ruby:2.5 security update
エラータID: AXSA:2024-7342:01
リリース日:
2024/01/23 Tuesday - 05:35
題名:
ruby:2.5 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Ruby の cgi gem には、入力の検証が適切でない問題がある
ため、リモートの攻撃者により、信頼できないユーザーの入力
から HTTP レスポンスまたは CGI::Cookie オブジェクトを生成
するアプリケーションを介して、HTTP レスポンス分割攻撃を
可能とする脆弱性が存在します。(CVE-2021-33621)
- ruby の Kernel#Float メソッドと String#to_f メソッド
には、バッファオーバーリードの問題があるため、String 型
から Float 側への変換を介してクラッシュによるサービス拒否
攻撃などを可能とする脆弱性が存在します。(CVE-2022-28739)
- Ruby の URI コンポーネントには、特定の文字を含む無効
な URL を処理する際の不具合に起因して CPU リソースを多く
消費してしまう問題があるため、リモートの攻撃者により、
細工された URL の入力を介して、正規表現によるサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2023-28755)
- Ruby の Time コンポーネントの Time パーサーには、特定
の文字を含む無効な URL を処理する際の不具合に起因して
CPU リソースを多く消費してしまう問題があるため、リモート
の攻撃者により、細工された URL の入力を介して、正規表現
によるサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-28756)
Modularity name: ruby
Stream name: 2.5
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-33621
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
CVE-2022-28739
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
CVE-2023-28755
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
CVE-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
追加情報:
N/A
ダウンロード:
SRPMS
- rubygem-abrt-0.3.0-4.module+el8+1692+9fb95cc1.src.rpm
MD5: 26bb4ae31d92bae382de82409c0d10e3
SHA-256: 19a9d4978872b2562730383d3c376a943f8abbee9ec5db24343e9cd69062f232
Size: 16.03 kB - rubygem-bson-4.3.0-2.module+el8+1692+9fb95cc1.src.rpm
MD5: 21f23f7fdb2fee1040c683d57698448d
SHA-256: b7cf5a94c010d9430d74f4ed124aadf995f15f4871bae7e0fbcd770099904097
Size: 90.08 kB - rubygem-bundler-1.16.1-4.module+el8+1692+9fb95cc1.src.rpm
MD5: f9343ffed1d7e65697fab08fca1ab7ab
SHA-256: 163c8eaa7fce05fdbcc867186f22e3a70b5c7892d6cbd29db070a53b2dcd83c8
Size: 14.64 MB - rubygem-mongo-2.5.1-2.module+el8+1692+9fb95cc1.src.rpm
MD5: f5af568e076266fdc179cefceed7bb65
SHA-256: ea0acc00eab7b3f39305a930095f721882749c4843095f33cece777849e712e1
Size: 338.58 kB - rubygem-mysql2-0.4.10-4.module+el8+1692+9fb95cc1.ML.1.src.rpm
MD5: d43e704c1f77ca77ed6f96df40f9de58
SHA-256: 93905d1a2d8166a6fb3e2ffae245325f69dcf45d5e0511f3a768c4e1a38b12d8
Size: 108.28 kB - rubygem-pg-1.0.0-3.module+el8+1692+9fb95cc1.src.rpm
MD5: 50e39e736c873f292cecdd421c88ddd6
SHA-256: 8746be45a1a48b06a8d0b5342b4e1dded1fcd2937246d827a5a1a74b9e9d2734
Size: 218.84 kB - ruby-2.5.9-111.module+el8+1692+d672d21d.ML.1.src.rpm
MD5: 9433ba497b642cafe228d27cfbd27ee9
SHA-256: 8b2a36d6ff109d073a762610b816030896b7d4ca4b235b5e980a09f51d7ef53c
Size: 10.94 MB
Asianux Server 8 for x86_64
- ruby-2.5.9-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
MD5: 20b7bd9a1636509ec29cbb9aed94d664
SHA-256: 795f676bea68ad2b38fa1ed5905062b09fede88f15c5b5281f510a8f1f5762b7
Size: 86.83 kB - ruby-2.5.9-111.module+el8+1692+d672d21d.ML.1.i686.rpm
MD5: 9fea522bccb7a68b3abd2c55c6f8e644
