ruby:2.7 security, bug fix, and enhancement update

エラータID: AXSA:2023-6217:01

リリース日: 
2023/07/10 Monday - 03:59
題名: 
ruby:2.7 security, bug fix, and enhancement update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- Ruby の cgi gem には、入力の検証が適切でない問題があるため、
リモートの攻撃者により、信頼できないユーザーの入力から HTTP
レスポンスまたは CGI::Cookie オブジェクトを生成するアプリケー
ションを介して、HTTP レスポンス分割攻撃を可能とする脆弱性が
存在します。(CVE-2021-33621)

- Ruby の URI コンポーネントには、特定の文字を含む無効な URL を
処理する際の不具合に起因して CPU リソースを多く消費してしまう
問題があるため、リモートの攻撃者により、細工された URL の入力を
介して、正規表現によるサービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2023-28755)

- Ruby の Time コンポーネントの Time パーサーには、特定の文字を
含む無効な URL を処理する際の不具合に起因して CPU リソースを多く
消費してしまう問題があるため、リモートの攻撃者により、細工された
URL の入力を介して、正規表現によるサービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2023-28756)

Modularity name: ruby
Stream name: 2.7

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2021-33621
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
CVE-2023-28755
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
CVE-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. rubygem-abrt-0.4.0-1.module+el8+1645+4a87a218.src.rpm
    MD5: 9407f72921a82f8bb71d92230a176fe9
    SHA-256: d545cdf29f444a202324ea2167c181ad28570cda012e062a4fe56234f848d4a6
    Size: 16.61 kB
  2. rubygem-bson-4.8.1-1.module+el8+1645+4a87a218.src.rpm
    MD5: f9a0a7a2d9a9e5a6295a943a8a9f66e2
    SHA-256: 473167dd5ddbb882b80f0ffaeb2b4fa47d45d50ddd72e13cd980b728c5362723
    Size: 130.25 kB
  3. rubygem-mongo-2.11.3-1.module+el8+1645+4a87a218.src.rpm
    MD5: cac6b8d0960cbcaea577f815241db6fb
    SHA-256: 4b6c6ae14aa47cf7cb0f90d1ce2c118100b91856a2bf21c3c97f632b3160969b
    Size: 648.32 kB
  4. rubygem-mysql2-0.5.3-1.module+el8+1645+4a87a218.src.rpm
    MD5: 34993ebbe57bc769284833b19aebb654
    SHA-256: 719090f5a7a4c3404fa4ecf7d6f5703ebd090228f4043d60e9ee9752dd97ca03
    Size: 109.11 kB
  5. rubygem-pg-1.2.3-1.module+el8+1645+4a87a218.src.rpm
    MD5: 0d02baebc83bae1cae4f5e85c6b25084
    SHA-256: 5d604217f101ea7f6b6d055b66002d2eae1373ee53ead513777c17cf30f9aed9
    Size: 201.27 kB
  6. ruby-2.7.8-139.module+el8+1645+4a87a218.src.rpm
    MD5: 6216acabbae01bbf96b33b6a880fd997
    SHA-256: 22ebc56930371ef1d9f8ca1a0be266bce2bb2c605967cf86d60fb131b7353cce
    Size: 40.10 MB

