ruby:2.7 security, bug fix, and enhancement update
エラータID: AXSA:2022-3845:01
リリース日:
2022/09/15 Thursday - 06:50
題名:
ruby:2.7 security, bug fix, and enhancement update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- ruby には、date gem の Date.parse に、長い文字列を
経由して正規表現によるサービス拒否が可能になる脆弱性が
あります。(CVE-2021-41817)
- ruby には、CGI::Cookie.parse がクッキー名の接頭辞を
誤処理する脆弱性があります。(CVE-2021-41819)
- ruby の Kernel#Float メソッドと String#to_f メソッドには、
バッファオーバーリードの問題があるため、String 型から
Float 側への変換を介 してクラッシュによるサービス拒否攻撃
などを可能とする脆弱性が存在し ます。(CVE-2022-28739)
Modularity name: ruby
Stream name: 2.7
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
CVE-2021-41819
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2022-28739
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
追加情報:
N/A
ダウンロード:
SRPMS
- rubygem-abrt-0.4.0-1.module+el8+1523+b0848be9.src.rpm
MD5: 64f074a05411393211917dda971ad293
SHA-256: efb0bb70145a63eb0ee3d899ae73cd24cfadba2e8d7351c7e5ae14f3773b70cc
Size: 16.60 kB - rubygem-bson-4.8.1-1.module+el8+1523+b0848be9.src.rpm
MD5: 85ea3c64d6c55a7ab2f6e87b9fc40980
SHA-256: 7663391e97661047a64ba54a90400f6ea9444ffb2af5adc891f9eb9251afc35a
Size: 130.25 kB - rubygem-mongo-2.11.3-1.module+el8+1523+b0848be9.src.rpm
MD5: d53f0818101de2f76ab11e90590be682
SHA-256: 90c3c0f24e1481b5e5043a77e4932f68ed17f47c0c379652748d0d88e078b47e
Size: 648.32 kB - rubygem-mysql2-0.5.3-1.module+el8+1523+b0848be9.src.rpm
MD5: bb8085b8e96ecc82399ba053e1b8184a
SHA-256: 7b8fe781c593cb3f80bfc0be4d2c13e7e9ffbb97e3a71ba66678d7dfdea10c39
Size: 109.12 kB - rubygem-pg-1.2.3-1.module+el8+1523+b0848be9.src.rpm
MD5: 538b975fa8d2ed2ff87f62b2b5b782e1
SHA-256: 4dbdce51a7ace5dbb291f706826eff669934793f55d68a41f7c8907a1c7843dd
Size: 201.27 kB - ruby-2.7.6-138.module+el8+1523+b0848be9.ML.1.src.rpm
MD5: 3069ae6ce99550c36c73d30636ff71c7
SHA-256: bece3b6fd82c2cf78ee4db7cc7b73e8a4f3012d9a85c5b614cfba0b266577f5a
Size: 40.08 MB
Asianux Server 8 for x86_64
- rubygem-abrt-0.4.0-1.module+el8+1523+b0848be9.noarch.rpm
MD5: 4271cdc553160a7c41db69061f14b741
SHA-256: 02a79b5100e77bb1c806aac9acd6e04865bfdbdb74b156cb3d8fda7b17931df3
Size: 12.54 kB - rubygem-abrt-doc-0.4.0-1.module+el8+1523+b0848be9.noarch.rpm
MD5: 9562f3b8039ede6795ec3187382829e7
SHA-256: 0eeefce23eefbfd1ff4d011a0ddb379b1563adf7b1ac1c6cc4dd47dcfef79845
Size: 198.13 kB - rubygem-bson-4.8.1-1.module+el8+1523+b0848be9.x86_64.rpm
MD5: 5acc21f191da0343653f81b37d9bd650
SHA-256: 06406b3cac7cc162ced619f5abb3e5f3c11eac3b2b62cdf0a57769e83c8b2de4
Size: 66.18 kB - rubygem-bson-debugsource-4.8.1-1.module+el8+1523+b0848be9.x86_64.rpm
MD5: 82dc94fd1b2aad8362e18af69380f218
