ruby:2.5 security update

エラータID: AXSA:2024-7342:01

Release date: 
Tuesday, January 23, 2024 - 05:35
Subject: 
ruby:2.5 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

* ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)
* ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)
* ruby: ReDoS vulnerability in URI (CVE-2023-28755)
* ruby: ReDoS vulnerability in Time (CVE-2023-28756)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.9 Release Notes linked from the References section.

CVE-2021-33621
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
CVE-2022-28739
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
CVE-2023-28755
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
CVE-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

Modularity name: "ruby"
Stream name: "2.5"

Solution: 

Update packages.

CVEs: 
CVE-2021-33621
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
CVE-2022-28739
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
CVE-2023-28755
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
CVE-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
Additional Info: 

N/A

Download: 

SRPMS
  1. rubygem-abrt-0.3.0-4.module+el8+1692+9fb95cc1.src.rpm
    MD5: 26bb4ae31d92bae382de82409c0d10e3
    SHA-256: 19a9d4978872b2562730383d3c376a943f8abbee9ec5db24343e9cd69062f232
    Size: 16.03 kB
  2. rubygem-bson-4.3.0-2.module+el8+1692+9fb95cc1.src.rpm
    MD5: 21f23f7fdb2fee1040c683d57698448d
    SHA-256: b7cf5a94c010d9430d74f4ed124aadf995f15f4871bae7e0fbcd770099904097
    Size: 90.08 kB
  3. rubygem-bundler-1.16.1-4.module+el8+1692+9fb95cc1.src.rpm
    MD5: f9343ffed1d7e65697fab08fca1ab7ab
    SHA-256: 163c8eaa7fce05fdbcc867186f22e3a70b5c7892d6cbd29db070a53b2dcd83c8
    Size: 14.64 MB
  4. rubygem-mongo-2.5.1-2.module+el8+1692+9fb95cc1.src.rpm
    MD5: f5af568e076266fdc179cefceed7bb65
    SHA-256: ea0acc00eab7b3f39305a930095f721882749c4843095f33cece777849e712e1
    Size: 338.58 kB
  5. rubygem-mysql2-0.4.10-4.module+el8+1692+9fb95cc1.ML.1.src.rpm
    MD5: d43e704c1f77ca77ed6f96df40f9de58
    SHA-256: 93905d1a2d8166a6fb3e2ffae245325f69dcf45d5e0511f3a768c4e1a38b12d8
    Size: 108.28 kB
  6. rubygem-pg-1.0.0-3.module+el8+1692+9fb95cc1.src.rpm
    MD5: 50e39e736c873f292cecdd421c88ddd6
    SHA-256: 8746be45a1a48b06a8d0b5342b4e1dded1fcd2937246d827a5a1a74b9e9d2734
    Size: 218.84 kB
  7. ruby-2.5.9-111.module+el8+1692+d672d21d.ML.1.src.rpm
    MD5: 9433ba497b642cafe228d27cfbd27ee9
    SHA-256: 8b2a36d6ff109d073a762610b816030896b7d4ca4b235b5e980a09f51d7ef53c
    Size: 10.94 MB

