ruby:3.1 security, bug fix, and enhancement update

エラータID: AXSA:2024-7629:01

Release date:

Monday, March 25, 2024 - 19:22

Subject:

Affected Channels:

Asianux Server 8 for x86_64

Severity:

Moderate

Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby (3.1).

Security Fix(es):

* ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)
* ruby: ReDoS vulnerability in URI (CVE-2023-28755)
* ruby: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617)
* ruby: ReDoS vulnerability in Time (CVE-2023-28756)

Bug Fix(es):

* ruby/rubygem-irb: IRB has hard dependency on rubygem-rdoc

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-33621
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
CVE-2023-28755
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
CVE-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
CVE-2023-36617
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.

Modularity name: "ruby"
Stream name: "3.1"

Solution:

Update packages.

CVEs:

CVE-2023-28755
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

CVE-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

CVE-2023-36617
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.

Additional Info:

N/A

Download:

SRPMS

rubygem-abrt-0.4.0-1.module+el8+1734+c36bf0ef.src.rpm
MD5: bc7603859ec9627e078bef7f9c8eb1fc
SHA-256: 34477f816fcdc6421c9cc03718535fc959a2455c6ecaedfaa84afd4a1fe02ec7
Size: 16.60 kB
rubygem-mysql2-0.5.3-3.module+el8+1734+c36bf0ef.src.rpm
MD5: a70c91cc494cf1771a18c792f9361d68
SHA-256: 04a9e531c3b0f65d06ac785fdc091dfc66aa4e14fdcb4be5e90fb72770b2b219
Size: 112.27 kB
rubygem-pg-1.3.2-1.module+el8+1734+c36bf0ef.src.rpm
MD5: 5adc107eae074d35a647f787528eb83d
SHA-256: a076f6e69b760dee59e1a63702f0ced7889ae9a9ba3a86e5a1eff597a4528129
Size: 263.15 kB
ruby-3.1.4-142.module+el8+1734+c36bf0ef.src.rpm
MD5: 2ae5869a9ec58f11fa44c28fd6388c29
SHA-256: 0e1d67f49e3a0618ccf7413851604fee17301046531e16b569d48a34b77d6a06
Size: 14.74 MB