SHA-256: 16e8555892d394decc767d3cc95890ad20a0dcca63ca2abc8395e80a3cab2acc
Size: 24.86 kB - rubygem-bson-doc-4.8.1-1.module+el8+1523+b0848be9.noarch.rpm
MD5: 2dba0103b69632fccea3ae7e9cf2c741
SHA-256: db31dfc35426297d505ae2dead90af593f3648ea7225df0bcd7bbdc052d8095c
Size: 421.53 kB - rubygem-mongo-2.11.3-1.module+el8+1523+b0848be9.noarch.rpm
MD5: c17bf1e1f4750ab881340758303fdf3f
SHA-256: 106dc0d70568afb103319af9d6a1fe17865d693759eac2cf76dfa7cd2b4e1220
Size: 296.84 kB - rubygem-mongo-doc-2.11.3-1.module+el8+1523+b0848be9.noarch.rpm
MD5: 40a398e757aaed23cf125ca46837e801
SHA-256: 74ca581597bb0afb84b877450633671fbde0791ad7f9aec60ac83d93fc4b5a99
Size: 1.65 MB - rubygem-mysql2-0.5.3-1.module+el8+1523+b0848be9.x86_64.rpm
MD5: 72585462738fe680d6bf868b6d43f5ae
SHA-256: 2be8bd04cd615517ab9c4dcd848e9a91c523d51cf519ae99200530afd8f8e700
Size: 46.54 kB - rubygem-mysql2-debugsource-0.5.3-1.module+el8+1523+b0848be9.x86_64.rpm
MD5: a66b3033f186b348ba6dfddff0bcb2c5
SHA-256: 25d8266fcb96bfd0f338f6a238f780ecf3d09c82d03e2edb7b3582fc18fc4e2c
Size: 36.70 kB - rubygem-mysql2-doc-0.5.3-1.module+el8+1523+b0848be9.noarch.rpm
MD5: faee5a1e48d0a6184fe506b995db4b1e
SHA-256: 417d1e8570901a33d3275824478cd76eacd0b69e8597aaad42abf8414675eb88
Size: 247.16 kB - rubygem-pg-1.2.3-1.module+el8+1523+b0848be9.x86_64.rpm
MD5: 25a83734d0d52ddee15e8e7fe7b592c2
SHA-256: f2eb50114ddcbaa83cc8ffd1bbd01cfabf4f33c9c8114af0ce9b4ccfd3444619
Size: 99.85 kB - rubygem-pg-debugsource-1.2.3-1.module+el8+1523+b0848be9.x86_64.rpm
MD5: aa59d688e4c1bd5f26cbed608e60b380
SHA-256: 522d823f253813b4dd84cc9b698372c4e8b1fc9eff7fae4ba509bc2aca23a18b
Size: 98.09 kB - rubygem-pg-doc-1.2.3-1.module+el8+1523+b0848be9.noarch.rpm
MD5: 54c1b4a3b82d0bcc40a747d1234ebc81
SHA-256: c65d0a1f277ba76ed18596e334500ac2030fa2e86e19f3bd86873abfc8fc4948
Size: 525.95 kB - ruby-2.7.6-138.module+el8+1523+b0848be9.ML.1.x86_64.rpm
MD5: 2d581e67782638218eb5f740881c82df
SHA-256: 51c5c2254a780df642bd8743a19ed70da45be7d52688a19db039d9fa29679126
Size: 88.06 kB - ruby-debugsource-2.7.6-138.module+el8+1523+b0848be9.ML.1.x86_64.rpm
MD5: 84e188cd19f4fb58852b7f4a38567184
SHA-256: 843c65f312a9cfb01c886bf056cb9634d2cabeaf4e49e14fcc4ef7c62b5db84d
Size: 3.93 MB - ruby-default-gems-2.7.6-138.module+el8+1523+b0848be9.ML.1.noarch.rpm
MD5: 9685d0cd1b15de02b237ded9515afef1
SHA-256: 972eb6e46f63d4a49cf58b1f297d60efd3ab910078e9dbc415f58010a2797da1
Size: 72.85 kB - ruby-devel-2.7.6-138.module+el8+1523+b0848be9.ML.1.x86_64.rpm
MD5: 5ccfa2f15407339c6e3b872a7be3e6a6
SHA-256: 2c252d133a71216b2cd764559f4249856a242d891036f949610b460bd943ff30
Size: 261.40 kB - ruby-doc-2.7.6-138.module+el8+1523+b0848be9.ML.1.noarch.rpm
