Lucene search
UbuntuUSN-6838-1HistoryJun 17, 2024 - 12:00 a.m.
Ruby vulnerabilities
2024-06-1700:00:00
ubuntu.com
2
ruby
ubuntu
vulnerabilities
rdoc
parsing
yaml
remote execution
code execution
memory operations
sensitive data
Releases
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Packages
- ruby2.7 - Object-oriented scripting language
- ruby3.0 - Object-oriented scripting language
- ruby3.1 - Object-oriented scripting language
- ruby3.2 - Object-oriented scripting language
Details
It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If
a user or automated system were tricked into parsing a specially crafted
.rdoc_options file, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2024-27281)
It was discovered that the Ruby regex compiler incorrectly handled certain
memory operations. A remote attacker could possibly use this issue to
obtain sensitive memory contents. (CVE-2024-27282)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 24.04 | noarch | libruby3.2 | < 3.2.3-1ubuntu0.24.04.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | libruby3.2-dbgsym | < 3.2.3-1ubuntu0.24.04.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | ruby3.2 | < 3.2.3-1ubuntu0.24.04.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | ruby3.2-dbgsym | < 3.2.3-1ubuntu0.24.04.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | ruby3.2-dev | < 3.2.3-1ubuntu0.24.04.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | ruby3.2-doc | < 3.2.3-1ubuntu0.24.04.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | libruby3.1 | < 3.1.2-7ubuntu3.2 | UNKNOWN |
| Ubuntu | 23.10 | noarch | libruby3.1-dbgsym | < 3.1.2-7ubuntu3.2 | UNKNOWN |
| Ubuntu | 23.10 | noarch | ruby3.1 | < 3.1.2-7ubuntu3.2 | UNKNOWN |
| Ubuntu | 23.10 | noarch | ruby3.1-dbgsym | < 3.1.2-7ubuntu3.2 | UNKNOWN |
Related
osv
osv
ruby2.7, ruby3.0, ruby3.1, ruby3.2 vulnerabilities
2024-06-17 14:24:17
ruby3.1 - security update
2024-05-03 00:00:00
Moderate: ruby:3.3 security, bug fix, and enhancement update
2024-06-06 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6838-1)
2024-06-18 00:00:00
Slackware: Security Advisory (SSA:2024-114-01)
2024-04-24 00:00:00
Fedora: Security Advisory for ruby (FEDORA-2024-14db7b21a2)
2024-05-27 00:00:00
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ruby vulnerabilities (USN-6838-1)
2024-06-17 00:00:00
Rocky Linux 9 : ruby:3.3 (RLSA-2024:3671)
2024-06-14 00:00:00
AlmaLinux 8 : ruby:3.3 (ALSA-2024:3670)
2024-06-10 00:00:00
rocky
rocky
ruby:3.1 security, bug fix, and enhancement update
2024-06-14 14:00:40
ruby:3.1 security, bug fix, and enhancement update
2024-06-14 13:59:30
ruby:3.3 security, bug fix, and enhancement update
2024-06-14 14:00:40
almalinux
almalinux
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-06-03 00:00:00
Moderate: ruby:3.3 security, bug fix, and enhancement update
2024-06-06 00:00:00
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-06-06 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerabilities
2024-05-09 05:40:29
oraclelinux
oraclelinux
ruby:3.3 security, bug fix, and enhancement update
2024-06-07 00:00:00
ruby:3.3 security, bug fix, and enhancement update
2024-06-06 00:00:00
ruby:3.1 security, bug fix, and enhancement update
2024-06-06 00:00:00
redhat
redhat
(RHSA-2024:3500) Moderate: ruby:3.0 security update
2024-05-30 12:07:40
debian
debian
[SECURITY] [DSA 5677-1] ruby3.1 security update
2024-05-03 19:47:30
slackware
slackware
[slackware-security] ruby
2024-04-23 22:33:22
fedora
fedora
[SECURITY] Fedora 40 Update: ruby-3.3.1-7.fc40
2024-05-03 01:46:00
[SECURITY] Fedora 39 Update: ruby-3.2.4-182.fc39
2024-05-04 01:33:23
[SECURITY] Fedora 38 Update: ruby-3.2.4-182.fc38
2024-05-04 02:20:05
cve
cve
CVE-2024-27282
2024-05-14 15:11:57
CVE-2024-27281
2024-05-14 15:11:57
cbl_mariner
cbl_mariner
CVE-2024-27282 affecting package ruby for versions less than 3.1.4-5
2024-06-12 22:23:00
CVE-2024-27281 affecting package ruby for versions less than 3.1.4-4
2024-04-17 01:35:34
freebsd
freebsd
ruby -- Arbitrary memory address read vulnerability with Regex search
2024-04-23 00:00:00
cvelist
cvelist
CVE-2024-27282
1976-01-01 00:00:00
CVE-2024-27281
1976-01-01 00:00:00
veracode
veracode
Remote Code Execution
2024-03-28 10:48:53
hackerone
hackerone
nvd
nvd
CVE-2024-27281
2024-05-14 15:11:57
CVE-2024-27282
2024-05-14 15:11:57
redhatcve
redhatcve
CVE-2024-27281
2024-03-21 18:29:23
CVE-2024-27282
2024-04-24 05:34:31
alpinelinux
alpinelinux
CVE-2024-27282
2024-05-14 15:11:57
CVE-2024-27281
2024-05-14 15:11:57
debiancve
debiancve
CVE-2024-27282
2024-05-14 15:11:57
CVE-2024-27281
2024-05-14 15:11:57
ubuntucve
ubuntucve
CVE-2024-27282
2024-05-14 00:00:00
CVE-2024-27281
2024-05-14 00:00:00
githubexploit
githubexploit
Exploit for CVE-2024-27282
2024-06-12 23:54:03
github
github
RDoc RCE vulnerability with .rdoc_options
2024-03-25 19:36:59
cgr
cgr
CVE-2024-27281 vulnerabilities
2024-05-19 03:07:16
gentoo
gentoo
RDoc: Remote Code Execution
2024-06-22 00:00:00
wolfi
wolfi
CVE-2024-27281 vulnerabilities
2024-06-26 21:08:32
photon
photon
Important Photon OS Security Update - PHSA-2024-5.0-0236
2024-04-01 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0259
2024-04-29 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0600
2024-04-29 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
2024-06-26 16:06:34