Headline
RHSA-2023:3291: Red Hat Security Advisory: rh-ruby27-ruby security, bug fix, and enhancement update
An update for rh-ruby27-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-33621: A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients.
- CVE-2023-28755: A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service (ReDoS).
- CVE-2023-28756: A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service (ReDoS).
概述
Moderate: rh-ruby27-ruby security, bug fix, and enhancement update
类型/严重性
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
标题
An update for rh-ruby27-ruby is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: rh-ruby27-ruby (2.7.8). (BZ#2149267)
Security Fix(es):
- ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)
- ruby: ReDoS vulnerability in URI (CVE-2023-28755)
- ruby: ReDoS vulnerability in Time (CVE-2023-28756)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
受影响的产品
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
修复
- BZ - 2149267 - rh-ruby27-ruby: Rebase to the latest Ruby 2.7 release [rhscl-3]
- BZ - 2149706 - CVE-2021-33621 ruby/cgi-gem: HTTP response splitting in CGI
- BZ - 2184059 - CVE-2023-28755 ruby: ReDoS vulnerability in URI
- BZ - 2184061 - CVE-2023-28756 ruby: ReDoS vulnerability in Time
CVE
- CVE-2021-33621
- CVE-2023-28755
- CVE-2023-28756
参考
- https://access.redhat.com/security/updates/classification/#moderate
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
SRPM
rh-ruby27-ruby-2.7.8-132.el7.src.rpm
SHA-256: 8e82606dd3a87aabeb3b239de017ecca3c0bd4bd8f986d75a724d8dd36f97eda
x86_64
rh-ruby27-ruby-2.7.8-132.el7.x86_64.rpm
SHA-256: 8bfd21dcc73ff4ce7b5f1e621cb80e8a7d8a86fe8a33d1c7d5958458bb5ddbcb
rh-ruby27-ruby-debuginfo-2.7.8-132.el7.x86_64.rpm
SHA-256: 78e6931662ae4f2391759b190da744fc30eca7b1772dc86f5e3a4ab1bf15eeae
rh-ruby27-ruby-devel-2.7.8-132.el7.x86_64.rpm
SHA-256: 98fa7b31ae358e28b97d0c0e5e09745a07765461311c4200e17ce707b460237a
rh-ruby27-ruby-doc-2.7.8-132.el7.noarch.rpm
SHA-256: 17eee08de0a43effd4b1d94e0409ab2aa3b9fdc906e24a669324d525c2e639ca
rh-ruby27-ruby-libs-2.7.8-132.el7.x86_64.rpm
SHA-256: 9d8192d102dc7188c9e15ffc4e6bea6c6289e15e5c849139e72e89580fe2e547
rh-ruby27-rubygem-bigdecimal-2.0.0-132.el7.x86_64.rpm
SHA-256: 3d4c7c8b105e3c800a46719f2ae75d903c67a0200b1f0eff340bb65aef4e01ec
rh-ruby27-rubygem-bundler-2.2.24-132.el7.noarch.rpm
SHA-256: 398c9b6dfbe709e155d9f5ca284620f30fd25f5804517494068c7d065c820c92
rh-ruby27-rubygem-did_you_mean-1.4.0-132.el7.noarch.rpm
SHA-256: 341e4076d0092a3f9578992849c227b869f935ae9b9879629e9a3a55a134550e
rh-ruby27-rubygem-io-console-0.5.6-132.el7.x86_64.rpm
SHA-256: b48682ccfbae0d996e53cc03a27e56608b6a1dda2c4746709a7d3fcee6c58301