MD5: 2529a2ef89fac7074ddd286588e01977
SHA-256: 75721b9ad1c12bd911ac3ce0cf6069689b04bb01f4db43b2cee90b632f4419d4
Size: 6.45 MB - rubygem-bigdecimal-2.0.0-138.module+el8+1523+b0848be9.ML.1.x86_64.rpm
MD5: 2a3054d01578bd0c15e454527e5fffdd
SHA-256: 936c459694f2e3852b000570758f5a33be10380b4d8c441b4874a5c68166afac
Size: 100.11 kB - rubygem-bundler-2.2.24-138.module+el8+1523+b0848be9.ML.1.noarch.rpm
MD5: aa6fb3841d8b879455176e7c6419b8dc
SHA-256: ba452a7077b854b700b987718847f64acb044b5afd71553901bd1663d0bc6e45
Size: 443.73 kB - rubygem-io-console-0.5.6-138.module+el8+1523+b0848be9.ML.1.x86_64.rpm
MD5: 74f8bf58e6b947f77c73c62fcfbeefa4
SHA-256: 5835e4d8ed0035bb6c603b6c0467b390af120e76d617a1aed1057b4bd875eae1
Size: 70.75 kB - rubygem-irb-1.2.6-138.module+el8+1523+b0848be9.ML.1.noarch.rpm
MD5: a106710929174816e1d271d50be21350
SHA-256: 9281797974e0d76c069bd8f5b57e18016855cc23f603eb490d42aa69961b20f4
Size: 115.54 kB - rubygem-json-2.3.0-138.module+el8+1523+b0848be9.ML.1.x86_64.rpm
MD5: e9d31d8f9b302a9d0847bbe2f72e5952
SHA-256: e9caaeb4f6b61c66024a9bf94951dcdb58122c0802b2bcd5d840f4ea5ab7d042
Size: 92.31 kB - rubygem-minitest-5.13.0-138.module+el8+1523+b0848be9.ML.1.noarch.rpm
MD5: 5485b2e80e3d9f5b708adfe3241abc89
SHA-256: 9a1ef83038e60569dfba1308db5f5aefee4488797292b8fed0f6b36bf8b51bef
Size: 129.72 kB - rubygem-net-telnet-0.2.0-138.module+el8+1523+b0848be9.ML.1.noarch.rpm
MD5: b9bd7a481a80cd67e7e6d6d57f39a3a3
SHA-256: c929c52d26b3f426ce9d36794751d6704c7af9c219645e1a4c9494d9b7f658cc
Size: 71.01 kB - rubygem-openssl-2.1.3-138.module+el8+1523+b0848be9.ML.1.x86_64.rpm
MD5: 2d9e4705d6f0910eaafd8cc4ec1d93aa
SHA-256: 9edac4a96c4dc7daf60260e2d10fe50bf65e2fd2a0d39443929ec2e985ad9748
Size: 196.93 kB - rubygem-power_assert-1.1.7-138.module+el8+1523+b0848be9.ML.1.noarch.rpm
MD5: 585dff2721b6b2a582774af5be37a890
SHA-256: e907b7c4e7156a5ee304cdb4cdc35159bf6b76333f39c0b63128e04600636865
Size: 70.37 kB - rubygem-psych-3.1.0-138.module+el8+1523+b0848be9.ML.1.x86_64.rpm
MD5: 61738441d5ef5a3b280d6e46c94fe87b
SHA-256: 4173386bf52e333c1f54243c5acef5d23f38007082208af7d5326d00f943b4e9
Size: 96.43 kB - rubygem-rake-13.0.1-138.module+el8+1523+b0848be9.ML.1.noarch.rpm
MD5: 441089b83b7a35ad6d596560c80b1734
SHA-256: a25fb0c26a23e61d279ac9eaef83dcbe4481932892162ff91f344bb53b79f5ce
Size: 142.05 kB - rubygem-rdoc-6.2.1.1-138.module+el8+1523+b0848be9.ML.1.noarch.rpm
MD5: 90fbc2e1c8c4eb80f4c9f5315e3d9b84
SHA-256: 929b8361543d756be85d6746bc1bc705d560341c82185da5f642b301dc7ff023
Size: 454.04 kB - rubygems-3.1.6-138.module+el8+1523+b0848be9.ML.1.noarch.rpm
MD5: 43d1450170145b251f5142bb6953a878