Asianux Server 8 for x86_64
  1. ruby-2.7.8-139.module+el8+1645+4a87a218.i686.rpm
    MD5: 7795a98bf647b5715659e27a2f068195
    SHA-256: 6abf1a7c6e113bde00f1da76b6988f226a170e4710e7893c624c1869e7198d53
    Size: 88.25 kB
  2. ruby-2.7.8-139.module+el8+1645+4a87a218.x86_64.rpm
    MD5: 71d7aed07c056d4a9e694779fecff22b
    SHA-256: 46ddaa22e7f219f1b7ca9732f8cee053d107557e1e3aeefcefbe21b8d4e519a5
    Size: 88.15 kB
  3. ruby-debugsource-2.7.8-139.module+el8+1645+4a87a218.i686.rpm
    MD5: fac9e7554c87cfcf89f9315520aed637
    SHA-256: 8c1c6b346218f23749782e1394b8421fe4b87f2f8bc83a64b5d44f9d93026b58
    Size: 3.95 MB
  4. ruby-debugsource-2.7.8-139.module+el8+1645+4a87a218.x86_64.rpm
    MD5: 3e5a51841cddb1bb71f68ec7ba0d1b42
    SHA-256: 35dd9c3a9157833abd5c7e4b8b70f944a565477199cda372159506d8b289f1f9
    Size: 3.95 MB
  5. ruby-default-gems-2.7.8-139.module+el8+1645+4a87a218.noarch.rpm
    MD5: 95f210d980294cc3d8aa3287d422555a
    SHA-256: 562bb067dbda954e16d1c485bc2ce5d960181a3a15108b74b66e443e651b6d06
    Size: 72.94 kB
  6. ruby-devel-2.7.8-139.module+el8+1645+4a87a218.i686.rpm
    MD5: a005d481d47676da7dbc23cf81134fbb
    SHA-256: a8317448826282e9e866c151ab475bcae4d2c0fea3cd1b172ab143b3e3adc05a
    Size: 261.69 kB
  7. ruby-devel-2.7.8-139.module+el8+1645+4a87a218.x86_64.rpm
    MD5: 5c922becc6a9fe470d38b54b3aefb989
    SHA-256: 79ef38b41e4953afe7b8bb462cf9c1dc7e95ff40ffa6fdab6af91809e8bc04bd
    Size: 262.13 kB
  8. ruby-doc-2.7.8-139.module+el8+1645+4a87a218.noarch.rpm
    MD5: 2e14871daed6b2e0945ea319cffd44b9
    SHA-256: 6d81e5a2a02cea9d935658dee44605a84826dd911c86382484b6d473f1566e33
    Size: 6.45 MB
  9. rubygem-abrt-0.4.0-1.module+el8+1645+4a87a218.noarch.rpm
    MD5: 9fb251b1241c66c69701599f1b606532
    SHA-256: c95f8dc3eb97501632bbf7be2cdf144834c1f2aaf21afcf898b5b507e4bfcd4e
    Size: 12.54 kB
  10. rubygem-abrt-doc-0.4.0-1.module+el8+1645+4a87a218.noarch.rpm
    MD5: 913c2d91c79c49fc804cf837a53dcaab
    SHA-256: f8439d9b640bdd91dc6b2cd4519a825d3f802a57f43d3aec45f7180e76b9c457
    Size: 198.13 kB
  11. rubygem-bigdecimal-2.0.0-139.module+el8+1645+4a87a218.i686.rpm
    MD5: 16c819fd19a98e92c6d5ae5498ba13aa
    SHA-256: b19478b7677898a6e4ac5097178cac78b68f640a8d09c8b0cac546c9a830a323
    Size: 103.36 kB
  12. rubygem-bigdecimal-2.0.0-139.module+el8+1645+4a87a218.x86_64.rpm
    MD5: 6a2633fc83f51e3c7920710f74dff7a7
    SHA-256: 92a2730880feb1c3b32b0084ed5a01aad3f6cf5c1a5a52119632cb14fb6a7217
    Size: 100.04 kB
  13. rubygem-bson-4.8.1-1.module+el8+1645+4a87a218.x86_64.rpm
    MD5: 4ee3099ebc8e110566ea32e9adc6836e
    SHA-256: 7f478ec953710bce4277e8021ef2039aff485cdd437fa6f9900f3c24c4d7dfbb
    Size: 66.18 kB
  14. rubygem-bson-debugsource-4.8.1-1.module+el8+1645+4a87a218.x86_64.rpm
    MD5: 05197e3db12bfd7081edd1b263674768
    SHA-256: 71e829a9931870ba0b0db2481d9b0e51eecbb15ad714ce947012b5fdf8477c06
    Size: 24.86 kB
  15. rubygem-bson-doc-4.8.1-1.module+el8+1645+4a87a218.noarch.rpm
    MD5: d4004fb9697ff862e18d70f7f8d6f30a