Asianux Server 8 for x86_64
  1. ruby-2.5.9-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
    MD5: 20b7bd9a1636509ec29cbb9aed94d664
    SHA-256: 795f676bea68ad2b38fa1ed5905062b09fede88f15c5b5281f510a8f1f5762b7
    Size: 86.83 kB
  2. ruby-2.5.9-111.module+el8+1692+d672d21d.ML.1.i686.rpm
    MD5: 9fea522bccb7a68b3abd2c55c6f8e644
    SHA-256: 41517d1f48f81cbbf3683b12a3a311b378d7d245036f0437d47179ca973ceff9
    Size: 86.95 kB
  3. ruby-debugsource-2.5.9-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
    MD5: d737a2f550bbfd9e31233bf8bba9efda
    SHA-256: 2a574918abe86eb43f6e2bc9254224ede4a1e2f48e0f0311aa02925bc4c6b645
    Size: 3.68 MB
  4. ruby-debugsource-2.5.9-111.module+el8+1692+d672d21d.ML.1.i686.rpm
    MD5: f90e6f31c379f2c67358fb0eee71a0b7
    SHA-256: bc6a8015c4211d62e5d3b1dcb5b9d5a78348f5c5e8ae82045f90fcc1ca09158d
    Size: 3.68 MB
  5. ruby-devel-2.5.9-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
    MD5: 777bd8e79361caa8716c177f2e67b4cd
    SHA-256: 54fd7404e307275b0c4fd8914e3eb311262f799cb7c9288ca482be076a63b53b
    Size: 126.24 kB
  6. ruby-devel-2.5.9-111.module+el8+1692+d672d21d.ML.1.i686.rpm
    MD5: c2b18dced66d61839c239a85d15c6107
    SHA-256: 65c20cd7ba8b263a6ed31c52dbbd353727a1a3cce1c5bff1b2ee77b3b7e0b4d8
    Size: 126.26 kB
  7. ruby-doc-2.5.9-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
    MD5: dcaffc09d7c44e1cb1a102aee2a38176
    SHA-256: 843bf005b717a6de8e6eb0663e6962f28a4bafd7eefed2e695d338b134fdec1e
    Size: 5.33 MB
  8. rubygem-abrt-0.3.0-4.module+el8+1692+9fb95cc1.noarch.rpm
    MD5: 90c081cbce120f5d0197cfe27b75d331
    SHA-256: 9785cfdc44db3c4e5ca4938aa32dd61bbc2155635bf8de87f2447f5894df8414
    Size: 12.49 kB
  9. rubygem-abrt-doc-0.3.0-4.module+el8+1692+9fb95cc1.noarch.rpm
    MD5: dabb334810ee8d24afa0e6e6b3e05455
    SHA-256: 25e05fb1e209d240fa47f91a44043d5db059c629c864623062d4de4aa6eba03e
    Size: 198.15 kB
  10. rubygem-bigdecimal-1.3.4-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
    MD5: 1927ee307e34f106126a5c53ffd7995b
    SHA-256: 13ba5292adf74999e81698aa425fa3458c2303c0301d777f7ee6a7c6805fa7fd
    Size: 97.52 kB
  11. rubygem-bigdecimal-1.3.4-111.module+el8+1692+d672d21d.ML.1.i686.rpm
    MD5: f6be9246fd721563622362c878ee48ad
    SHA-256: 79fd0a6eecbbfd9881dffc9f0ecf6ff36db301969340f37cb7ae010d236e87f0
    Size: 100.33 kB
  12. rubygem-bson-4.3.0-2.module+el8+1692+9fb95cc1.x86_64.rpm
    MD5: c4eb41fb7e20de959938aa9220c5e967
    SHA-256: 33602d47d7f479b3a4d9f28259aa7e77cb30ff4233b14f375c8a8ba407cee8cb
    Size: 53.38 kB
  13. rubygem-bson-debugsource-4.3.0-2.module+el8+1692+9fb95cc1.x86_64.rpm
    MD5: bc710d459e5286487f218951655485e2
    SHA-256: cdb69cd1d7a4d08cb774deedd3a2fd63b96655a31340c713eac708cc11182f25
    Size: 19.73 kB
  14. rubygem-bson-doc-4.3.0-2.module+el8+1692+9fb95cc1.noarch.rpm
    MD5: fa5787de39cc3f080638788cb896cbc3
    SHA-256: aae2adbe09e8cdaa037faada9c4bae0955a2601a2d948401e0856072eb61b140
    Size: 373.82 kB
  15. rubygem-bundler-1.16.1-4.module+el8+1692+9fb95cc1.noarch.rpm
    MD5: 8cea781f1a2a6e4f90645ad45844b3e2
    SHA-256: a889f958a6f3a1ad0f4c375367fd18e8e45bcd9ac2d2f6597a959c923ded159b
    Size: 351.82 kB
  16. rubygem-bundler-doc-1.16.1-4.module+el8+1692+9fb95cc1.noarch.rpm