SHA-256: 41517d1f48f81cbbf3683b12a3a311b378d7d245036f0437d47179ca973ceff9
Size: 86.95 kB - ruby-debugsource-2.5.9-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
MD5: d737a2f550bbfd9e31233bf8bba9efda
SHA-256: 2a574918abe86eb43f6e2bc9254224ede4a1e2f48e0f0311aa02925bc4c6b645
Size: 3.68 MB - ruby-debugsource-2.5.9-111.module+el8+1692+d672d21d.ML.1.i686.rpm
MD5: f90e6f31c379f2c67358fb0eee71a0b7
SHA-256: bc6a8015c4211d62e5d3b1dcb5b9d5a78348f5c5e8ae82045f90fcc1ca09158d
Size: 3.68 MB - ruby-devel-2.5.9-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
MD5: 777bd8e79361caa8716c177f2e67b4cd
SHA-256: 54fd7404e307275b0c4fd8914e3eb311262f799cb7c9288ca482be076a63b53b
Size: 126.24 kB - ruby-devel-2.5.9-111.module+el8+1692+d672d21d.ML.1.i686.rpm
MD5: c2b18dced66d61839c239a85d15c6107
SHA-256: 65c20cd7ba8b263a6ed31c52dbbd353727a1a3cce1c5bff1b2ee77b3b7e0b4d8
Size: 126.26 kB - ruby-doc-2.5.9-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
MD5: dcaffc09d7c44e1cb1a102aee2a38176
SHA-256: 843bf005b717a6de8e6eb0663e6962f28a4bafd7eefed2e695d338b134fdec1e
Size: 5.33 MB - rubygem-abrt-0.3.0-4.module+el8+1692+9fb95cc1.noarch.rpm
MD5: 90c081cbce120f5d0197cfe27b75d331
SHA-256: 9785cfdc44db3c4e5ca4938aa32dd61bbc2155635bf8de87f2447f5894df8414
Size: 12.49 kB - rubygem-abrt-doc-0.3.0-4.module+el8+1692+9fb95cc1.noarch.rpm
MD5: dabb334810ee8d24afa0e6e6b3e05455
SHA-256: 25e05fb1e209d240fa47f91a44043d5db059c629c864623062d4de4aa6eba03e
Size: 198.15 kB - rubygem-bigdecimal-1.3.4-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
MD5: 1927ee307e34f106126a5c53ffd7995b
SHA-256: 13ba5292adf74999e81698aa425fa3458c2303c0301d777f7ee6a7c6805fa7fd
Size: 97.52 kB - rubygem-bigdecimal-1.3.4-111.module+el8+1692+d672d21d.ML.1.i686.rpm
MD5: f6be9246fd721563622362c878ee48ad
SHA-256: 79fd0a6eecbbfd9881dffc9f0ecf6ff36db301969340f37cb7ae010d236e87f0
Size: 100.33 kB - rubygem-bson-4.3.0-2.module+el8+1692+9fb95cc1.x86_64.rpm
MD5: c4eb41fb7e20de959938aa9220c5e967
SHA-256: 33602d47d7f479b3a4d9f28259aa7e77cb30ff4233b14f375c8a8ba407cee8cb
Size: 53.38 kB - rubygem-bson-debugsource-4.3.0-2.module+el8+1692+9fb95cc1.x86_64.rpm
MD5: bc710d459e5286487f218951655485e2
SHA-256: cdb69cd1d7a4d08cb774deedd3a2fd63b96655a31340c713eac708cc11182f25
Size: 19.73 kB - rubygem-bson-doc-4.3.0-2.module+el8+1692+9fb95cc1.noarch.rpm
MD5: fa5787de39cc3f080638788cb896cbc3
SHA-256: aae2adbe09e8cdaa037faada9c4bae0955a2601a2d948401e0856072eb61b140
Size: 373.82 kB - rubygem-bundler-1.16.1-4.module+el8+1692+9fb95cc1.noarch.rpm
MD5: 8cea781f1a2a6e4f90645ad45844b3e2
SHA-256: a889f958a6f3a1ad0f4c375367fd18e8e45bcd9ac2d2f6597a959c923ded159b
Size: 351.82 kB - rubygem-bundler-doc-1.16.1-4.module+el8+1692+9fb95cc1.noarch.rpm
MD5: 73f222f7e94fa9573af367221d42e94b
SHA-256: 435837d0118c6ddeeeb259194ab9e1a35321646e4231dfc426ece43b231ae1f8
Size: 1.23 MB - rubygem-did_you_mean-1.2.0-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