Asianux Server 8 for x86_64

ruby-3.1.4-142.module+el8+1734+c36bf0ef.i686.rpm
MD5: 48647c6934b137c5e7ada0361dc70f53
SHA-256: b10801c02cebdec68342e39b5839c8dce91743353f1909cdc201fd1e7b70d2ed
Size: 88.68 kB
ruby-3.1.4-142.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: 1349cb2cfbcf6f2a4450016488d2b22c
SHA-256: 298c3ccf35335c82e07936bdfd61c842358c742392c68ce086ef8b665691c98a
Size: 88.60 kB
ruby-bundled-gems-3.1.4-142.module+el8+1734+c36bf0ef.i686.rpm
MD5: 1ac3660abf75920def461f40d6044d74
SHA-256: 255c6d23e6bcc7a7a0fe33d0f6bd39141b1cbcac463aa463a53246fdcbf65c84
Size: 223.71 kB
ruby-bundled-gems-3.1.4-142.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: 310cbdc97e534074d30eb01ebe81e1c4
SHA-256: 42767e25b92aaed2e6808ef8248d91698b88f31b6d92f7536f6eeb40d4a14462
Size: 223.28 kB
ruby-debugsource-3.1.4-142.module+el8+1734+c36bf0ef.i686.rpm
MD5: 6a0735832906180c391837863605161b
SHA-256: 7baa0150901867e269bce919f72959aa45fd9ded3e2575a7ec115ff0f6383cfc
Size: 4.40 MB
ruby-debugsource-3.1.4-142.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: 4a85434189406e240af5df98370b0fed
SHA-256: a7a8bcd2297a038f18c4c8933841749728f9c277036a63e067bbdc5c29a94ce1
Size: 4.47 MB
ruby-default-gems-3.1.4-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: 04789c82b132724d49505ad2e294a8fb
SHA-256: cef17c9bf0f333d35713a90d5a1297acf321d4ac96de903c5c5d40ae3a48cf2a
Size: 78.08 kB
ruby-devel-3.1.4-142.module+el8+1734+c36bf0ef.i686.rpm
MD5: 986a557445396ec19a6d29d7664c019e
SHA-256: 0e015b04c72c58b7109dd07b241575ed6a9c82b52cff9dfa556adea4e565e6c3
Size: 511.30 kB
ruby-devel-3.1.4-142.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: a69a5e0564829f4f302070f7aee8fc60
SHA-256: 44a59c4272d1c285dc23aa3dda5c14ff09434127b0b71ffd2308dc125046bc5e
Size: 511.27 kB
ruby-doc-3.1.4-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: 1a850b4302b36f839430fd12276c072d
SHA-256: 93b4ba4ba89818d7aeab073ebb539ce6dc59cb86ec792bae47147eb7754a9b46
Size: 5.57 MB
rubygem-abrt-0.4.0-1.module+el8+1734+c36bf0ef.noarch.rpm
MD5: 8954ba296e6c7c7f15b45e58570b81ad
SHA-256: d9bb2d1c3e5d1c87294bd5a1b0b22c6f9518b927a5220c1ee36ffa702d53e040
Size: 12.54 kB
rubygem-abrt-doc-0.4.0-1.module+el8+1734+c36bf0ef.noarch.rpm
MD5: 8d083093dce3f315a59ff3ef8453e604
SHA-256: 40b70de7e097760f62e3d932073c1f0ec783ba119bcd488946e7a518bc6657b3
Size: 256.33 kB
rubygem-bigdecimal-3.1.1-142.module+el8+1734+c36bf0ef.i686.rpm
MD5: 807c86f874d356084848f2bd80a63448
SHA-256: 0e01a291689b45877d0575ce2243d2166275b757d7405598f4a85a8b97466749
Size: 117.49 kB
rubygem-bigdecimal-3.1.1-142.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: 068f00184d1e71125b6f96c22fd44664
SHA-256: 1b7d7b8798ac2921a8b5ae45299c43ac6a25d08aa51bed737bc8217aefb7b37d
Size: 113.52 kB
rubygem-bundler-2.3.26-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: 201945ce363e21a0dd7e84c3308c3e45
SHA-256: d6a075c810900072204c1ef2fb587530f3a357bc33ec6f05c02512e0fda95e07
Size: 457.54 kB
rubygem-io-console-0.5.11-142.module+el8+1734+c36bf0ef.i686.rpm
MD5: 964f2c551484904a39ca686401f8b03e
SHA-256: 44d5db3622da4c24ca6a92b67990df1cd5c6c90372e1f0c7cb695fb8bcb41e47
Size: 73.35 kB
rubygem-io-console-0.5.11-142.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: 1e58ea43f632f3f47d0251897c05e1ef
SHA-256: b6cf1aa2b91269c8c10e40c9685b68732e7c58a319c614c76230cce803243235
Size: 71.74 kB
rubygem-irb-1.4.1-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: 451c8e48c27e545fe77432de1b1b76c4
SHA-256: 9624193934f12dc2203d5e7e532b6e1b158c052ac5986455f032f78f19a487b5
Size: 126.28 kB
rubygem-json-2.6.1-142.module+el8+1734+c36bf0ef.i686.rpm
MD5: 4ae75e663a6731f088df89744fbd6138
SHA-256: 541e5731621fa91f3fb628f589abeb7a8f30052068d756895dd5e1356ea0f653
Size: 100.35 kB
rubygem-json-2.6.1-142.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: da45a25cc893382682960cebbc06d7bc
SHA-256: 0572a3388f9843f05830929afc3d4d0194a8aab1ebc8c6f9d9d19a86bc7b7883
Size: 99.37 kB
rubygem-minitest-5.15.0-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: abd03eb977c91f37a656c5b1440cfcd5
SHA-256: 955ad1d50e96826db5d75907b90ed30175ef16d6bdbc83adfc2dfb3f092ff582
Size: 133.35 kB
