MiracleLinux 7 : rh-ruby30-ruby-3.0.4-149.el7 (AXSA:2022-3890:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3890:01 advisory. ruby: buffer overflow in CGI.escapehtml CVE-2021-41816 ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-418...

ruby security, bug fix, and enhancement update

3.0.4-160 - Upgrade to Ruby 3.0.4. Resolves: rhbz2109428 - OpenSSL test suite fixes due to disabled SHA1. Related: rbhz2109428 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739...

ruby:3.0 security, bug fix, and enhancement update

ruby 3.0.4-141 - Upgrade to Ruby 3.0.4. Resolves: rhbz2109431 Resolves: rhbz2110981 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739...

[SECURITY] Fedora 35 Update: ruby-3.0.4-153.fc35

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Double free in Regexp compilation

A double-free vulnerability is discovered in Regexp compilation. This vulnerability has been assigned the CVE identifier CVE-2022-28738. We strongly recommend upgrading Ruby. Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same...