MD5: 2a0166826ea48874f81dffce175a8574
SHA-256: 157af0715350904fc186b53102b7df4a16827e40929ad9cc2521f6952d110f09
Size: 81.45 kB - rubygem-io-console-0.4.6-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
MD5: 383cf8c4dd5c96f688ef0d34b2e81eee
SHA-256: 31126141c2fe4b78e769f9069784aa1f3df50471a9968a4b7c8814ff1a475575
Size: 66.84 kB - rubygem-io-console-0.4.6-111.module+el8+1692+d672d21d.ML.1.i686.rpm
MD5: 927cf640ae1070aa3be79a247aac133c
SHA-256: 6d6150555679449b6401b750acd153bd0a1c16f270b04578b1a5a63e27ad4016
Size: 67.87 kB - rubygem-json-2.1.0-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
MD5: 5af891e22e2b426a4e01e0326c1e801a
SHA-256: 9b14becf036f50c963722d50fe2f4535e4cd6057685f5f142a30c76ed47b5c55
Size: 90.70 kB - rubygem-json-2.1.0-111.module+el8+1692+d672d21d.ML.1.i686.rpm
MD5: 9c9ef0db55d25d05cec376383b033a3d
SHA-256: 97aafaacfb477d36fb985638b4e6edf5cec5e66d28d455acba4604a677449913
Size: 92.12 kB - rubygem-minitest-5.10.3-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
MD5: 755ed81e868290563bcd7e63991d1260
SHA-256: 7f4d5c3a4949e2b1b118916c485dd54c672a33bde09a05ed85b79cdb87251a02
Size: 122.76 kB - rubygem-mongo-2.5.1-2.module+el8+1692+9fb95cc1.noarch.rpm
MD5: 12cc2d40382ce0eeecc6b520326a0327
SHA-256: 850ec7eaf60f9284b2d0c7f9f4346bb7c688311feea59f2b047254539d1a2614
Size: 184.40 kB - rubygem-mongo-doc-2.5.1-2.module+el8+1692+9fb95cc1.noarch.rpm
MD5: f5a7c5642a4d09b508928799bb688dcd
SHA-256: 96978364c089741ab7841057e3052b32278694917ebc58303207f7554adf1c1a
Size: 1.20 MB - rubygem-mysql2-0.4.10-4.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
MD5: 2fbc3db8c6cc5380156ac17d844f1728
SHA-256: a4ae5ee8517931a951b3f4738adaf8ec8bdf5ac06a5674bcf6f9a228b2ba9b9c
Size: 44.29 kB - rubygem-mysql2-debugsource-0.4.10-4.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
MD5: b50655858a4e632a909eda945107651f
SHA-256: 6d5addfb0473749621a6927f984794d168cdb540de35e5fd88bc940a73b5dafd
Size: 36.06 kB - rubygem-mysql2-doc-0.4.10-4.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
MD5: a1c86e7efcdf007a50dd588997f2d803
SHA-256: 6aa1cab4557f5de7be8ba376c63ce3c62b945c416d3c69f73f65922bab6106d7
Size: 275.39 kB - rubygem-net-telnet-0.1.1-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
MD5: 674a24e493f1715b30451b1fec43b899
SHA-256: 3d7db67a726a74c64d738d4907977407d9ba226f84d29eb0d515ee45231c8bb8
Size: 70.46 kB - rubygem-openssl-2.1.2-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
MD5: bb5a3c68bff58e885caff25322aa99bb
SHA-256: 8835e794702bb8507f11a8e70f7f13c42e0b5b022aef7e413f3312a4a809ae16
Size: 189.58 kB - rubygem-openssl-2.1.2-111.module+el8+1692+d672d21d.ML.1.i686.rpm
MD5: cb7772106e332503cc42e474df758ab1
SHA-256: 391bc90ec831ed095fe22a899fa983c32be68fb88bf65c664dfee3a63f819608
Size: 201.81 kB - rubygem-pg-1.0.0-3.module+el8+1692+9fb95cc1.x86_64.rpm
MD5: d982fbd38121f9ce4f8ea8faf789f862
