Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6855: Red Hat Security Advisory: rh-ruby30-ruby security, bug fix, and enhancement update

An update for rh-ruby30-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-41816: ruby: buffer overflow in CGI.escape_html
  • CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods
  • CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse
  • CVE-2022-28738: Ruby: Double free in Regexp compilation
  • CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion
Red Hat Security Data
#vulnerability#red_hat#dos#js#buffer_overflow#ibm#ruby

Synopsis

Moderate: rh-ruby30-ruby security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-ruby30-ruby is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: rh-ruby30-ruby (3.0.4). (BZ#2128628)

Security Fix(es):

  • ruby: buffer overflow in CGI.escape_html (CVE-2021-41816)
  • ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)
  • ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)
  • Ruby: Double free in Regexp compilation (CVE-2022-28738)
  • Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • rh-ruby30 ruby: User-installed rubygems plugins are not being loaded (BZ#2128629)

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

  • BZ - 2025104 - CVE-2021-41817 ruby: Regular expression denial of service vulnerability of Date parsing methods
  • BZ - 2026752 - CVE-2021-41816 ruby: buffer overflow in CGI.escape_html
  • BZ - 2026757 - CVE-2021-41819 ruby: Cookie prefix spoofing in CGI::Cookie.parse
  • BZ - 2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation
  • BZ - 2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion
  • BZ - 2128628 - rh-ruby30-ruby: Rebase to the latest Ruby 3.0 release [rhscl-3] [rhscl-3.8.z]
  • BZ - 2128629 - rh-ruby30 ruby: User-installed rubygems plugins are not being loaded [rhscl-3.8.z]