rh-ruby27-rubygem-irb-1.2.6-132.el7.noarch.rpm
SHA-256: 05cb1f702f8319016abcc202c4eefd7bb417de9a33dd6343720f4ce4b1bef886
rh-ruby27-rubygem-json-2.3.0-132.el7.x86_64.rpm
SHA-256: f7ea702573acb6db2eb7025ce9edf7ed22bcaece0f04e65fdc817250d27e7f22
rh-ruby27-rubygem-minitest-5.13.0-132.el7.noarch.rpm
SHA-256: 296d8beefd6787cdad2fedc4c53637372c9c3e50a5ba5d3ac8be19f39b47b6a2
rh-ruby27-rubygem-net-telnet-0.2.0-132.el7.noarch.rpm
SHA-256: 85fcdb77046f4532accc956501fcec770ba1a6528fac50e2bd8ed1975c350205
rh-ruby27-rubygem-openssl-2.1.4-132.el7.x86_64.rpm
SHA-256: 2c82cecdf2502f4d05c829ed8acb89b42884f782152e28984ef8c268a53dc33d
rh-ruby27-rubygem-power_assert-1.1.7-132.el7.noarch.rpm
SHA-256: 2a3569d6812335b7cbb9afc8597f18ad498eedeb6f594937723f6e22aa1d092e
rh-ruby27-rubygem-psych-3.1.0-132.el7.x86_64.rpm
SHA-256: fc895db12a48ad8f7ca189ca1df56236df59efcb0d017bed14dcb9ee1e229420
rh-ruby27-rubygem-racc-1.4.16-132.el7.x86_64.rpm
SHA-256: 02e6478369ac3d33d1403caa978196c3da78f9d7c1585c33214be110cfb86ba1
rh-ruby27-rubygem-rake-13.0.1-132.el7.noarch.rpm
SHA-256: a70c18bda144fd2c9fd70c90a33f1f4fae7f917b9a24d522b015683b40da8d2d
rh-ruby27-rubygem-rdoc-6.2.1.1-132.el7.noarch.rpm
SHA-256: 26bbbd9d8c6fa4e7df4635973066ad8abfa6fc102f13dfb14f7bc4e12076abb5
rh-ruby27-rubygem-test-unit-3.3.4-132.el7.noarch.rpm
SHA-256: baf719253cae48397f2074b57ede4e1e9143519c213fcccfb3f7178c50a810bf
rh-ruby27-rubygem-xmlrpc-0.3.0-132.el7.noarch.rpm
SHA-256: 1a264b76decabb072c6e890c675c6d18f927e3270f9d1eb4572ce1fb290d5dff
rh-ruby27-rubygems-3.1.6-132.el7.noarch.rpm
SHA-256: 6a02904f9889049ce1ff682df59b3c36c1d2f65463384aa83846bdeac7368c20
rh-ruby27-rubygems-devel-3.1.6-132.el7.noarch.rpm
SHA-256: a5d35f596b53c867dd8bde5531f42f433c7e1fde8bba8c34de01cd657ea4c935
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7
SRPM
rh-ruby27-ruby-2.7.8-132.el7.src.rpm
SHA-256: 8e82606dd3a87aabeb3b239de017ecca3c0bd4bd8f986d75a724d8dd36f97eda
s390x
rh-ruby27-ruby-2.7.8-132.el7.s390x.rpm
SHA-256: 7b0fca89a8792690587545a5f6049432abbec8cdedf1b645db429ee8fcf4aded
rh-ruby27-ruby-debuginfo-2.7.8-132.el7.s390x.rpm
SHA-256: 661d70358f34c407f427de74c382d1ed2386fccbbd9f5f0924549429345c7e91
rh-ruby27-ruby-devel-2.7.8-132.el7.s390x.rpm
SHA-256: 944e237eb97a2835eec5f54bcd8bf08f08527c473460e4b9d95093b997e4b31d
rh-ruby27-ruby-doc-2.7.8-132.el7.noarch.rpm
SHA-256: 17eee08de0a43effd4b1d94e0409ab2aa3b9fdc906e24a669324d525c2e639ca
rh-ruby27-ruby-libs-2.7.8-132.el7.s390x.rpm
SHA-256: 7d716960f3989ca36ba739ada7898756411fb5f90008de1460557d8c6b54c6a5
rh-ruby27-rubygem-bigdecimal-2.0.0-132.el7.s390x.rpm
SHA-256: 3e6aa2b39da08254e4ca53bcd718753e194fbed512ff0af911094337667ea410