SHA-256: bd68405928017e51d3a95a01f42a5339dbe649e2f3ba4036915a0fa5fc253ac9
Size: 86.20 kB - rubygem-pg-debugsource-1.0.0-3.module+el8+1692+9fb95cc1.x86_64.rpm
MD5: 8fbe5d137d1b16bb0191777c3a4460d8
SHA-256: 54af2c6d62f5ee46b262d932e8cc72b09a69d4ac6eceefff633ad5bc36cb298c
Size: 81.23 kB - rubygem-pg-doc-1.0.0-3.module+el8+1692+9fb95cc1.noarch.rpm
MD5: 56d98fa21293897180f36bcfbadafd00
SHA-256: 2b325ad72eb01b508356823087c15ca2935f703df58d4db5120f338dd205050e
Size: 522.80 kB - rubygem-power_assert-1.1.1-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
MD5: dcbc6e54650d3093a4a8b6b5688ec8fb
SHA-256: 222848d9501472870fad7dad926cfc3c3f5c66e3a4aaf08c93865c9a3fdacfd3
Size: 69.54 kB - rubygem-psych-3.0.2-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
MD5: 45d497a120583f6651569628c42f123a
SHA-256: 213c6d40a8cc9ba618350a7a83c9c58886c29de8e6ada5464c3c8c158b348516
Size: 95.23 kB - rubygem-psych-3.0.2-111.module+el8+1692+d672d21d.ML.1.i686.rpm
MD5: 23c5abe1d7d892217ec81f2fa66178cc
SHA-256: bbc012d3e5b178edc4f413ecae994110492053503140f4bfc23d1148994b9eb8
Size: 96.58 kB - rubygem-rake-12.3.3-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
MD5: c4abfe0c935610aaf6da71ef977ae8fe
SHA-256: b8da0ebac2aef2ffa650391075094bc95ff7910cc7d4cc1a1dcb01389238b309
Size: 141.56 kB - rubygem-rdoc-6.0.1.1-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
MD5: 2d8da59ce4be5280a8127167893e8515
SHA-256: c4906e682c204159689fe9eae3895fc51199a0c035d7e8180ac9201354de1358
Size: 455.97 kB - rubygems-2.7.6.3-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
MD5: 06f8f76a5dbd50c2e67a56f36bceb82c
SHA-256: e40fc270b0d1cd8231d37b778b5d530dc917f9e212a0893836495e8e3b901020
Size: 308.27 kB - rubygems-devel-2.7.6.3-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
MD5: 38da5f93085c108293c9ebc8951063d1
SHA-256: f52a2991284c45f26a469dd1d9371809bbaeed19efca4cafe0d8b65ad559e81a
Size: 60.35 kB - rubygem-test-unit-3.2.7-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
MD5: 805c69cf4ee5d98e6e82d5a852d569d5
SHA-256: 4b9bdc0f2c7522fc4865e5aa0ecf8ee83cb4987d839b10a968c2671b7028f6e4
Size: 182.35 kB - rubygem-xmlrpc-0.3.0-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
MD5: 7ebc3ed8de5a55685d50074e52ecc9ff
SHA-256: 33d41b1760f9f5d823afbabddefe6b14fbe89c43162cb144c5c7b06f49386b83
Size: 82.04 kB - ruby-irb-2.5.9-111.module+el8+1692+9fb95cc1.ML.1.noarch.rpm
MD5: 63bff7970e86443999775600728295df
SHA-256: 9e97039bb7729a4d05e846a3f89364d0f042b747170aa056190d624fe3b612ab
Size: 102.32 kB - ruby-libs-2.5.9-111.module+el8+1692+9fb95cc1.ML.1.x86_64.rpm
MD5: c30f367cde4827680401b23216b5f5db
SHA-256: 92dee43f082bff5cded55e558047a26f295f3a8787be88c80ea1d36232c6b0d6
Size: 2.92 MB - ruby-libs-2.5.9-111.module+el8+1692+d672d21d.ML.1.i686.rpm
MD5: 5fe3423b1358a6da8a082faab499006e
SHA-256: 8339b3703880c7bf3a7a6950442064a45069f806069b1ac628c93dc0532264cb
Size: 3.03 MB
English