ruby:3.1 security, bug fix, and enhancement update

エラータID: AXSA:2024-7662:01

Release date: 
Monday, April 8, 2024 - 19:00
Subject: 
ruby:3.1 security, bug fix, and enhancement update
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby (3.1).

Security Fix(es):

* ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)
* ruby: ReDoS vulnerability in URI (CVE-2023-28755)
* ruby: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617)
* ruby: ReDoS vulnerability in Time (CVE-2023-28756)

Bug Fix(es):

* ruby/rubygem-irb: IRB has hard dependency on rubygem-rdoc (RHEL-29048)
* ruby: Ruby cannot read private key in FIPS mode on RHEL 9 (RHEL-12437)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-33621
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
CVE-2023-28755
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
CVE-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
CVE-2023-36617
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.

Modularity name: "ruby"
Stream name: "3.1"

Solution: 

Update packages.

CVEs: 
CVE-2021-33621
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
CVE-2023-28755
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
CVE-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
CVE-2023-36617
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.
Additional Info: 

N/A

Download: 

SRPMS
  1. rubygem-mysql2-0.5.4-1.module+el9+1031+a2878962.ML.1.src.rpm
    MD5: 91b43f30ea2f7b760261791cc2bee7a1
    SHA-256: a537c5eacd634b73a15fc1bf5e4b444e7b5eff16ce57ffd2f61b03376ab0f833
    Size: 113.20 kB
  2. rubygem-pg-1.3.5-1.module+el9+1031+a2878962.src.rpm
    MD5: 4975e49f46e98833184310b7f2e78456
    SHA-256: fe9b6212df81095dfb44ddf856a546001f2c1ff6012cb3405a06e83b32c8282b
    Size: 263.16 kB
  3. ruby-3.1.4-143.module+el9+1031+a2878962.src.rpm
    MD5: c78b8a7aa77331a47e002e15e81214b1
    SHA-256: 37a677b77c065ec19802b9c4855e6f06237a930582d3dff3c6a002ad831e1942
    Size: 14.70 MB

