RLSA-2024:3668 Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. Rocky Linux-35449 Security Fixes: ruby: Buffer overread...

ruby:3.1 security, bug fix, and enhancement update

An update is available for rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, module.rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an...

ruby:3.3 security, bug fix, and enhancement update

An update is available for rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, module.rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an...

RLSA-2024:3546 Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Buffer overread vulnerability in StringIO CVE-2024-27280...

RLSA-2024:3670 Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.3. Rocky Linux-37446 Security Fixes: ruby: Buffer overread...

ruby:3.1 security, bug fix, and enhancement update

An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

ruby:3.3 security, bug fix, and enhancement update

An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

AlmaLinux 9 : ruby (ALSA-2024:3838)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3838 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability in Time CVE-2023-287...

Oracle Linux 9 : ruby (ELSA-2024-3838)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3838 advisory. - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 Tenable has extracted the preceding description block directly from the Oracle Linux...

CVE-2024-35176

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

Amazon Linux 2 : ruby (ALAS-2024-2570)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2570 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception...

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network...

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network...

Moderate: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

ruby/cgi-gem: HTTP response splitting in CGI

A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients...

ruby: Buffer overread vulnerability in StringIO

A buffer overread flaw was found in rubygem StringIO. The ungetbyte and ungetc methods on a StringIO object can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value...

ruby: RCE vulnerability with .rdoc_options in RDoc

A flaw was found in Rubygem RDoc. When parsing .rdocoptions used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution...

Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0. AlmaLinux-35740 Security Fixes: ruby/cgi-gem: HTTP response...

ALSA-2024:3838 Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0. AlmaLinux-35740 Security Fixes: ruby/cgi-gem: HTTP response...

AlmaLinux 9 : ruby:3.3 (ALSA-2024:3671)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3671 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...