rh-ruby27-rubygem-bundler-2.2.24-132.el7.noarch.rpm
SHA-256: 398c9b6dfbe709e155d9f5ca284620f30fd25f5804517494068c7d065c820c92
rh-ruby27-rubygem-did_you_mean-1.4.0-132.el7.noarch.rpm
SHA-256: 341e4076d0092a3f9578992849c227b869f935ae9b9879629e9a3a55a134550e
rh-ruby27-rubygem-io-console-0.5.6-132.el7.s390x.rpm
SHA-256: 9da03c1f8eb08084e329f0fcbf3a31bb8886409162b41ce9d238b704f05b5262
rh-ruby27-rubygem-irb-1.2.6-132.el7.noarch.rpm
SHA-256: 05cb1f702f8319016abcc202c4eefd7bb417de9a33dd6343720f4ce4b1bef886
rh-ruby27-rubygem-json-2.3.0-132.el7.s390x.rpm
SHA-256: 9f9dae7ba7a4129abfd59d645a05c99e89843673d80669341f136a0c9e979188
rh-ruby27-rubygem-minitest-5.13.0-132.el7.noarch.rpm
SHA-256: 296d8beefd6787cdad2fedc4c53637372c9c3e50a5ba5d3ac8be19f39b47b6a2
rh-ruby27-rubygem-net-telnet-0.2.0-132.el7.noarch.rpm
SHA-256: 85fcdb77046f4532accc956501fcec770ba1a6528fac50e2bd8ed1975c350205
rh-ruby27-rubygem-openssl-2.1.4-132.el7.s390x.rpm
SHA-256: a0823a4e6595e683e467b81bf229850b39226288c0e9047e66f2081ad1cd7a67
rh-ruby27-rubygem-power_assert-1.1.7-132.el7.noarch.rpm
SHA-256: 2a3569d6812335b7cbb9afc8597f18ad498eedeb6f594937723f6e22aa1d092e
rh-ruby27-rubygem-psych-3.1.0-132.el7.s390x.rpm
SHA-256: 7d7c9ed0c0b4a8f0b393ad164cc016d18caba108e1baad6b36693421881caca7
rh-ruby27-rubygem-racc-1.4.16-132.el7.s390x.rpm
SHA-256: 47966b002fea7b1db70538b19e59d7da73e7dcc86d62ff9bfbfc4d517fa6faeb
rh-ruby27-rubygem-rake-13.0.1-132.el7.noarch.rpm
SHA-256: a70c18bda144fd2c9fd70c90a33f1f4fae7f917b9a24d522b015683b40da8d2d
rh-ruby27-rubygem-rdoc-6.2.1.1-132.el7.noarch.rpm
SHA-256: 26bbbd9d8c6fa4e7df4635973066ad8abfa6fc102f13dfb14f7bc4e12076abb5
rh-ruby27-rubygem-test-unit-3.3.4-132.el7.noarch.rpm
SHA-256: baf719253cae48397f2074b57ede4e1e9143519c213fcccfb3f7178c50a810bf
rh-ruby27-rubygem-xmlrpc-0.3.0-132.el7.noarch.rpm
SHA-256: 1a264b76decabb072c6e890c675c6d18f927e3270f9d1eb4572ce1fb290d5dff
rh-ruby27-rubygems-3.1.6-132.el7.noarch.rpm
SHA-256: 6a02904f9889049ce1ff682df59b3c36c1d2f65463384aa83846bdeac7368c20
rh-ruby27-rubygems-devel-3.1.6-132.el7.noarch.rpm
SHA-256: a5d35f596b53c867dd8bde5531f42f433c7e1fde8bba8c34de01cd657ea4c935
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7
SRPM
rh-ruby27-ruby-2.7.8-132.el7.src.rpm
SHA-256: 8e82606dd3a87aabeb3b239de017ecca3c0bd4bd8f986d75a724d8dd36f97eda
ppc64le
rh-ruby27-ruby-2.7.8-132.el7.ppc64le.rpm
SHA-256: 056d89d6526ba226875064fcfa3f2702e73207240c864515d1917843ba3b6ab7
rh-ruby27-ruby-debuginfo-2.7.8-132.el7.ppc64le.rpm
SHA-256: d2cf0a956a2eab76d44ae746dfb71ccc56f7949c936418312fa493921ae40ce6
rh-ruby27-ruby-devel-2.7.8-132.el7.ppc64le.rpm
SHA-256: 695caa9e131632059d24b4102934f34d2ad573f46fc5332f1aa1acb0f51d51fd
rh-ruby27-ruby-doc-2.7.8-132.el7.noarch.rpm