SHA-256: 3d3de2415dfe01b6e8ef5f8a7a74428438374af3af4b5be8e5c0b1f689b1f734
Size: 307.82 kB - rubygems-devel-3.1.6-138.module+el8+1523+b0848be9.ML.1.noarch.rpm
MD5: cc7f5dce5f3567b61ea2111caf57aea6
SHA-256: e69ad8ab418e08e6e2c990d961ffcf9703d90084627e33d1e1f3e80f8a153201
Size: 60.77 kB - rubygem-test-unit-3.3.4-138.module+el8+1523+b0848be9.ML.1.noarch.rpm
MD5: 5eb51c9496d530fed3bb016dabac1e19
SHA-256: 4bc75ec6fab0c37d4eda7528d591b8208fdaa922b28756bf994c842baa9d63c4
Size: 185.96 kB - rubygem-xmlrpc-0.3.0-138.module+el8+1523+b0848be9.ML.1.noarch.rpm
MD5: 398a0b18b1d2be05bf818a71f4af8e4f
SHA-256: fcd6e6e8bce5779aedbf485812cda291d748274b6c06e9fcf8abf13833dc1680
Size: 82.49 kB - ruby-libs-2.7.6-138.module+el8+1523+b0848be9.ML.1.x86_64.rpm
MD5: d28e1458c7258a0eba3c2a89f6ad9b59
SHA-256: ddceb8f13d2c81ac80c04044d38d22642333d30403eb66df148e83b44fcaac6b
Size: 3.19 MB - ruby-2.7.6-138.module+el8+1523+b0848be9.ML.1.i686.rpm
MD5: 7d98a66a16c4a6e5ba6edc759e828b1d
SHA-256: a744f15b2c6993c1bf2b73bdf7c8d5b32788d2c5b8d87fd801fc30d8dcb1ed36
Size: 88.16 kB - ruby-debugsource-2.7.6-138.module+el8+1523+b0848be9.ML.1.i686.rpm
MD5: 70389da0a559934fc860022991fa3aa5
SHA-256: 27b8415132dbc768c407eec048bb61e3e183408aca1085165ee15c723d147a50
Size: 3.93 MB - ruby-devel-2.7.6-138.module+el8+1523+b0848be9.ML.1.i686.rpm
MD5: 6869bf50ace0dda9da2db1283aaa9eff
SHA-256: 45c45d9783483590d5ef07f6076b1a253fa6ead949eed2dddd0336849b202274
Size: 260.97 kB - rubygem-bigdecimal-2.0.0-138.module+el8+1523+b0848be9.ML.1.i686.rpm
MD5: 12724bc9adff85124bf096916cffc583
SHA-256: a49f004115d1e85e140851276504c68c23e1cab58d749dbb16e96989b5ac463f
Size: 103.36 kB - rubygem-io-console-0.5.6-138.module+el8+1523+b0848be9.ML.1.i686.rpm
MD5: bed3f6ac72002d5bad482c42b5cb442a
SHA-256: 25537fd187d441d48d89f6b4ece9063aa57672a07099256c0bc66eb86f0139fc
Size: 72.47 kB - rubygem-json-2.3.0-138.module+el8+1523+b0848be9.ML.1.i686.rpm
MD5: a1bf7f373ad3139e6613d6a97675b9a5
SHA-256: 18cc1eb7d7073e9a7bb29dda2cb407ecfcb256007c7cf05302095fb8d28f2470
Size: 93.91 kB - rubygem-openssl-2.1.3-138.module+el8+1523+b0848be9.ML.1.i686.rpm
MD5: f2e8d8ddff6374d2b1fdfb617a0bf34c
SHA-256: a93bcae5df6c300c38561e1691dc02f4145b558b09157dca377d1a011dfb497d
Size: 209.07 kB - rubygem-psych-3.1.0-138.module+el8+1523+b0848be9.ML.1.i686.rpm
MD5: 03df0b270744202086c7f1b6934c27de
SHA-256: 112d29dbea4a76b14c4dc95306c8e8147e6b2f69c3ef75a58d55a939360fd402
Size: 97.84 kB - ruby-libs-2.7.6-138.module+el8+1523+b0848be9.ML.1.i686.rpm
MD5: 6b29a1f9393bcc0a24642a4cd758250e
SHA-256: 2ae7aae080138d735d18918956b7b7b603ae7281ae79c57dfed0ea7a3222d026
Size: 3.31 MB