CVEs

  • CVE-2021-41816
  • CVE-2021-41817
  • CVE-2021-41819
  • CVE-2022-28738
  • CVE-2022-28739

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM

rh-ruby30-ruby-3.0.4-149.el7.src.rpm

SHA-256: b7ec6c7ecabd39f3364bcae1257d7fcce22597b48adc1273d1238d36ee566b5c

x86_64

rh-ruby30-ruby-3.0.4-149.el7.x86_64.rpm

SHA-256: 620163dc82dbc9b17cb356a437c559467b9ebbd97d33e6d951cd58f67d089329

rh-ruby30-ruby-debuginfo-3.0.4-149.el7.x86_64.rpm

SHA-256: 1c1becee8e0688ba251ab20b4f04e708ae87d1332aa1c339ab65856df52e6f07

rh-ruby30-ruby-default-gems-3.0.4-149.el7.noarch.rpm

SHA-256: ccf554318e61464b6eda8408c16a1b8005f0765d8dc39a6d76e73d06d89a9710

rh-ruby30-ruby-devel-3.0.4-149.el7.x86_64.rpm

SHA-256: 8e3c44c72ce6a68f88352872778b783a15408123a8045d0502a7605f86015b47

rh-ruby30-ruby-doc-3.0.4-149.el7.noarch.rpm

SHA-256: 8348d300ff6b0f1ee2171a8f1d8c87551d9ab734d8f9468dcc5634c0754ae443

rh-ruby30-ruby-libs-3.0.4-149.el7.x86_64.rpm

SHA-256: 748d82756a0993a166165b784c64ea0c997f86b00ead4c50cf750ccb141e897b

rh-ruby30-rubygem-bigdecimal-3.0.0-149.el7.x86_64.rpm

SHA-256: a773c0aba303a71fc27030698cf66c59d7d4938cffa10fd9c6c66d6532139c6e

rh-ruby30-rubygem-bundler-2.2.33-149.el7.noarch.rpm

SHA-256: 16da27d93ec2f61e92e82bf7342026204b5c42932616e3b5e31cc4d8d64b26aa

rh-ruby30-rubygem-io-console-0.5.7-149.el7.x86_64.rpm

SHA-256: a69422b818f5dfb5c2da1978c1c1c185881e6cd57c8dcb6a6fcf4d3f20071d91

rh-ruby30-rubygem-irb-1.3.5-149.el7.noarch.rpm

SHA-256: 1711976a180dde61ba5015c2fb45dd214dc6a87b6a5706b800dce654bb85ff0c

rh-ruby30-rubygem-json-2.5.1-149.el7.x86_64.rpm

SHA-256: 77256d24fe58e5214c2182f87e19d0a644a4f2ef13f7dc99f727cadacc23e6af

rh-ruby30-rubygem-minitest-5.14.2-149.el7.noarch.rpm

SHA-256: 4e1d513a7d9359fabca41577095a39645584d083e06a43e5ad5ab537d36d416d

rh-ruby30-rubygem-power_assert-1.2.0-149.el7.noarch.rpm

SHA-256: 95d35e6ecd5f9c7dde75304d1a88bb687c7b743db72157a273e89dd7d71ed0c2

rh-ruby30-rubygem-psych-3.3.2-149.el7.x86_64.rpm

SHA-256: e2f55831b6e63e85c0f35a69aab27acbf516a5f2efd7a0db85480917699b5e98

rh-ruby30-rubygem-rake-13.0.3-149.el7.noarch.rpm

SHA-256: 880f6ac34758a0dd26d6ca5e81f4bfe1b25d2749611e0a1891249ca21063b7ac

rh-ruby30-rubygem-rbs-1.4.0-149.el7.noarch.rpm

SHA-256: b2711b7ab2fe60ab997d4712d222d781f26e39a81f0db476c4b3a7956ec2a33a

rh-ruby30-rubygem-rexml-3.2.5-149.el7.noarch.rpm

SHA-256: 9fc333ab0f5592d86738b7dc7d20bdeb1b8353250404d882dda01b7c1320e38f

rh-ruby30-rubygem-rss-0.2.9-149.el7.noarch.rpm

SHA-256: 825199635a2273093c255489e1303c3a68f8e5d5107fba9403b9fb66384ceafd

rh-ruby30-rubygem-test-unit-3.3.7-149.el7.noarch.rpm

SHA-256: 364e9ab21fa54a873cf0babb701cf885a508b59bb2b0430ff70ebec84431ead0

rh-ruby30-rubygem-typeprof-0.15.2-149.el7.noarch.rpm

SHA-256: 374d365fdd0bb88d2af834b5728c435c8530595b755179a97ba973e6b74465a5

rh-ruby30-rubygems-3.2.33-149.el7.noarch.rpm

SHA-256: 3e91d2300072655b64b71f342b45bef32666f7b4504a6381f2bc586128e25136

rh-ruby30-rubygems-devel-3.2.33-149.el7.noarch.rpm

SHA-256: 7895bbdf93cd6bbfb4d7327c3adfb25d8c766fdea645eccdefd9984cc12e689f