Asianux Server 9 for x86_64
  1. ruby-3.1.4-143.module+el9+1031+a2878962.i686.rpm
    MD5: 9a76cf4b4d0a6938b2cc426d10904cd2
    SHA-256: 33401860c87acf471a12b256662824e92bd2f715f6924fca9d16f1f0726eac0b
    Size: 37.93 kB
  2. ruby-3.1.4-143.module+el9+1031+a2878962.x86_64.rpm
    MD5: a82f81f3089eaf46c3b3120a3cfe4091
    SHA-256: 64f1a0f3549b7b3f2e70112f341bd910eddf910ac10a9941e3f7b2c2e08539f1
    Size: 37.81 kB
  3. ruby-bundled-gems-3.1.4-143.module+el9+1031+a2878962.i686.rpm
    MD5: 285605b5a050b960db8a5ab1240d6727
    SHA-256: d2f6283b9786415d123b76037945ef5d47bb10e15d6702cbff7c12970aa22d7b
    Size: 162.90 kB
  4. ruby-bundled-gems-3.1.4-143.module+el9+1031+a2878962.x86_64.rpm
    MD5: c90fae7ae53aa32a1d6d3378b4ec7974
    SHA-256: 66e31e4ec6666e65b351e040f553e4d960d8e24fe550c5f3e1ea9feb4d3410bd
    Size: 162.36 kB
  5. ruby-debugsource-3.1.4-143.module+el9+1031+a2878962.i686.rpm
    MD5: f61e03948bdae11b51d44cdd366f4036
    SHA-256: 6f2b498693cb174eac6b42e73b851b0f03523aba5123a06021f4fb26bbb98d5e
    Size: 3.52 MB
  6. ruby-debugsource-3.1.4-143.module+el9+1031+a2878962.x86_64.rpm
    MD5: 65a7aa20c5dd72f832b41e3a4d391894
    SHA-256: 6dcde4022bff1133960142cb95e3e1cd441e708d20065b8efaf70218da7601c8
    Size: 3.58 MB
  7. ruby-default-gems-3.1.4-143.module+el9+1031+a2878962.noarch.rpm
    MD5: 508e59099facfd1dec2433488b0ddd87
    SHA-256: 2369ea15c40ddb338eee5cfefceb5054c106742df958b5f8f52e61392ffcffd6
    Size: 27.16 kB
  8. ruby-devel-3.1.4-143.module+el9+1031+a2878962.i686.rpm
    MD5: 301863818daded945412d2f254c05423
    SHA-256: 6c3163b0d6fb376ed14a3c4cd395da4359a4d1a7457d4f70360864b8ed8b728d
    Size: 413.99 kB
  9. ruby-devel-3.1.4-143.module+el9+1031+a2878962.x86_64.rpm
    MD5: eb1f6b26337a7e013f4baff726982d55
    SHA-256: e5fb7252b67dbd76643c87445f97c49a1effbdce39173a2ae2b476cf02b32dd7
    Size: 414.00 kB
  10. ruby-doc-3.1.4-143.module+el9+1031+a2878962.noarch.rpm
    MD5: b7fada2676b359b84e7292b87d5dc3d8
    SHA-256: b11f7e45d47953ed7ad2b3b83db2bab6e2599a1e63ddc0c5c7af622cc20ff38b
    Size: 4.99 MB
  11. rubygem-bigdecimal-3.1.1-143.module+el9+1031+a2878962.i686.rpm
    MD5: d1d87beecaa7f897ac4fc38c01f807c3
    SHA-256: f685d9f027dff5de77cf4ddd6272521218c53b72b8c58e9272dbbe83007ab9be
    Size: 69.94 kB
  12. rubygem-bigdecimal-3.1.1-143.module+el9+1031+a2878962.x86_64.rpm
    MD5: ab81ae6c6a4107d8275d52b59a6c0d9b
    SHA-256: 0cda6ac4aa0bd6f8372b66ae3e8edce2d984617d38777e8e072771de33693c21
    Size: 65.53 kB
  13. rubygem-bundler-2.3.26-143.module+el9+1031+a2878962.noarch.rpm
    MD5: 461b8cc805319f72df649932db576a7a
    SHA-256: 6db90ac8cddfad5644e0dd7ec1f96a5ce0af718835427492744cb39f265932ce
    Size: 376.87 kB
  14. rubygem-io-console-0.5.11-143.module+el9+1031+a2878962.i686.rpm
    MD5: b9de08fb63c7b3024efe5ead5dff978f
    SHA-256: 469f1002462cb6004e72d077eead2c6d9cbb8f2ea29683be3738de2c8af932b0
    Size: 23.49 kB
  15. rubygem-io-console-0.5.11-143.module+el9+1031+a2878962.x86_64.rpm
    MD5: 1b314a3e9b6d388df60e60621ca6c1c2
    SHA-256: 850a642becc1aa05b20797f67f004c4e87daa81feb12394f2d4d0851bd449bdb
    Size: 21.66 kB
  16. rubygem-irb-1.4.1-143.module+el9+1031+a2878962.noarch.rpm
    MD5: c95b0d2eef4bdaa6a3c34702681a0514
    SHA-256: d774145c918b84edfc0b1e233cdbad40f0e7051b7a554bcf50843620e593f5a0
    Size: 66.28 kB
  17. rubygem-json-2.6.1-143.module+el9+1031+a2878962.i686.rpm
    MD5: 5b8bd0182c02de8b58c90b47eb9d600e
    SHA-256: d2c566feed46d86c31d82351fc3ee11681bd32189d97031a2ff3be5420483bf4
    Size: 51.88 kB
  18. rubygem-json-2.6.1-143.module+el9+1031+a2878962.x86_64.rpm
    MD5: 352bff8e7ba4592a6ecd64161bd625c0
    SHA-256: e1915651cb7d3fe552f5cfd75e0ee387a3dbfa04adb28376562379b83265c785
    Size: 50.13 kB
  19. rubygem-minitest-5.15.0-143.module+el9+1031+a2878962.noarch.rpm
    MD5: 39d1fd07fc70908098c4c7ed310d6c39
    SHA-256: 93cd7be4fd8a8f758f961d688b2cf771c7c3de4a05f46fec5f36adc6cd614dd5
    Size: 79.00 kB
  20. rubygem-mysql2-0.5.4-1.module+el9+1031+a2878962.ML.1.x86_64.rpm
    MD5: df65c1d5aa6e0054b4b0e2937b5527a5
    SHA-256: eb21c3a8eee190c0d1cedcbc7c7d39da05f3ae0436bd68ad3dbf2b62e3f761f5
    Size: 47.24 kB