SHA-256: 17eee08de0a43effd4b1d94e0409ab2aa3b9fdc906e24a669324d525c2e639ca
rh-ruby27-ruby-libs-2.7.8-132.el7.ppc64le.rpm
SHA-256: ec11a188abceecf3ce9544f707996d6681630d5756c8539cafaf65e90c6b124e
rh-ruby27-rubygem-bigdecimal-2.0.0-132.el7.ppc64le.rpm
SHA-256: d1e01969c33d6ece3aba7cccc73c5a385303cc2d4b9835e5f64c4c09c28d7113
rh-ruby27-rubygem-bundler-2.2.24-132.el7.noarch.rpm
SHA-256: 398c9b6dfbe709e155d9f5ca284620f30fd25f5804517494068c7d065c820c92
rh-ruby27-rubygem-did_you_mean-1.4.0-132.el7.noarch.rpm
SHA-256: 341e4076d0092a3f9578992849c227b869f935ae9b9879629e9a3a55a134550e
rh-ruby27-rubygem-io-console-0.5.6-132.el7.ppc64le.rpm
SHA-256: efa7290527b9abc37fbda0be0591739e8d584afdde49c8b27733a1614ade7672
rh-ruby27-rubygem-irb-1.2.6-132.el7.noarch.rpm
SHA-256: 05cb1f702f8319016abcc202c4eefd7bb417de9a33dd6343720f4ce4b1bef886
rh-ruby27-rubygem-json-2.3.0-132.el7.ppc64le.rpm
SHA-256: 497d1b47d5438cf4222b9ce749680baddf55d83fb0a97707dd29ddec35c3ea34
rh-ruby27-rubygem-minitest-5.13.0-132.el7.noarch.rpm
SHA-256: 296d8beefd6787cdad2fedc4c53637372c9c3e50a5ba5d3ac8be19f39b47b6a2
rh-ruby27-rubygem-net-telnet-0.2.0-132.el7.noarch.rpm
SHA-256: 85fcdb77046f4532accc956501fcec770ba1a6528fac50e2bd8ed1975c350205
rh-ruby27-rubygem-openssl-2.1.4-132.el7.ppc64le.rpm
SHA-256: 1e9b7f6b010e1521f5c1d669811000cbaadaf66f062d86dcebc6cdd82fdf75bd
rh-ruby27-rubygem-power_assert-1.1.7-132.el7.noarch.rpm
SHA-256: 2a3569d6812335b7cbb9afc8597f18ad498eedeb6f594937723f6e22aa1d092e
rh-ruby27-rubygem-psych-3.1.0-132.el7.ppc64le.rpm
SHA-256: edc76884c539328799a83d81d70d4bb9d832c9bed141324f51e8366e567bf5aa
rh-ruby27-rubygem-racc-1.4.16-132.el7.ppc64le.rpm
SHA-256: 178fd4744c1e80aa2584a98fd0efd86f8ef8d6a6d4d8be103600a762df1ca2af
rh-ruby27-rubygem-rake-13.0.1-132.el7.noarch.rpm
SHA-256: a70c18bda144fd2c9fd70c90a33f1f4fae7f917b9a24d522b015683b40da8d2d
rh-ruby27-rubygem-rdoc-6.2.1.1-132.el7.noarch.rpm
SHA-256: 26bbbd9d8c6fa4e7df4635973066ad8abfa6fc102f13dfb14f7bc4e12076abb5
rh-ruby27-rubygem-test-unit-3.3.4-132.el7.noarch.rpm
SHA-256: baf719253cae48397f2074b57ede4e1e9143519c213fcccfb3f7178c50a810bf
rh-ruby27-rubygem-xmlrpc-0.3.0-132.el7.noarch.rpm
SHA-256: 1a264b76decabb072c6e890c675c6d18f927e3270f9d1eb4572ce1fb290d5dff
rh-ruby27-rubygems-3.1.6-132.el7.noarch.rpm
SHA-256: 6a02904f9889049ce1ff682df59b3c36c1d2f65463384aa83846bdeac7368c20
rh-ruby27-rubygems-devel-3.1.6-132.el7.noarch.rpm
SHA-256: a5d35f596b53c867dd8bde5531f42f433c7e1fde8bba8c34de01cd657ea4c935
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
SRPM
rh-ruby27-ruby-2.7.8-132.el7.src.rpm
SHA-256: 8e82606dd3a87aabeb3b239de017ecca3c0bd4bd8f986d75a724d8dd36f97eda
x86_64
rh-ruby27-ruby-2.7.8-132.el7.x86_64.rpm
