Lucene search
GoogleOSV:ALSA-2024:1576HistoryApr 01, 2024 - 12:00 a.m.
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-04-0100:00:00
Google
osv.dev
8
ruby scripting language
http response splitting
redos vulnerability
time
bug fix
fips mode
almalinux 9
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: ruby (3.1). (AlmaLinux-29052)
Security Fix(es):
- ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)
- ruby: ReDoS vulnerability in URI (CVE-2023-28755)
- ruby: ReDoS vulnerability - upstreamโs incomplete fix for CVE-2023-28755 (CVE-2023-36617)
- ruby: ReDoS vulnerability in Time (CVE-2023-28756)
Bug Fix(es):
- ruby/rubygem-irb: IRB has hard dependency on rubygem-rdoc (AlmaLinux-29048)
- ruby: Ruby cannot read private key in FIPS mode on AlmaLinux 9 (AlmaLinux-12437)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
access.redhat.com/errata/RHSA-2024:1576
access.redhat.com/security/cve/CVE-2021-33621
access.redhat.com/security/cve/CVE-2023-28755
access.redhat.com/security/cve/CVE-2023-28756
access.redhat.com/security/cve/CVE-2023-36617
bugzilla.redhat.com/2149706
bugzilla.redhat.com/2184059
bugzilla.redhat.com/2184061
bugzilla.redhat.com/2218614
errata.almalinux.org/9/ALSA-2024-1576.html
Related
nessus
nessus
RHEL 9 : ruby:3.1 (RHSA-2024:1576)
2024-04-01 00:00:00
Rocky Linux 9 : ruby:3.1 (RLSA-2024:1576)
2024-04-05 00:00:00
AlmaLinux 8 : ruby:3.1 (ALSA-2024:1431)
2024-03-21 00:00:00
almalinux
almalinux
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-03-19 00:00:00
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-04-01 00:00:00
Moderate: ruby:2.7 security, bug fix, and enhancement update
2023-06-27 00:00:00
rocky
rocky
ruby:3.1 security, bug fix, and enhancement update
2024-03-27 04:34:32
ruby:3.1 security, bug fix, and enhancement update
2024-04-05 14:57:12
ruby:2.7 security, bug fix, and enhancement update
2023-08-31 16:54:34
oraclelinux
oraclelinux
ruby:3.1 security, bug fix, and enhancement update
2024-03-20 00:00:00
ruby:3.1 security, bug fix, and enhancement update
2024-04-02 00:00:00
ruby:2.7 security, bug fix, and enhancement update
2023-07-08 00:00:00
osv
osv
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-04-05 14:57:12
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-03-27 04:34:32
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-03-19 00:00:00
redhat
redhat
ubuntu
ubuntu
Ruby vulnerabilities
2023-06-21 00:00:00
Ruby vulnerabilities
2023-05-04 00:00:00
Ruby vulnerabilities
2023-05-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6181-1)
2023-06-22 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2800)
2023-09-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4176-1)
2023-10-25 00:00:00
ubuntucve
ubuntucve
cloudfoundry
cloudfoundry
USN-6219-1: Ruby vulnerabilities | Cloud Foundry
2023-09-28 00:00:00
USN-6055-1: Ruby vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
USN-6087-1: Ruby vulnerabilities | Cloud Foundry
2023-06-05 00:00:00
redhatcve
redhatcve
CVE-2023-36617
2023-07-13 11:36:22
debiancve
debiancve
hackerone
hackerone
Internet Bug Bounty: CVE-2023-36617: ReDoS vulnerability in URI (Ruby)
2023-07-17 05:09:41
Internet Bug Bounty: Security Unfavorable Specifications and Implementations in the CGI::Cookie Class
2023-03-01 08:03:28
Ruby: ReDoS in Time.rfc2822
2022-02-18 22:22:29
cvelist
cvelist
slackware
slackware
[slackware-security] ruby
2023-03-31 18:29:16
github
github
URI gem has ReDoS vulnerability
2023-06-29 15:30:34
Ruby Time component ReDoS issue
2023-03-31 06:30:15
Ruby URI component ReDoS issue
2023-03-31 06:30:15
prion
prion
Design/Logic Flaw
2023-06-29 13:15:00
Authentication flaw
2023-03-31 04:15:00
Authentication flaw
2023-03-31 04:15:00
fedora
fedora
[SECURITY] Fedora 38 Update: ruby-3.2.2-180.fc38
2023-04-15 02:16:08
[SECURITY] Fedora 37 Update: ruby-3.1.4-175.fc37
2023-04-21 02:11:09
[SECURITY] Fedora 36 Update: ruby-3.1.4-175.fc36
2023-04-21 01:25:27
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-06-30 03:59:11
Regular Expression Denial Of Service (ReDoS)
2023-04-04 14:02:35
Regular Expression Denial Of Service (ReDoS)
2023-04-04 14:02:44
cve
cve
debian
debian
[SECURITY] [DLA 3447-1] ruby2.5 security update
2023-06-07 20:39:08
rubygems
rubygems
ReDoS vulnerability in URI
2023-06-28 21:00:00
cbl_mariner
cbl_mariner
CVE-2023-36617 affecting package ruby for versions less than 3.1.4-2
2023-08-30 14:44:06
wolfi
wolfi
CVE-2023-36617 vulnerabilities
2024-05-21 15:40:57
cgr
cgr
CVE-2023-36617 vulnerabilities
2024-05-19 03:07:16
CVE-2023-28756 vulnerabilities
2024-05-19 03:07:16
CVE-2021-33621 vulnerabilities
2024-05-19 03:07:16
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0562
2024-02-08 00:00:00
alpinelinux
alpinelinux
CVE-2023-28756
2023-03-31 04:15:09
freebsd
freebsd
rubygem-time -- ReDoS vulnerability
2023-03-30 00:00:00
rubygem-uri -- ReDoS vulnerability
2023-03-28 00:00:00
amazon
amazon
Important: ruby
2024-03-13 20:26:00
mageia
mageia
Updated ruby packages fix security vulnerability
2022-12-14 01:09:19