    MD5: 73f222f7e94fa9573af367221d42e94b
    SHA-256: 435837d0118c6ddeeeb259194ab9e1a35321646e4231dfc426ece43b231ae1f8
    Size: 1.23 MB
  17. rubygem-did_you_mean-1.2.0-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
    MD5: 2a0166826ea48874f81dffce175a8574
    SHA-256: 157af0715350904fc186b53102b7df4a16827e40929ad9cc2521f6952d110f09
    Size: 81.45 kB
  18. rubygem-io-console-0.4.6-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
    MD5: 383cf8c4dd5c96f688ef0d34b2e81eee
    SHA-256: 31126141c2fe4b78e769f9069784aa1f3df50471a9968a4b7c8814ff1a475575
    Size: 66.84 kB
  19. rubygem-io-console-0.4.6-111.module+el8+1692+d672d21d.ML.1.i686.rpm
    MD5: 927cf640ae1070aa3be79a247aac133c
    SHA-256: 6d6150555679449b6401b750acd153bd0a1c16f270b04578b1a5a63e27ad4016
    Size: 67.87 kB
  20. rubygem-json-2.1.0-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
    MD5: 5af891e22e2b426a4e01e0326c1e801a
    SHA-256: 9b14becf036f50c963722d50fe2f4535e4cd6057685f5f142a30c76ed47b5c55
    Size: 90.70 kB
  21. rubygem-json-2.1.0-111.module+el8+1692+d672d21d.ML.1.i686.rpm
    MD5: 9c9ef0db55d25d05cec376383b033a3d
    SHA-256: 97aafaacfb477d36fb985638b4e6edf5cec5e66d28d455acba4604a677449913
    Size: 92.12 kB
  22. rubygem-minitest-5.10.3-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
    MD5: 755ed81e868290563bcd7e63991d1260
    SHA-256: 7f4d5c3a4949e2b1b118916c485dd54c672a33bde09a05ed85b79cdb87251a02
    Size: 122.76 kB
  23. rubygem-mongo-2.5.1-2.module+el8+1692+9fb95cc1.noarch.rpm
    MD5: 12cc2d40382ce0eeecc6b520326a0327
    SHA-256: 850ec7eaf60f9284b2d0c7f9f4346bb7c688311feea59f2b047254539d1a2614
    Size: 184.40 kB
  24. rubygem-mongo-doc-2.5.1-2.module+el8+1692+9fb95cc1.noarch.rpm
    MD5: f5a7c5642a4d09b508928799bb688dcd
    SHA-256: 96978364c089741ab7841057e3052b32278694917ebc58303207f7554adf1c1a
    Size: 1.20 MB
  25. rubygem-mysql2-0.4.10-4.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
    MD5: 2fbc3db8c6cc5380156ac17d844f1728
    SHA-256: a4ae5ee8517931a951b3f4738adaf8ec8bdf5ac06a5674bcf6f9a228b2ba9b9c
    Size: 44.29 kB
  26. rubygem-mysql2-debugsource-0.4.10-4.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
    MD5: b50655858a4e632a909eda945107651f
    SHA-256: 6d5addfb0473749621a6927f984794d168cdb540de35e5fd88bc940a73b5dafd
    Size: 36.06 kB
  27. rubygem-mysql2-doc-0.4.10-4.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
    MD5: a1c86e7efcdf007a50dd588997f2d803
    SHA-256: 6aa1cab4557f5de7be8ba376c63ce3c62b945c416d3c69f73f65922bab6106d7
    Size: 275.39 kB
  28. rubygem-net-telnet-0.1.1-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
    MD5: 674a24e493f1715b30451b1fec43b899
    SHA-256: 3d7db67a726a74c64d738d4907977407d9ba226f84d29eb0d515ee45231c8bb8
    Size: 70.46 kB
  29. rubygem-openssl-2.1.2-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
    MD5: bb5a3c68bff58e885caff25322aa99bb
    SHA-256: 8835e794702bb8507f11a8e70f7f13c42e0b5b022aef7e413f3312a4a809ae16
    Size: 189.58 kB
  30. rubygem-openssl-2.1.2-111.module+el8+1692+d672d21d.ML.1.i686.rpm
    MD5: cb7772106e332503cc42e474df758ab1
    SHA-256: 391bc90ec831ed095fe22a899fa983c32be68fb88bf65c664dfee3a63f819608
    Size: 201.81 kB