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM

rh-ruby30-ruby-3.0.4-149.el7.src.rpm

SHA-256: b7ec6c7ecabd39f3364bcae1257d7fcce22597b48adc1273d1238d36ee566b5c

s390x

rh-ruby30-ruby-3.0.4-149.el7.s390x.rpm

SHA-256: 2908476527f9c6708dffb40801f1506863246b17b97b2442738f12ca1b551697

rh-ruby30-ruby-debuginfo-3.0.4-149.el7.s390x.rpm

SHA-256: 8c8e9dea621f0b673382b3ad73a22d4cd26fe63e2124415c5f3a73ed453003f2

rh-ruby30-ruby-default-gems-3.0.4-149.el7.noarch.rpm

SHA-256: ccf554318e61464b6eda8408c16a1b8005f0765d8dc39a6d76e73d06d89a9710

rh-ruby30-ruby-devel-3.0.4-149.el7.s390x.rpm

SHA-256: 2e7063c031d622c5585ad055599d48ed556b1a67825d36d6a256dd5a24cecaa4

rh-ruby30-ruby-doc-3.0.4-149.el7.noarch.rpm

SHA-256: 8348d300ff6b0f1ee2171a8f1d8c87551d9ab734d8f9468dcc5634c0754ae443

rh-ruby30-ruby-libs-3.0.4-149.el7.s390x.rpm

SHA-256: 199cfd8a5f8512734d156464bc25000b307a731965dad99a828d8151176c2ecb

rh-ruby30-rubygem-bigdecimal-3.0.0-149.el7.s390x.rpm

SHA-256: ed9cc283f743336be65543258089e2d863025fdccfe4cf0cedd5fc3341e0a89f

rh-ruby30-rubygem-bundler-2.2.33-149.el7.noarch.rpm

SHA-256: 16da27d93ec2f61e92e82bf7342026204b5c42932616e3b5e31cc4d8d64b26aa

rh-ruby30-rubygem-io-console-0.5.7-149.el7.s390x.rpm

SHA-256: 4ecb11997d3aa198c6d73a06bd6371cd700357b869c7d02c754b9df2b62bf24b

rh-ruby30-rubygem-irb-1.3.5-149.el7.noarch.rpm

SHA-256: 1711976a180dde61ba5015c2fb45dd214dc6a87b6a5706b800dce654bb85ff0c

rh-ruby30-rubygem-json-2.5.1-149.el7.s390x.rpm

SHA-256: 34a12ac371b0c3fbd7fddff396094e0dd1b04fe43c461f9a5f6ef2e23e331206

rh-ruby30-rubygem-minitest-5.14.2-149.el7.noarch.rpm

SHA-256: 4e1d513a7d9359fabca41577095a39645584d083e06a43e5ad5ab537d36d416d

rh-ruby30-rubygem-power_assert-1.2.0-149.el7.noarch.rpm

SHA-256: 95d35e6ecd5f9c7dde75304d1a88bb687c7b743db72157a273e89dd7d71ed0c2

rh-ruby30-rubygem-psych-3.3.2-149.el7.s390x.rpm

SHA-256: 0debf021bac6cc24a2db963f33092fb8a97da0b878978426267bc813320255b0

rh-ruby30-rubygem-rake-13.0.3-149.el7.noarch.rpm

SHA-256: 880f6ac34758a0dd26d6ca5e81f4bfe1b25d2749611e0a1891249ca21063b7ac

rh-ruby30-rubygem-rbs-1.4.0-149.el7.noarch.rpm

SHA-256: b2711b7ab2fe60ab997d4712d222d781f26e39a81f0db476c4b3a7956ec2a33a

rh-ruby30-rubygem-rexml-3.2.5-149.el7.noarch.rpm

SHA-256: 9fc333ab0f5592d86738b7dc7d20bdeb1b8353250404d882dda01b7c1320e38f

rh-ruby30-rubygem-rss-0.2.9-149.el7.noarch.rpm

SHA-256: 825199635a2273093c255489e1303c3a68f8e5d5107fba9403b9fb66384ceafd

rh-ruby30-rubygem-test-unit-3.3.7-149.el7.noarch.rpm

SHA-256: 364e9ab21fa54a873cf0babb701cf885a508b59bb2b0430ff70ebec84431ead0

rh-ruby30-rubygem-typeprof-0.15.2-149.el7.noarch.rpm

SHA-256: 374d365fdd0bb88d2af834b5728c435c8530595b755179a97ba973e6b74465a5

rh-ruby30-rubygems-3.2.33-149.el7.noarch.rpm

SHA-256: 3e91d2300072655b64b71f342b45bef32666f7b4504a6381f2bc586128e25136

rh-ruby30-rubygems-devel-3.2.33-149.el7.noarch.rpm

SHA-256: 7895bbdf93cd6bbfb4d7327c3adfb25d8c766fdea645eccdefd9984cc12e689f

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7