    SHA-256: 24f92b1cc22172ee59e63b4e20fabbe5ad58950c4ffceefc93f4491e0eb40614
    Size: 421.56 kB
  16. rubygem-bundler-2.2.24-139.module+el8+1645+4a87a218.noarch.rpm
    MD5: 16917fccd991bc0375fbf410a1cf3e1f
    SHA-256: 03ee29a9e8dd93f1e20478c6bd0da729c17a9b6543f7cffe5224dcf69362b032
    Size: 443.83 kB
  17. rubygem-io-console-0.5.6-139.module+el8+1645+4a87a218.i686.rpm
    MD5: 35f2fc826375ecae8963d73fae0b3a55
    SHA-256: 85613a5838d9910ecbd4d7030339b50277e166f489dbfbbc84eed32e18398fd1
    Size: 72.56 kB
  18. rubygem-io-console-0.5.6-139.module+el8+1645+4a87a218.x86_64.rpm
    MD5: 25903630b5bd48c159c1244d99e8c693
    SHA-256: 0ba43d0850d6631171d11693cacfcbda47d70ca743e3b35b81506a0134c0fbea
    Size: 70.92 kB
  19. rubygem-irb-1.2.6-139.module+el8+1645+4a87a218.noarch.rpm
    MD5: c194bf30d20740d83394d064c069fd78
    SHA-256: 391acd8ae1daffe4c19c01a5aff40dc9eefd7d5a7c347c47878c83d0dff8d8ac
    Size: 115.62 kB
  20. rubygem-json-2.3.0-139.module+el8+1645+4a87a218.i686.rpm
    MD5: 3d86e34e47ad2106c08ab6a0c7de0f6a
    SHA-256: c93dc2976a512c8ba514b06494858204964dfebe3cc41099692aeeca5bbaa432
    Size: 94.00 kB
  21. rubygem-json-2.3.0-139.module+el8+1645+4a87a218.x86_64.rpm
    MD5: a2e4962673eb2f110d01948cebfc3dc9
    SHA-256: f3561d7f16391ae3d34f81a1b06b833ae9ba543fd3cf948ea603cb4821d0f94d
    Size: 92.47 kB
  22. rubygem-minitest-5.13.0-139.module+el8+1645+4a87a218.noarch.rpm
    MD5: 629207d08682c6f940d21880cf1ce564
    SHA-256: 45fa521f30a5ca3d0b67955c32139549328535289ef4ccb8db1fd68d880826cd
    Size: 129.83 kB
  23. rubygem-mongo-2.11.3-1.module+el8+1645+4a87a218.noarch.rpm
    MD5: e90c5dd451f9d03bb397319a7f3edb64
    SHA-256: a05739a65733345fddae04ec94a4e76f20da992fd5dcfc9116d9deacc4eb7a0c
    Size: 296.85 kB
  24. rubygem-mongo-doc-2.11.3-1.module+el8+1645+4a87a218.noarch.rpm
    MD5: 42f7535747a98d68fc8c24e40d2990ca
    SHA-256: 0e6b597bcf5332ffeb60ed610c8db883c4282bfe94bff180cdb75330aa294cc0
    Size: 1.65 MB
  25. rubygem-mysql2-0.5.3-1.module+el8+1645+4a87a218.x86_64.rpm
    MD5: 22b96cd59e8bf037cee813d807cbcc38
    SHA-256: 28dc164dda865ac568310fb30458c2bd1b9764d4a7a0edae0d657d03019e3d7b
    Size: 46.53 kB
  26. rubygem-mysql2-debugsource-0.5.3-1.module+el8+1645+4a87a218.x86_64.rpm
    MD5: 1bf87995fe99badf702f8166418c483e
    SHA-256: 81ab2a8abe716a20c5ebb90ba3fd57afdb886f6efe93cf14238c72c494f069b3
    Size: 36.70 kB
  27. rubygem-mysql2-doc-0.5.3-1.module+el8+1645+4a87a218.noarch.rpm
    MD5: 254b9802e664d4ebacf916f489c131c9
    SHA-256: 6412e68cd5c6b40cb9487c9525712dd8777c441a85196305e075e52ac42d5fbd
    Size: 247.18 kB
  28. rubygem-net-telnet-0.2.0-139.module+el8+1645+4a87a218.noarch.rpm
    MD5: e7c26d946534157f5c025718d33d6dec
    SHA-256: 584836c61376fa5be8a281769ad8d61af119e7349b623e236430a25dc97e41a2
    Size: 71.11 kB
  29. rubygem-openssl-2.1.4-139.module+el8+1645+4a87a218.i686.rpm
    MD5: d210ef236dae5ebeab86b4d86d0784cb
    SHA-256: 162fce2f99cea17be512f64e931bd27f06edf1f0718177a0ea977fefe10dc19b
    Size: 209.24 kB
  30. rubygem-openssl-2.1.4-139.module+el8+1645+4a87a218.x86_64.rpm