rubygem-mysql2-0.5.3-3.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: f573f745baa5c4847acf06a1163a7f56
SHA-256: d8fec07e82cc765dc92bebbf23b8689a16f7792343ef9e4f135803c87cc5651a
Size: 45.10 kB
rubygem-mysql2-debugsource-0.5.3-3.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: 14448c627a7202335d752ef8bcc6847a
SHA-256: 6cba3cce933d47f4d4a8dd2cb45db86151589e3fe64dff99ca29fef0e75bbb2b
Size: 37.12 kB
rubygem-mysql2-doc-0.5.3-3.module+el8+1734+c36bf0ef.noarch.rpm
MD5: 2b05bb34aa1c7b093c851690b378d4a3
SHA-256: ea9410de8a1472e38ef4ba270db02fe39d70263325da685ef4bead46470c1d45
Size: 305.57 kB
rubygem-pg-1.3.2-1.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: 837204a90ddab78a328f45b4d4543b94
SHA-256: 520663a051d3ce25919e5d5381ea5224c243e78e795d25af2784078117c37c6d
Size: 109.69 kB
rubygem-pg-debugsource-1.3.2-1.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: 6701d13afdaa451913d6dd5b81728e72
SHA-256: 4372f56442dfeda9c982130878df5e8de02cc6589ad2386c8c2668ace5612108
Size: 100.07 kB
rubygem-pg-doc-1.3.2-1.module+el8+1734+c36bf0ef.noarch.rpm
MD5: 914a24552344b64f87e5a6a0e63a60c6
SHA-256: 5dc83c10765b3771a0a8fd528cee521302a84f6444033d7f818c19c9484e84b0
Size: 570.65 kB
rubygem-power_assert-2.0.1-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: b022594039433cc9f1600fa639cd7370
SHA-256: bd5fc571d54539bcbedd1eea9a551b5d9aebe9c6793cdb05fc25bde65d449163
Size: 70.21 kB
rubygem-psych-4.0.4-142.module+el8+1734+c36bf0ef.i686.rpm
MD5: 0fe7d6d4f94ea680d301ce0f5060b4c7
SHA-256: 2f7d46f03473ad28cc67e1b540beedd7061cacf0a77395d695e5e16c862db06c
Size: 100.13 kB
rubygem-psych-4.0.4-142.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: f44f7b1d389b5622c49a450f81101d09
SHA-256: 2df781687c9b1d5c9da67025202b6a66bdcc0263041cb71ccb52876bce5a299c
Size: 98.83 kB
rubygem-rake-13.0.6-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: 430b55d06a846a460a0b2b459630c142
SHA-256: 025b3f6e6adff7ed6dc9af4208d12066e9bcc19de86458d87c1f6285d2d6a943
Size: 139.33 kB
rubygem-rbs-2.7.0-142.module+el8+1734+c36bf0ef.i686.rpm
MD5: 3790a26d4c9dd3116d9e9271f5e9b707
SHA-256: 9d6b7715f14eefd312613e11c0b379c15eca3c5c85dbf56d51af326c62fbebeb
Size: 909.38 kB
rubygem-rbs-2.7.0-142.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: 957bbe1030e8e2bb33c5e89b7fbc933b
SHA-256: e2e94d79f1130436d39cd687837c6eaa07d08e3b242fc039f1f640af03e13f11
Size: 905.31 kB
rubygem-rdoc-6.4.0-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: 42f20d129a35fbf357a8dcec7c58a323
SHA-256: b1883b69dbeb705b7778c703a8af5e7d0f3d0149b1919eae9c2d2599cee4a967
Size: 517.47 kB
rubygem-rexml-3.2.5-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: f9806adf6d44b6bc9b6c4e2a4dda281f
SHA-256: b20ebddb0309192926e377aed01ee5cedb063e286c7d0e0b65f259510a18d9e6
Size: 148.33 kB
rubygem-rss-0.2.9-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: 1b62b4678523ea0c3b6c234e412ce35a
SHA-256: c0b7a7dee310c412526cd3401a42ab4bd7fa6dc873310ee382b894377fdc5756
Size: 159.58 kB
rubygems-3.3.26-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: a99ebc233b93fcaef4cd5deb0f02d352
SHA-256: 927ae7455569eaaf3b95761f1fc7847cc28862edefef5236c7eb3f2b117b753d
Size: 323.10 kB
rubygems-devel-3.3.26-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: e50c6bc88358508b3981263dabfa4648
SHA-256: 749b4eae96ba4d91dc88e4572148146338d04ce9519066d3e1cc98bedb563b57
Size: 61.90 kB
rubygem-test-unit-3.5.3-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: 07338ddbdd3f3170f038198133846346
SHA-256: a090d16dc70a1a547d411503a89ca7fad50c16fed84e16c79886d11ad799faee
Size: 146.71 kB
rubygem-typeprof-0.21.3-142.module+el8+1734+c36bf0ef.noarch.rpm
MD5: e12bb63355cad9b32112e95f1be4bad3
SHA-256: bc679baed6dbf899d408c7aa309983616790eae25fbb6ee37ae0bd64ce7bf88a
Size: 125.76 kB
ruby-libs-3.1.4-142.module+el8+1734+c36bf0ef.i686.rpm
MD5: 9cd12c9e655246ffb4f1836ab77de0ef
SHA-256: 84dd2b42280c61ba57e0dee3cae1d34bb49f317ce79a85719699d2d567a4e06f
Size: 3.35 MB
ruby-libs-3.1.4-142.module+el8+1734+c36bf0ef.x86_64.rpm
MD5: cb5b7c7e251637a83c49fd873e717b64
SHA-256: c0bffbcd2ab7fc09c01547967d9c81d7b8c2e4a08bead7d8c5a0f2e883c1e227
Size: 3.27 MB

日本語

Main menu

You are here

ruby:3.1 security, bug fix, and enhancement update