SRPM

rh-ruby30-ruby-3.0.4-149.el7.src.rpm

SHA-256: b7ec6c7ecabd39f3364bcae1257d7fcce22597b48adc1273d1238d36ee566b5c

ppc64le

rh-ruby30-ruby-3.0.4-149.el7.ppc64le.rpm

SHA-256: 5e6bb9e0d4aca5baf3d85ece86d691149f9df089d1263495fddfd28edf5cffe5

rh-ruby30-ruby-debuginfo-3.0.4-149.el7.ppc64le.rpm

SHA-256: 8b49086b9640bcbc7335be8bca7543d321e0a81a23e2e90e4ed4e178d031cfc5

rh-ruby30-ruby-default-gems-3.0.4-149.el7.noarch.rpm

SHA-256: ccf554318e61464b6eda8408c16a1b8005f0765d8dc39a6d76e73d06d89a9710

rh-ruby30-ruby-devel-3.0.4-149.el7.ppc64le.rpm

SHA-256: 1c9da70261a5db7c6594e3e3525d2deab5159c35e96b2b08993cbeb8305c0238

rh-ruby30-ruby-doc-3.0.4-149.el7.noarch.rpm

SHA-256: 8348d300ff6b0f1ee2171a8f1d8c87551d9ab734d8f9468dcc5634c0754ae443

rh-ruby30-ruby-libs-3.0.4-149.el7.ppc64le.rpm

SHA-256: 12367ff2536bc7e71b94fb576fcbb5287129cfa721b9e7bf7750e90628bba9a5

rh-ruby30-rubygem-bigdecimal-3.0.0-149.el7.ppc64le.rpm

SHA-256: 6f9b0b1ded5832cf1d4fbd876460b5346c544042283c732f12c62a11b7a736d9

rh-ruby30-rubygem-bundler-2.2.33-149.el7.noarch.rpm

SHA-256: 16da27d93ec2f61e92e82bf7342026204b5c42932616e3b5e31cc4d8d64b26aa

rh-ruby30-rubygem-io-console-0.5.7-149.el7.ppc64le.rpm

SHA-256: 78cc0dcdd23719841441e41ca15b8f31d2aa6ffb3c09d1707c1b73ff36b803df

rh-ruby30-rubygem-irb-1.3.5-149.el7.noarch.rpm

SHA-256: 1711976a180dde61ba5015c2fb45dd214dc6a87b6a5706b800dce654bb85ff0c

rh-ruby30-rubygem-json-2.5.1-149.el7.ppc64le.rpm

SHA-256: e0cf07935eabdcaf172146f67586a0c45cd60bfaf4772501a10e331d7f920ab5

rh-ruby30-rubygem-minitest-5.14.2-149.el7.noarch.rpm

SHA-256: 4e1d513a7d9359fabca41577095a39645584d083e06a43e5ad5ab537d36d416d

rh-ruby30-rubygem-power_assert-1.2.0-149.el7.noarch.rpm

SHA-256: 95d35e6ecd5f9c7dde75304d1a88bb687c7b743db72157a273e89dd7d71ed0c2

rh-ruby30-rubygem-psych-3.3.2-149.el7.ppc64le.rpm

SHA-256: 20776d94176b70de5aad5e7d5b1bcea6a33c38f8078d284a3b1ef92d9384ea50

rh-ruby30-rubygem-rake-13.0.3-149.el7.noarch.rpm

SHA-256: 880f6ac34758a0dd26d6ca5e81f4bfe1b25d2749611e0a1891249ca21063b7ac

rh-ruby30-rubygem-rbs-1.4.0-149.el7.noarch.rpm

SHA-256: b2711b7ab2fe60ab997d4712d222d781f26e39a81f0db476c4b3a7956ec2a33a

rh-ruby30-rubygem-rexml-3.2.5-149.el7.noarch.rpm

SHA-256: 9fc333ab0f5592d86738b7dc7d20bdeb1b8353250404d882dda01b7c1320e38f

rh-ruby30-rubygem-rss-0.2.9-149.el7.noarch.rpm

SHA-256: 825199635a2273093c255489e1303c3a68f8e5d5107fba9403b9fb66384ceafd

rh-ruby30-rubygem-test-unit-3.3.7-149.el7.noarch.rpm

SHA-256: 364e9ab21fa54a873cf0babb701cf885a508b59bb2b0430ff70ebec84431ead0

rh-ruby30-rubygem-typeprof-0.15.2-149.el7.noarch.rpm

SHA-256: 374d365fdd0bb88d2af834b5728c435c8530595b755179a97ba973e6b74465a5

rh-ruby30-rubygems-3.2.33-149.el7.noarch.rpm

SHA-256: 3e91d2300072655b64b71f342b45bef32666f7b4504a6381f2bc586128e25136

rh-ruby30-rubygems-devel-3.2.33-149.el7.noarch.rpm

SHA-256: 7895bbdf93cd6bbfb4d7327c3adfb25d8c766fdea645eccdefd9984cc12e689f

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM

rh-ruby30-ruby-3.0.4-149.el7.src.rpm

