Lucene search
OracleLinuxELSA-2024-1576HistoryApr 02, 2024 - 12:00 a.m.
ruby:3.1 security, bug fix, and enhancement update
2024-04-0200:00:00
linux.oracle.com
6
ruby 3.1.4
security fixes
bug fixes
rdoc dependency
git submodule
timezone fix
openssl 3 fips
ffdhe2048
rubygem updates
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.9%
ruby
[3.1.4-143]
- Upgrade to Ruby 3.1.4.
Resolves: RHEL-5586 - Fix HTTP response splitting in CGI.
Resolves: RHEL-5591 - Fix ReDos vulnerability in URI.
Resolves: RHEL-28919
Resolves: RHEL-5612 - Fix ReDos vulnerability in Time.
Resolves: RHEL-28920 - Make RDoc soft dependency in IRB.
Resolves: RHEL-5613
[3.1.2-142] - Bypass git submodule test failure on Git >= 2.38.1.
- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
- Fix for tzdata-2022g.
- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS.
Resolves: RHEL-5590 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters
Related: RHEL-5590 - Disable fiddle tests that use FFI closures.
Related: RHEL-5590
rubygem-mysql2
[0.5.4-1] - New upstream release 0.5.4 by merging Fedora rawhide branch (commit: e21b5b9)
Resolves: rhbz#2063773
[0.5.3-1] - New upstream release 0.5.3 by merging Fedora master branch (commit: 674d475)
Resolves: rhbz#1817135
rubygem-pg
[1.3.5-1] - Update to pg 1.3.5
Related: rhbz#2063773
[1.2.3-1] - Update to pg 1.2.3 by merging Fedora master branch (commit: 5db4d26)
Resolves: rhbz#1817135
Related
nessus
nessus
Rocky Linux 9 : ruby:3.1 (RLSA-2024:1576)
2024-04-05 00:00:00
RHEL 9 : ruby:3.1 (RHSA-2024:1576)
2024-04-01 00:00:00
AlmaLinux 9 : ruby:3.1 (ALSA-2024:1576)
2024-04-03 00:00:00
rocky
rocky
ruby:3.1 security, bug fix, and enhancement update
2024-04-05 14:57:12
ruby:3.1 security, bug fix, and enhancement update
2024-03-27 04:34:32
ruby:2.7 security, bug fix, and enhancement update
2023-08-31 16:54:34
redhat
redhat
osv
osv
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-04-05 14:57:12
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-03-27 04:34:32
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-03-19 00:00:00
almalinux
almalinux
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-03-19 00:00:00
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-04-01 00:00:00
Moderate: ruby:2.7 security, bug fix, and enhancement update
2023-06-27 00:00:00
oraclelinux
oraclelinux
ruby:3.1 security, bug fix, and enhancement update
2024-03-20 00:00:00
ruby:2.7 security, bug fix, and enhancement update
2023-07-08 00:00:00
ruby:2.5 security update
2023-11-18 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2023-06-21 00:00:00
Ruby vulnerabilities
2023-07-12 00:00:00
Ruby vulnerabilities
2023-05-04 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6181-1)
2023-06-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4176-1)
2023-10-25 00:00:00
openSUSE: Security Advisory for ruby2.5 (SUSE-SU-2023:4176-1)
2024-03-04 00:00:00
cloudfoundry
cloudfoundry
USN-6055-1: Ruby vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
USN-6219-1: Ruby vulnerabilities | Cloud Foundry
2023-09-28 00:00:00
USN-6087-1: Ruby vulnerabilities | Cloud Foundry
2023-06-05 00:00:00
slackware
slackware
[slackware-security] ruby
2023-03-31 18:29:16
[slackware-security] ruby
2022-11-24 21:00:38
ubuntucve
ubuntucve
redhatcve
redhatcve
CVE-2023-36617
2023-07-13 11:36:22
CVE-2021-33621
2022-11-30 16:56:14
debiancve
debiancve
hackerone
hackerone
Internet Bug Bounty: CVE-2023-36617: ReDoS vulnerability in URI (Ruby)
2023-07-17 05:09:41
Internet Bug Bounty: Security Unfavorable Specifications and Implementations in the CGI::Cookie Class
2023-03-01 08:03:28
Ruby: CGI::Cookieクラスにおけるセキュリティ上好ましくない仕様および実装
2021-05-21 12:21:26
cve
cve
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-06-30 03:59:11
Regular Expression Denial Of Service (ReDoS)
2023-04-04 14:02:35
HTTP Response Splitting
2022-12-07 11:55:45
github
github
URI gem has ReDoS vulnerability
2023-06-29 15:30:34
Ruby Time component ReDoS issue
2023-03-31 06:30:15
Ruby URI component ReDoS issue
2023-03-31 06:30:15
prion
prion
Design/Logic Flaw
2023-06-29 13:15:00
Design/Logic Flaw
2022-11-18 23:15:00
Authentication flaw
2023-03-31 04:15:00
debian
debian
[SECURITY] [DLA 3447-1] ruby2.5 security update
2023-06-07 20:38:22
fedora
fedora
[SECURITY] Fedora 36 Update: ruby-3.1.4-175.fc36
2023-04-21 01:25:27
[SECURITY] Fedora 38 Update: ruby-3.2.2-180.fc38
2023-04-15 02:16:08
[SECURITY] Fedora 37 Update: ruby-3.1.4-175.fc37
2023-04-21 02:11:09
rubygems
rubygems
ReDoS vulnerability in URI
2023-06-28 21:00:00
cbl_mariner
cbl_mariner
CVE-2023-36617 affecting package ruby 3.1.4-1
2023-08-30 14:44:06
cgr
cgr
CVE-2023-36617 vulnerabilities
2024-04-30 09:06:13
CVE-2023-28756 vulnerabilities
2024-04-30 09:06:13
CVE-2021-33621 vulnerabilities
2024-04-30 09:06:13
wolfi
wolfi
CVE-2023-36617 vulnerabilities
2024-04-30 09:06:13
CVE-2021-33621 vulnerabilities
2024-04-30 09:06:13
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0562
2024-02-08 00:00:00
amazon
amazon
Important: ruby
2024-03-13 20:26:00
mageia
mageia
Updated ruby packages fix security vulnerability
2022-12-14 01:09:19
freebsd
freebsd
rubygem-time -- ReDoS vulnerability
2023-03-30 00:00:00
rubygem-cgi -- HTTP response splitting vulnerability
2022-11-22 00:00:00
alpinelinux
alpinelinux
CVE-2021-33621
2022-11-18 23:15:00
CVE-2023-28756
2023-03-31 04:15:09
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.9%
Related for ELSA-2024-1576