RHEL 8 : ruby:3.1 (RHSA-2024:10966)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10966 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

ruby security update

3.0.7-163 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: rbhz2322153 3.0.7-162 - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves:...

Security Bulletin: IBM Business Automation Navigator is affected by a vulnerability in path-to-regexp (CVE-2024-45296)

Summary IBM Business Automation Navigator has addressed the following vulnerability. This does not impact IBM Content Navigator on-prem. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of...

ruby:2.5 security update

ruby 2.5.9-113.0.1 - Fix REXML ReDoS vulnerability CVE-2024-49761. rubygem-abrt 0.3.0-4 - Execute test suite unconditionally. - Upload correct sources. rubygem-bson rubygem-bundler rubygem-mongo 2.5.1-2 - Disable tests to fix FTBFS by dropped MongoDB module. Resolves: rhbz1710863 rubygem-mysql2...

AlmaLinux 9 : ruby (ALSA-2024:10858)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:10858 advisory. rexml: REXML ReDoS vulnerability CVE-2024-49761 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that...

ruby:3.1 security update

ruby 3.1.5-144 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68520 rubygem-abrt rubygem-mysql2 rubygem-pg...

ruby:3.1 security update

ruby 3.1.5-145 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68530 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-34121 - Fix arbitrary...

RHEL 8 : ruby:2.5 (RHSA-2024:10850)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10850 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

RHEL 9 : ruby:3.1 (RHSA-2024:10860)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10860 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

Oracle Linux 8 : ruby:3.1 (ELSA-2024-10834)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10834 advisory. ruby 3.1.5-144 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68520 rubygem-abrt rubygem-mysql2 rubygem-pg Tenable has extracted the preceding...

JetBrains YouTrack 2024.3.52635 Multiple Vulnerabilities (2024_3_52635)

The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.52635. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024352635 advisory. - In JetBrains YouTrack before 2024.3.52635, multiple merge functions were vulnerable to prototype pollution...

CVE-2024-52798 path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

path-to-regexp contains a ReDoS

Impact The regular expression that is vulnerable to backtracking can be generated in versions before 0.1.12 of path-to-regexp, originally reported in CVE-2024-45296 Patches Upgrade to 0.1.12. Workarounds Avoid using two parameters within a single path segment, when the separator is not . e.g. no...

GHSA-RHX6-C78J-4Q9W path-to-regexp contains a ReDoS

Impact The regular expression that is vulnerable to backtracking can be generated in versions before 0.1.12 of path-to-regexp, originally reported in CVE-2024-45296 Patches Upgrade to 0.1.12. Workarounds Avoid using two parameters within a single path segment, when the separator is not . e.g. no...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.12.1 bug fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.12.1 General Availability release images, which provide enhancements, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS ba...

Moderate: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.7.2 security updates and bug fixes

Multicluster Engine for Kubernetes 2.7.2 General Availability release images, which provide enhancements, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

Important: Red Hat Security Advisory: ruby:3.1 security update

An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2024:10858 Important: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...