SHA-256: b7ec6c7ecabd39f3364bcae1257d7fcce22597b48adc1273d1238d36ee566b5c

x86_64

rh-ruby30-ruby-3.0.4-149.el7.x86_64.rpm

SHA-256: 620163dc82dbc9b17cb356a437c559467b9ebbd97d33e6d951cd58f67d089329

rh-ruby30-ruby-debuginfo-3.0.4-149.el7.x86_64.rpm

SHA-256: 1c1becee8e0688ba251ab20b4f04e708ae87d1332aa1c339ab65856df52e6f07

rh-ruby30-ruby-default-gems-3.0.4-149.el7.noarch.rpm

SHA-256: ccf554318e61464b6eda8408c16a1b8005f0765d8dc39a6d76e73d06d89a9710

rh-ruby30-ruby-devel-3.0.4-149.el7.x86_64.rpm

SHA-256: 8e3c44c72ce6a68f88352872778b783a15408123a8045d0502a7605f86015b47

rh-ruby30-ruby-doc-3.0.4-149.el7.noarch.rpm

SHA-256: 8348d300ff6b0f1ee2171a8f1d8c87551d9ab734d8f9468dcc5634c0754ae443

rh-ruby30-ruby-libs-3.0.4-149.el7.x86_64.rpm

SHA-256: 748d82756a0993a166165b784c64ea0c997f86b00ead4c50cf750ccb141e897b

rh-ruby30-rubygem-bigdecimal-3.0.0-149.el7.x86_64.rpm

SHA-256: a773c0aba303a71fc27030698cf66c59d7d4938cffa10fd9c6c66d6532139c6e

rh-ruby30-rubygem-bundler-2.2.33-149.el7.noarch.rpm

SHA-256: 16da27d93ec2f61e92e82bf7342026204b5c42932616e3b5e31cc4d8d64b26aa

rh-ruby30-rubygem-io-console-0.5.7-149.el7.x86_64.rpm

SHA-256: a69422b818f5dfb5c2da1978c1c1c185881e6cd57c8dcb6a6fcf4d3f20071d91

rh-ruby30-rubygem-irb-1.3.5-149.el7.noarch.rpm

SHA-256: 1711976a180dde61ba5015c2fb45dd214dc6a87b6a5706b800dce654bb85ff0c

rh-ruby30-rubygem-json-2.5.1-149.el7.x86_64.rpm

SHA-256: 77256d24fe58e5214c2182f87e19d0a644a4f2ef13f7dc99f727cadacc23e6af

rh-ruby30-rubygem-minitest-5.14.2-149.el7.noarch.rpm

SHA-256: 4e1d513a7d9359fabca41577095a39645584d083e06a43e5ad5ab537d36d416d

rh-ruby30-rubygem-power_assert-1.2.0-149.el7.noarch.rpm

SHA-256: 95d35e6ecd5f9c7dde75304d1a88bb687c7b743db72157a273e89dd7d71ed0c2

rh-ruby30-rubygem-psych-3.3.2-149.el7.x86_64.rpm

SHA-256: e2f55831b6e63e85c0f35a69aab27acbf516a5f2efd7a0db85480917699b5e98

rh-ruby30-rubygem-rake-13.0.3-149.el7.noarch.rpm

SHA-256: 880f6ac34758a0dd26d6ca5e81f4bfe1b25d2749611e0a1891249ca21063b7ac

rh-ruby30-rubygem-rbs-1.4.0-149.el7.noarch.rpm

SHA-256: b2711b7ab2fe60ab997d4712d222d781f26e39a81f0db476c4b3a7956ec2a33a

rh-ruby30-rubygem-rexml-3.2.5-149.el7.noarch.rpm

SHA-256: 9fc333ab0f5592d86738b7dc7d20bdeb1b8353250404d882dda01b7c1320e38f

rh-ruby30-rubygem-rss-0.2.9-149.el7.noarch.rpm

SHA-256: 825199635a2273093c255489e1303c3a68f8e5d5107fba9403b9fb66384ceafd

rh-ruby30-rubygem-test-unit-3.3.7-149.el7.noarch.rpm

SHA-256: 364e9ab21fa54a873cf0babb701cf885a508b59bb2b0430ff70ebec84431ead0

rh-ruby30-rubygem-typeprof-0.15.2-149.el7.noarch.rpm

SHA-256: 374d365fdd0bb88d2af834b5728c435c8530595b755179a97ba973e6b74465a5

rh-ruby30-rubygems-3.2.33-149.el7.noarch.rpm

SHA-256: 3e91d2300072655b64b71f342b45bef32666f7b4504a6381f2bc586128e25136

rh-ruby30-rubygems-devel-3.2.33-149.el7.noarch.rpm

SHA-256: 7895bbdf93cd6bbfb4d7327c3adfb25d8c766fdea645eccdefd9984cc12e689f

Related news

Gentoo Linux Security Advisory 202401-27

Gentoo Linux Security Advisory 202401-27 - Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. Multiple versions are affected.