    MD5: 2095e9af2fbb7630ae7bc16fa1592109
    SHA-256: 0b7586265afd533b130114dc0c5a97d765169573f77878d8ae36239b71153080
    Size: 196.94 kB
  31. rubygem-pg-1.2.3-1.module+el8+1645+4a87a218.x86_64.rpm
    MD5: b94b7dd3f0cf03b0dc41543549970082
    SHA-256: 194e63b37d02132e9088639a5a04e711b21820db9781e1cdcdedd8a37a3fd18c
    Size: 99.84 kB
  32. rubygem-pg-debugsource-1.2.3-1.module+el8+1645+4a87a218.x86_64.rpm
    MD5: a32744e3b35487ac3e31f61c7a04bf1b
    SHA-256: 951ba15928e91723350fb2b11ed4b4484cd2e0831747859ebbdacda2b716c9e4
    Size: 98.10 kB
  33. rubygem-pg-doc-1.2.3-1.module+el8+1645+4a87a218.noarch.rpm
    MD5: 5a00dd6d51be61f5e56fcc187787df81
    SHA-256: aa752329216eb5f818f875585129e845d49df8b9eff0841837271a6b15b5fcdb
    Size: 526.01 kB
  34. rubygem-power_assert-1.1.7-139.module+el8+1645+4a87a218.noarch.rpm
    MD5: 507a9c4b99861a7d5847d28707a163de
    SHA-256: c1f066c431fdb04af8365359fd926f30431c3bfb3aecda521542571fb64a60c3
    Size: 70.47 kB
  35. rubygem-psych-3.1.0-139.module+el8+1645+4a87a218.i686.rpm
    MD5: 1e71529b0c4048cf9c39a4fc4920f38e
    SHA-256: 62b62a0ede85f5841595ada57616e13eb94d21f74072314d1a7f23c7934dc609
    Size: 97.94 kB
  36. rubygem-psych-3.1.0-139.module+el8+1645+4a87a218.x86_64.rpm
    MD5: 210768744e1787e97a7008b14ce6c7a4
    SHA-256: d319d561e6188dfaeaef2f3d83bdd37050d7b2cff8993d89943d0d67730e4fff
    Size: 96.43 kB
  37. rubygem-rake-13.0.1-139.module+el8+1645+4a87a218.noarch.rpm
    MD5: 0946b84851b607d866aa28683df39247
    SHA-256: 920bf8cf136ccf3c75380b3d370da42fb5c71ae9e36173702174881431876bed
    Size: 142.13 kB
  38. rubygem-rdoc-6.2.1.1-139.module+el8+1645+4a87a218.noarch.rpm
    MD5: c95583f016e466005b1b21261806aa37
    SHA-256: cfd45afe77bdac44efc418c76d31c6df7d3f3c7adc7d8b846b52c3247eee1ccd
    Size: 454.13 kB
  39. rubygems-3.1.6-139.module+el8+1645+4a87a218.noarch.rpm
    MD5: eb20df9c8593a1bf50694c299e264909
    SHA-256: c3c0234141ca9ca652af6cba4daae37582b2c20d4e1946c84d27ed26d5e5d9e3
    Size: 307.89 kB
  40. rubygems-devel-3.1.6-139.module+el8+1645+4a87a218.noarch.rpm
    MD5: 7e56bc67573f62a73c24b4680cd280b4
    SHA-256: 6deaeca6ca9183a600ceebef6a59df229ec6485c71ff9c0d1776544fae38db6d
    Size: 60.87 kB
  41. rubygem-test-unit-3.3.4-139.module+el8+1645+4a87a218.noarch.rpm
    MD5: 44e34712f1ee97c75b9fedd5c1e941aa
    SHA-256: 1b6344254cad23f1e577255fffbfbb23d6be6824ccd767f31cb68a4b3816aebd
    Size: 186.06 kB
  42. rubygem-xmlrpc-0.3.0-139.module+el8+1645+4a87a218.noarch.rpm
    MD5: a66c4d92926c64ddeb273b232f1c3584
    SHA-256: 318d3560a93fefaef744e13142d64d978b942cb1a7429e178331a8d6562c68b4
    Size: 82.60 kB
  43. ruby-libs-2.7.8-139.module+el8+1645+4a87a218.i686.rpm
    MD5: 9ffc179c67185fdfe3553cd198f97dc1
    SHA-256: caf79045ac4037c2735683d3d20fb44f9ac17423e95ea8722b68f9692ca530b1
    Size: 3.31 MB
  44. ruby-libs-2.7.8-139.module+el8+1645+4a87a218.x86_64.rpm
    MD5: c1477ff51ade0b99a9c8290673f34dd0
    SHA-256: 06954c6970440a999a6893530ae112cdc08125772aa2edd80c1189a6a68b40d9
    Size: 3.19 MB