SHA-256: 8bfd21dcc73ff4ce7b5f1e621cb80e8a7d8a86fe8a33d1c7d5958458bb5ddbcb
rh-ruby27-ruby-debuginfo-2.7.8-132.el7.x86_64.rpm
SHA-256: 78e6931662ae4f2391759b190da744fc30eca7b1772dc86f5e3a4ab1bf15eeae
rh-ruby27-ruby-devel-2.7.8-132.el7.x86_64.rpm
SHA-256: 98fa7b31ae358e28b97d0c0e5e09745a07765461311c4200e17ce707b460237a
rh-ruby27-ruby-doc-2.7.8-132.el7.noarch.rpm
SHA-256: 17eee08de0a43effd4b1d94e0409ab2aa3b9fdc906e24a669324d525c2e639ca
rh-ruby27-ruby-libs-2.7.8-132.el7.x86_64.rpm
SHA-256: 9d8192d102dc7188c9e15ffc4e6bea6c6289e15e5c849139e72e89580fe2e547
rh-ruby27-rubygem-bigdecimal-2.0.0-132.el7.x86_64.rpm
SHA-256: 3d4c7c8b105e3c800a46719f2ae75d903c67a0200b1f0eff340bb65aef4e01ec
rh-ruby27-rubygem-bundler-2.2.24-132.el7.noarch.rpm
SHA-256: 398c9b6dfbe709e155d9f5ca284620f30fd25f5804517494068c7d065c820c92
rh-ruby27-rubygem-did_you_mean-1.4.0-132.el7.noarch.rpm
SHA-256: 341e4076d0092a3f9578992849c227b869f935ae9b9879629e9a3a55a134550e
rh-ruby27-rubygem-io-console-0.5.6-132.el7.x86_64.rpm
SHA-256: b48682ccfbae0d996e53cc03a27e56608b6a1dda2c4746709a7d3fcee6c58301
rh-ruby27-rubygem-irb-1.2.6-132.el7.noarch.rpm
SHA-256: 05cb1f702f8319016abcc202c4eefd7bb417de9a33dd6343720f4ce4b1bef886
rh-ruby27-rubygem-json-2.3.0-132.el7.x86_64.rpm
SHA-256: f7ea702573acb6db2eb7025ce9edf7ed22bcaece0f04e65fdc817250d27e7f22
rh-ruby27-rubygem-minitest-5.13.0-132.el7.noarch.rpm
SHA-256: 296d8beefd6787cdad2fedc4c53637372c9c3e50a5ba5d3ac8be19f39b47b6a2
rh-ruby27-rubygem-net-telnet-0.2.0-132.el7.noarch.rpm
SHA-256: 85fcdb77046f4532accc956501fcec770ba1a6528fac50e2bd8ed1975c350205
rh-ruby27-rubygem-openssl-2.1.4-132.el7.x86_64.rpm
SHA-256: 2c82cecdf2502f4d05c829ed8acb89b42884f782152e28984ef8c268a53dc33d
rh-ruby27-rubygem-power_assert-1.1.7-132.el7.noarch.rpm
SHA-256: 2a3569d6812335b7cbb9afc8597f18ad498eedeb6f594937723f6e22aa1d092e
rh-ruby27-rubygem-psych-3.1.0-132.el7.x86_64.rpm
SHA-256: fc895db12a48ad8f7ca189ca1df56236df59efcb0d017bed14dcb9ee1e229420
rh-ruby27-rubygem-racc-1.4.16-132.el7.x86_64.rpm
SHA-256: 02e6478369ac3d33d1403caa978196c3da78f9d7c1585c33214be110cfb86ba1
rh-ruby27-rubygem-rake-13.0.1-132.el7.noarch.rpm
SHA-256: a70c18bda144fd2c9fd70c90a33f1f4fae7f917b9a24d522b015683b40da8d2d
rh-ruby27-rubygem-rdoc-6.2.1.1-132.el7.noarch.rpm
SHA-256: 26bbbd9d8c6fa4e7df4635973066ad8abfa6fc102f13dfb14f7bc4e12076abb5
rh-ruby27-rubygem-test-unit-3.3.4-132.el7.noarch.rpm
SHA-256: baf719253cae48397f2074b57ede4e1e9143519c213fcccfb3f7178c50a810bf
rh-ruby27-rubygem-xmlrpc-0.3.0-132.el7.noarch.rpm
SHA-256: 1a264b76decabb072c6e890c675c6d18f927e3270f9d1eb4572ce1fb290d5dff
rh-ruby27-rubygems-3.1.6-132.el7.noarch.rpm
SHA-256: 6a02904f9889049ce1ff682df59b3c36c1d2f65463384aa83846bdeac7368c20