  21. rubygem-mysql2-debugsource-0.5.4-1.module+el9+1031+a2878962.ML.1.x86_64.rpm
    MD5: c04f0cc71e294dc384b249043da987a0
    SHA-256: 20917f9d70bdb474074305ad1baeef9c94a6ca67638a773b6e094ce0a7b8a382
    Size: 34.90 kB
  22. rubygem-mysql2-doc-0.5.4-1.module+el9+1031+a2878962.ML.1.noarch.rpm
    MD5: aec24740a7f528b650d3bc24aec1cc84
    SHA-256: 8355c19b552d8ae9054e42f31aabefbd5644c229fd1b5610cb39018ad0be2f00
    Size: 311.97 kB
  23. rubygem-pg-1.3.5-1.module+el9+1031+a2878962.x86_64.rpm
    MD5: 8ffb6dcd7fe654caefc6a15a3288c621
    SHA-256: 39f5fff46cdfa9c2e6470bf50b56d43a0ec5e911673aeabd635dd33c73cff364
    Size: 110.56 kB
  24. rubygem-pg-debugsource-1.3.5-1.module+el9+1031+a2878962.x86_64.rpm
    MD5: a2368c904c246a920f767d35e557cbbd
    SHA-256: 9ce7bead4b8f8fe0adad38ffba9d9245de37b62e473a12ca4aa1bfcfc751051c
    Size: 90.87 kB
  25. rubygem-pg-doc-1.3.5-1.module+el9+1031+a2878962.noarch.rpm
    MD5: 149f00eee4650ab1ef21d2c8ec730cd7
    SHA-256: 0fc655c6758223c907978b70d4af3f28ea8c102fff7c04854b3f2db854a84e02
    Size: 557.00 kB
  26. rubygem-power_assert-2.0.1-143.module+el9+1031+a2878962.noarch.rpm
    MD5: 63c612b14ffd5bcf4544972e6f334a5d
    SHA-256: 44efb429bc29c4a4cb19bffaeddd9b34c0dc254f46560b8e95d15c78b8e59995
    Size: 19.51 kB
  27. rubygem-psych-4.0.4-143.module+el9+1031+a2878962.i686.rpm
    MD5: efaa2e27afea91a235c386f44eb94939
    SHA-256: c14653163fb794386862031b64a690d51bb7a4867780b4184301704b17b8c9cc
    Size: 48.89 kB
  28. rubygem-psych-4.0.4-143.module+el9+1031+a2878962.x86_64.rpm
    MD5: a6d5eeba11cba83094f8d05eb61f59b0
    SHA-256: 9ea63185a0fc8d566448d5ae06d0465bc782a64d317ba0d73d9e0f754848c34a
    Size: 47.67 kB
  29. rubygem-rake-13.0.6-143.module+el9+1031+a2878962.noarch.rpm
    MD5: c17fc9ca856394c4130303e614c51d48
    SHA-256: 71ae621eeb79104618e51da25a1d25198389d231dd66afc0732e2b0c9aa58352
    Size: 84.90 kB
  30. rubygem-rbs-2.7.0-143.module+el9+1031+a2878962.i686.rpm
    MD5: 1eb9956120549fa9c1fb3969b611d8cf
    SHA-256: f19c765fc56ea0c9a94d95a7895580872c60e80e61069b7769c4ebc8a6cc1264
    Size: 775.59 kB
  31. rubygem-rbs-2.7.0-143.module+el9+1031+a2878962.x86_64.rpm
    MD5: d1a48fe68ebe769e93450a1ff66ff192
    SHA-256: 9e1e500b22b1fabcd13a2dbffafa2d5b2698dab5ae5f90661a44c4d565f2179f
    Size: 771.50 kB
  32. rubygem-rdoc-6.4.0-143.module+el9+1031+a2878962.noarch.rpm
    MD5: 236da26f36a28032556a2417cea5f885
    SHA-256: 2e44f3397bf778bebd062981bcffc2241efe8f9a5e33c8c4d65cb68a2e99c376
    Size: 458.06 kB
  33. rubygem-rexml-3.2.5-143.module+el9+1031+a2878962.noarch.rpm
    MD5: 58afdc5a8489839a79e36ab7b087d491
    SHA-256: 7099b51054adaeee053216edaa3dcb287f6582db25367df756e39278c260b4dc
    Size: 91.51 kB
  34. rubygem-rss-0.2.9-143.module+el9+1031+a2878962.noarch.rpm
    MD5: 0cefbead185e109939f849f1ea8cf21a
    SHA-256: ef12667970d990b510c1a9b769a070e1d41c46ead23968c2e896936802c1c983
    Size: 99.29 kB
  35. rubygems-3.3.26-143.module+el9+1031+a2878962.noarch.rpm
    MD5: 59d31f477b578cd44fbac0787e08fd21
    SHA-256: 6bc13889049615ad4f589d9d90f67f8c61440a1d84ea418d218c347d78f4dc1d
    Size: 249.14 kB
  36. rubygems-devel-3.3.26-143.module+el9+1031+a2878962.noarch.rpm
    MD5: 4c33809fe4207ef3127ae07474ab6eb0
    SHA-256: bc86771d911cc31c67a859ffa218b13fec32b1cb4a1b7d8ac0e3bb463e7afcec
    Size: 11.34 kB
  37. rubygem-test-unit-3.5.3-143.module+el9+1031+a2878962.noarch.rpm
    MD5: 7f030608a5cb75a8010568d5e3f53946
    SHA-256: 7384b86ff807784dd607165764cba0b594e7d881e186d077b2c5c24f7d4bd7f0
    Size: 91.25 kB
  38. rubygem-typeprof-0.21.3-143.module+el9+1031+a2878962.noarch.rpm
    MD5: 91ed38c3c9b21cbe68e4f85a01491c22
    SHA-256: 0016682ef8c33b1d14c75c2007b4d94acf9e848a011f93bb036231a84f9b3568
    Size: 69.60 kB
  39. ruby-libs-3.1.4-143.module+el9+1031+a2878962.i686.rpm
    MD5: 574832f87bdbda629e32c3356095a823
    SHA-256: 1e8b48a03e110ca2e895baf4c04fc9d68ed36ba9a4dcf26100a4f048afff0319
    Size: 3.26 MB
  40. ruby-libs-3.1.4-143.module+el9+1031+a2878962.x86_64.rpm
    MD5: bef1753a7f451e8a806ede02ce4f5e0d
    SHA-256: 9c6134fd8e64d71071a7cf734c5f028f01b4502419d9fcbe7ba3cfdcb1870831
    Size: 3.22 MB