CVE-2023-28864: Chef Infra Server Release Notes

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

Red Hat Security Advisory 2022-6855-01

Red Hat Security Advisory 2022-6855-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include buffer overflow, denial of service, double free, and spoofing vulnerabilities.

Red Hat Security Advisory 2022-6856-01

Red Hat Security Advisory 2022-6856-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include buffer overflow, denial of service, and spoofing vulnerabilities.

RHSA-2022:6856: Red Hat Security Advisory: rh-ruby27-ruby security, bug fix, and enhancement update

An update for rh-ruby27-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41816: ruby: buffer overflow in CGI.escape_html * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion

Red Hat Security Advisory 2022-6585-01

Red Hat Security Advisory 2022-6585-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a double free vulnerability.

Red Hat Security Advisory 2022-6585-01

Red Hat Security Advisory 2022-6585-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a double free vulnerability.

RHSA-2022:6585: Red Hat Security Advisory: ruby security, bug fix, and enhancement update

An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-28738: Ruby: Double free in Regexp compilation * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion

RHSA-2022:6585: Red Hat Security Advisory: ruby security, bug fix, and enhancement update

An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-28738: Ruby: Double free in Regexp compilation * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion

Red Hat Security Advisory 2022-6447-01

Red Hat Security Advisory 2022-6447-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service and spoofing vulnerabilities.

Red Hat Security Advisory 2022-6447-01

Red Hat Security Advisory 2022-6447-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service and spoofing vulnerabilities.

Red Hat Security Advisory 2022-6447-01

Red Hat Security Advisory 2022-6447-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service and spoofing vulnerabilities.

Red Hat Security Advisory 2022-6450-01

Red Hat Security Advisory 2022-6450-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service, double free, and spoofing vulnerabilities.

Red Hat Security Advisory 2022-6450-01

Red Hat Security Advisory 2022-6450-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service, double free, and spoofing vulnerabilities.

Red Hat Security Advisory 2022-6450-01

Red Hat Security Advisory 2022-6450-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service, double free, and spoofing vulnerabilities.

Red Hat Security Advisory 2022-6450-01

Red Hat Security Advisory 2022-6450-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service, double free, and spoofing vulnerabilities.

RHSA-2022:6450: Red Hat Security Advisory: ruby:3.0 security, bug fix, and enhancement update

An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28738: Ruby: Double free in Regexp compilation * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion

RHSA-2022:6450: Red Hat Security Advisory: ruby:3.0 security, bug fix, and enhancement update

An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28738: Ruby: Double free in Regexp compilation * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion

RHSA-2022:6450: Red Hat Security Advisory: ruby:3.0 security, bug fix, and enhancement update

An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28738: Ruby: Double free in Regexp compilation * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion

RHSA-2022:6450: Red Hat Security Advisory: ruby:3.0 security, bug fix, and enhancement update

An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28738: Ruby: Double free in Regexp compilation * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion

RHSA-2022:6447: Red Hat Security Advisory: ruby:2.7 security, bug fix, and enhancement update

An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion

RHSA-2022:6447: Red Hat Security Advisory: ruby:2.7 security, bug fix, and enhancement update

An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion

RHSA-2022:6447: Red Hat Security Advisory: ruby:2.7 security, bug fix, and enhancement update

An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion

RHSA-2022:5779: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse

RHSA-2022:5779: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse

CVE-2022-32263: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.

CVE-2022-27933: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-26655: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.

CVE-2022-27934: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27929: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27932: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-27929: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27932: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-26655: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.

CVE-2022-26654: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.

Ubuntu Security Notice USN-5462-2

Ubuntu Security Notice 5462-2 - USN-5462-1 fixed several vulnerabilities in Ruby. This update provides the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.

Ubuntu Security Notice USN-5462-1

Ubuntu Security Notice 5462-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.

Ubuntu Security Notice USN-5462-1

Ubuntu Security Notice 5462-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.

CVE-2022-28739

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

CVE-2022-28738: CVE-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.

CVE-2022-28739

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

CVE-2022-28738: CVE-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.

CVE-2021-41816

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.