rh-ruby27-rubygems-devel-3.1.6-132.el7.noarch.rpm
SHA-256: a5d35f596b53c867dd8bde5531f42f433c7e1fde8bba8c34de01cd657ea4c935
Related news
Red Hat Security Advisory 2024-4542-03 - An update for ruby is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a HTTP response splitting vulnerability.
Red Hat Security Advisory 2024-4499-03 - An update for ruby is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-3838-03 - An update for ruby is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP response splitting and denial of service vulnerabilities.
Red Hat Security Advisory 2024-3500-03 - An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP response splitting and denial of service vulnerabilities.
Red Hat Security Advisory 2024-1576-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP response splitting and denial of service vulnerabilities.
Red Hat Security Advisory 2024-1431-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP response splitting and denial of service vulnerabilities.
Gentoo Linux Security Advisory 202401-27 - Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. Multiple versions are affected.
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.
Ubuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. This issue only affected Ubuntu 22.10. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-3291-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and denial of service vulnerabilities.
Ubuntu Security Notice 6087-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM.
Ubuntu Security Notice 6087-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM.
Ubuntu Security Notice 6055-2 - USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression. This update reverts the patches applied to CVE-2023-28755 in order to fix the regression pending further investigation. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6055-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue is being addressed only for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Ubuntu Security Notice 6055-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue is being addressed only for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. This includes 13 security vulnerabilities in Delta Electronics' InfraSuite Device Master, a real-time device monitoring software. All versions prior to 1.0.5 are
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. This includes 13 security vulnerabilities in Delta Electronics' InfraSuite Device Master, a real-time device monitoring software. All versions prior to 1.0.5 are
Ubuntu Security Notice 5806-3 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.