848c4332e5fcc914a42c5ef96de650901834af9bf8b745173b762926f34197	-	ol9_x86_64_appstream
	rubygem-bundler-2.2.33-162.el9_4.noarch.rpm	e22690e6f03361aa207ea2f4b14faab91f80ccdff5a14e7885f18f68d4dff0eb	-	ol9_x86_64_appstream
	rubygem-io-console-0.5.7-162.el9_4.x86_64.rpm	5d8487bdf4e43343e13a95491b58f575e411273459627fc8fd49fc21b5e5235b	-	ol9_x86_64_appstream
	rubygem-irb-1.3.5-162.el9_4.noarch.rpm	4d03ae89c1dade5cb3ecebcc84946149a0f0b38759e1ce6c06ca9447494a1b73	-	ol9_x86_64_appstream
	rubygem-json-2.5.1-162.el9_4.x86_64.rpm	eb0b2f03b765f7ee45fd826b3f7f4267fb369746e09afe7a0c1c40352ce26f91	-	ol9_x86_64_appstream
	rubygem-minitest-5.14.2-162.el9_4.noarch.rpm	065fc1267f35ef647dbbfd8dc0ec8936944ea093b17a8f250abf50e760f9a9b6	-	ol9_x86_64_appstream
	rubygem-power_assert-1.2.1-162.el9_4.noarch.rpm	1652297ac540c7f98c87f6baf6dbf50660c7a8670ffc6b13fa2f9715c3ee8990	-	ol9_x86_64_appstream
	rubygem-psych-3.3.2-162.el9_4.x86_64.rpm	6a08455e1151cdccb8cdf3aea6f1f183912870f31ff06d2c54b0c652241144e1	-	ol9_x86_64_appstream
	rubygem-rake-13.0.3-162.el9_4.noarch.rpm	aadc389ca4c0c8f936bf4a971700dc99f42b2d8227178ba3c1d05db38835269b	-	ol9_x86_64_appstream
	rubygem-rbs-1.4.0-162.el9_4.noarch.rpm	15111e609da8441837739696bbfe7f018e2ff9565f941b1a6ba2d148ddf30529	-	ol9_x86_64_appstream
	rubygem-rdoc-6.3.4.1-162.el9_4.noarch.rpm	7ead557b18a6121ca9c2772b2d89562844dc60cd4e23f8108f5c647561110f05	-	ol9_x86_64_appstream
	rubygem-rexml-3.2.5-162.el9_4.noarch.rpm	a274fec9d7afe7aaa86d354eb95a1717fc251296262f452ea8c20b5b11561851	-	ol9_x86_64_appstream
	rubygem-rss-0.2.9-162.el9_4.noarch.rpm	2a9fe144163201ab3424deed9a675c050015db35f928e3671931c89e406fbd3b	-	ol9_x86_64_appstream
	rubygem-test-unit-3.3.7-162.el9_4.noarch.rpm	2c8e82ef8bd5c827812c657be22d5b12e85835da576e03e647af7dd1c211549c	-	ol9_x86_64_appstream
	rubygem-typeprof-0.15.2-162.el9_4.noarch.rpm	9c11b56ae3e9d4bc6b16320369ee5442ab2a457e6a27156df9788236db00cbbb	-	ol9_x86_64_appstream
	rubygems-3.2.33-162.el9_4.noarch.rpm	a276edf1890618164cd51e5b11d1be95642af16a49ebb910565f06da71c95d1f	-	ol9_x86_64_appstream
	rubygems-devel-3.2.33-162.el9_4.noarch.rpm	b8bb643eafe9c80db57c64aa382f904e6afa83e92f741dc13217a999bfa86717	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691