  31. rubygem-pg-1.0.0-3.module+el8+1692+9fb95cc1.x86_64.rpm
    MD5: d982fbd38121f9ce4f8ea8faf789f862
    SHA-256: bd68405928017e51d3a95a01f42a5339dbe649e2f3ba4036915a0fa5fc253ac9
    Size: 86.20 kB
  32. rubygem-pg-debugsource-1.0.0-3.module+el8+1692+9fb95cc1.x86_64.rpm
    MD5: 8fbe5d137d1b16bb0191777c3a4460d8
    SHA-256: 54af2c6d62f5ee46b262d932e8cc72b09a69d4ac6eceefff633ad5bc36cb298c
    Size: 81.23 kB
  33. rubygem-pg-doc-1.0.0-3.module+el8+1692+9fb95cc1.noarch.rpm
    MD5: 56d98fa21293897180f36bcfbadafd00
    SHA-256: 2b325ad72eb01b508356823087c15ca2935f703df58d4db5120f338dd205050e
    Size: 522.80 kB
  34. rubygem-power_assert-1.1.1-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
    MD5: dcbc6e54650d3093a4a8b6b5688ec8fb
    SHA-256: 222848d9501472870fad7dad926cfc3c3f5c66e3a4aaf08c93865c9a3fdacfd3
    Size: 69.54 kB
  35. rubygem-psych-3.0.2-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
    MD5: 45d497a120583f6651569628c42f123a
    SHA-256: 213c6d40a8cc9ba618350a7a83c9c58886c29de8e6ada5464c3c8c158b348516
    Size: 95.23 kB
  36. rubygem-psych-3.0.2-111.module+el8+1692+d672d21d.ML.1.i686.rpm
    MD5: 23c5abe1d7d892217ec81f2fa66178cc
    SHA-256: bbc012d3e5b178edc4f413ecae994110492053503140f4bfc23d1148994b9eb8
    Size: 96.58 kB
  37. rubygem-rake-12.3.3-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
    MD5: c4abfe0c935610aaf6da71ef977ae8fe
    SHA-256: b8da0ebac2aef2ffa650391075094bc95ff7910cc7d4cc1a1dcb01389238b309
    Size: 141.56 kB
  38. rubygem-rdoc-6.0.1.1-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
    MD5: 2d8da59ce4be5280a8127167893e8515
    SHA-256: c4906e682c204159689fe9eae3895fc51199a0c035d7e8180ac9201354de1358
    Size: 455.97 kB
  39. rubygems-2.7.6.3-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
    MD5: 06f8f76a5dbd50c2e67a56f36bceb82c
    SHA-256: e40fc270b0d1cd8231d37b778b5d530dc917f9e212a0893836495e8e3b901020
    Size: 308.27 kB
  40. rubygems-devel-2.7.6.3-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
    MD5: 38da5f93085c108293c9ebc8951063d1
    SHA-256: f52a2991284c45f26a469dd1d9371809bbaeed19efca4cafe0d8b65ad559e81a
    Size: 60.35 kB
  41. rubygem-test-unit-3.2.7-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
    MD5: 805c69cf4ee5d98e6e82d5a852d569d5
    SHA-256: 4b9bdc0f2c7522fc4865e5aa0ecf8ee83cb4987d839b10a968c2671b7028f6e4
    Size: 182.35 kB
  42. rubygem-xmlrpc-0.3.0-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
    MD5: 7ebc3ed8de5a55685d50074e52ecc9ff
    SHA-256: 33d41b1760f9f5d823afbabddefe6b14fbe89c43162cb144c5c7b06f49386b83
    Size: 82.04 kB
  43. ruby-irb-2.5.9-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
    MD5: 63bff7970e86443999775600728295df
    SHA-256: 9e97039bb7729a4d05e846a3f89364d0f042b747170aa056190d624fe3b612ab
    Size: 102.32 kB
  44. ruby-libs-2.5.9-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
    MD5: c30f367cde4827680401b23216b5f5db
    SHA-256: 92dee43f082bff5cded55e558047a26f295f3a8787be88c80ea1d36232c6b0d6
    Size: 2.92 MB
  45. ruby-libs-2.5.9-111.module+el8+1692+d672d21d.ML.1.i686.rpm
    MD5: 5fe3423b1358a6da8a082faab499006e
    SHA-256: 8339b3703880c7bf3a7a6950442064a45069f806069b1ac628c93dc0532264cb
    Size: 3.03 MB