Moderate: ruby:3.3 security update

2024-09-1800:00:00

errata.almalinux.org

ruby

security update

rexml

text files

system management

vulnerability

cve-2024-39908

cve-2024-41123

cve-2024-41946

cve-2024-43398

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

JSON

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

rexml: DoS vulnerability in REXML (CVE-2024-39908)
rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> (CVE-2024-41123)
rexml: DoS vulnerability in REXML (CVE-2024-41946)
rexml: DoS vulnerability in REXML (CVE-2024-43398)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8noarchrubygem-irb< 1.13.1-3.module_el8.10.0+3894+6d587c81rubygem-irb-1.13.1-3.module_el8.10.0+3894+6d587c81.noarch.rpm
almalinux8i686rubygem-psych< 5.1.2-3.module_el8.10.0+3894+6d587c81rubygem-psych-5.1.2-3.module_el8.10.0+3894+6d587c81.i686.rpm
almalinux8noarchrubygems< 3.5.16-3.module_el8.10.0+3894+6d587c81rubygems-3.5.16-3.module_el8.10.0+3894+6d587c81.noarch.rpm
almalinux8i686ruby-devel< 3.3.5-3.module_el8.10.0+3894+6d587c81ruby-devel-3.3.5-3.module_el8.10.0+3894+6d587c81.i686.rpm
almalinux8noarchrubygem-minitest< 5.20.0-3.module_el8.10.0+3894+6d587c81rubygem-minitest-5.20.0-3.module_el8.10.0+3894+6d587c81.noarch.rpm
almalinux8noarchrubygem-rexml< 3.3.6-3.module_el8.10.0+3894+6d587c81rubygem-rexml-3.3.6-3.module_el8.10.0+3894+6d587c81.noarch.rpm
almalinux8i686rubygem-rbs< 3.4.0-3.module_el8.10.0+3894+6d587c81rubygem-rbs-3.4.0-3.module_el8.10.0+3894+6d587c81.i686.rpm
almalinux8i686rubygem-bigdecimal< 3.1.5-3.module_el8.10.0+3894+6d587c81rubygem-bigdecimal-3.1.5-3.module_el8.10.0+3894+6d587c81.i686.rpm
almalinux8noarchrubygem-rake< 13.1.0-3.module_el8.10.0+3894+6d587c81rubygem-rake-13.1.0-3.module_el8.10.0+3894+6d587c81.noarch.rpm
almalinux8i686ruby-bundled-gems< 3.3.5-3.module_el8.10.0+3894+6d587c81ruby-bundled-gems-3.3.5-3.module_el8.10.0+3894+6d587c81.i686.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	noarch	rubygem-irb	< 1.13.1-3.module_el8.10.0+3894+6d587c81	rubygem-irb-1.13.1-3.module_el8.10.0+3894+6d587c81.noarch.rpm
almalinux	8	i686	rubygem-psych	< 5.1.2-3.module_el8.10.0+3894+6d587c81	rubygem-psych-5.1.2-3.module_el8.10.0+3894+6d587c81.i686.rpm
almalinux	8	noarch	rubygems	< 3.5.16-3.module_el8.10.0+3894+6d587c81	rubygems-3.5.16-3.module_el8.10.0+3894+6d587c81.noarch.rpm
almalinux	8	i686	ruby-devel	< 3.3.5-3.module_el8.10.0+3894+6d587c81	ruby-devel-3.3.5-3.module_el8.10.0+3894+6d587c81.i686.rpm
almalinux	8	noarch	rubygem-minitest	< 5.20.0-3.module_el8.10.0+3894+6d587c81	rubygem-minitest-5.20.0-3.module_el8.10.0+3894+6d587c81.noarch.rpm
almalinux	8	noarch	rubygem-rexml	< 3.3.6-3.module_el8.10.0+3894+6d587c81	rubygem-rexml-3.3.6-3.module_el8.10.0+3894+6d587c81.noarch.rpm
almalinux	8	i686	rubygem-rbs	< 3.4.0-3.module_el8.10.0+3894+6d587c81	rubygem-rbs-3.4.0-3.module_el8.10.0+3894+6d587c81.i686.rpm
almalinux	8	i686	rubygem-bigdecimal	< 3.1.5-3.module_el8.10.0+3894+6d587c81	rubygem-bigdecimal-3.1.5-3.module_el8.10.0+3894+6d587c81.i686.rpm
almalinux	8	noarch	rubygem-rake	< 13.1.0-3.module_el8.10.0+3894+6d587c81	rubygem-rake-13.1.0-3.module_el8.10.0+3894+6d587c81.noarch.rpm
almalinux	8	i686	ruby-bundled-gems	< 3.3.5-3.module_el8.10.0+3894+6d587c81	ruby-bundled-gems-3.3.5-3.module_el8.10.0+3894+6d587c81.i686.rpm