ruby:3.1 security, bug fix, and enhancement update
エラータID: AXSA:2024-7662:01
以下項目について対処しました。
[Security Fix]
- Ruby の cgi gem には、入力の検証が適切でない問題がある
ため、リモートの攻撃者により、信頼できないユーザーの
入力から HTTP レスポンスまたは CGI::Cookie オブジェクト
を生成するアプリケーションを介して、HTTP レスポンス
分割攻撃を可能とする脆弱性が存在します。
(CVE-2021-33621)
- Ruby の URI コンポーネントには、特定の文字を含む無効な
URL を処理する際の不具合に起因して CPU リソースを多く
消費してしまう問題があるため、リモートの攻撃者により、
細工された URL の入力を介して、正規表現によるサービス
拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-28755)
- Ruby の Time コンポーネントの Time パーサーには、特定の
文字を含む無効な URL を処理する際の不具合に起因して CPU
リソースを多く消費してしまう問題があるため、リモートの
攻撃者により、細工された URL の入力を介して、正規表現に
よるサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-28756)
- Ruby の URI コンポーネントには、特定の文字を含む無効な
URL を処理する際の不具合に起因して CPU リソースを多く
消費してしまう問題があるため、リモートの攻撃者により、
細工された URL の入力を介して、正規表現によるサービス
拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-36617)
Modularity name: ruby
Stream name: 3.1
パッケージをアップデートしてください。
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.
N/A
SRPMS
- rubygem-mysql2-0.5.4-1.module+el9+1031+a2878962.ML.1.src.rpm
MD5: 91b43f30ea2f7b760261791cc2bee7a1
SHA-256: a537c5eacd634b73a15fc1bf5e4b444e7b5eff16ce57ffd2f61b03376ab0f833
Size: 113.20 kB - rubygem-pg-1.3.5-1.module+el9+1031+a2878962.src.rpm
MD5: 4975e49f46e98833184310b7f2e78456
SHA-256: fe9b6212df81095dfb44ddf856a546001f2c1ff6012cb3405a06e83b32c8282b
Size: 263.16 kB - ruby-3.1.4-143.module+el9+1031+a2878962.src.rpm
MD5: c78b8a7aa77331a47e002e15e81214b1
SHA-256: 37a677b77c065ec19802b9c4855e6f06237a930582d3dff3c6a002ad831e1942
Size: 14.70 MB
Asianux Server 9 for x86_64
- ruby-3.1.4-143.module+el9+1031+a2878962.i686.rpm
MD5: 9a76cf4b4d0a6938b2cc426d10904cd2
SHA-256: 33401860c87acf471a12b256662824e92bd2f715f6924fca9d16f1f0726eac0b
Size: 37.93 kB - ruby-3.1.4-143.module+el9+1031+a2878962.x86_64.rpm
MD5: a82f81f3089eaf46c3b3120a3cfe4091
SHA-256: 64f1a0f3549b7b3f2e70112f341bd910eddf910ac10a9941e3f7b2c2e08539f1
Size: 37.81 kB - ruby-bundled-gems-3.1.4-143.module+el9+1031+a2878962.i686.rpm
MD5: 285605b5a050b960db8a5ab1240d6727
SHA-256: d2f6283b9786415d123b76037945ef5d47bb10e15d6702cbff7c12970aa22d7b
Size: 162.90 kB - ruby-bundled-gems-3.1.4-143.module+el9+1031+a2878962.x86_64.rpm
MD5: c90fae7ae53aa32a1d6d3378b4ec7974
SHA-256: 66e31e4ec6666e65b351e040f553e4d960d8e24fe550c5f3e1ea9feb4d3410bd
Size: 162.36 kB - ruby-debugsource-3.1.4-143.module+el9+1031+a2878962.i686.rpm
MD5: f61e03948bdae11b51d44cdd366f4036
SHA-256: 6f2b498693cb174eac6b42e73b851b0f03523aba5123a06021f4fb26bbb98d5e
Size: 3.52 MB - ruby-debugsource-3.1.4-143.module+el9+1031+a2878962.x86_64.rpm
MD5: 65a7aa20c5dd72f832b41e3a4d391894
SHA-256: 6dcde4022bff1133960142cb95e3e1cd441e708d20065b8efaf70218da7601c8
Size: 3.58 MB - ruby-default-gems-3.1.4-143.module+el9+1031+a2878962.noarch.rpm
MD5: 508e59099facfd1dec2433488b0ddd87
SHA-256: 2369ea15c40ddb338eee5cfefceb5054c106742df958b5f8f52e61392ffcffd6
Size: 27.16 kB - ruby-devel-3.1.4-143.module+el9+1031+a2878962.i686.rpm
MD5: 301863818daded945412d2f254c05423
SHA-256: 6c3163b0d6fb376ed14a3c4cd395da4359a4d1a7457d4f70360864b8ed8b728d
Size: 413.99 kB - ruby-devel-3.1.4-143.module+el9+1031+a2878962.x86_64.rpm
MD5: eb1f6b26337a7e013f4baff726982d55
SHA-256: e5fb7252b67dbd76643c87445f97c49a1effbdce39173a2ae2b476cf02b32dd7
Size: 414.00 kB - ruby-doc-3.1.4-143.module+el9+1031+a2878962.noarch.rpm
MD5: b7fada2676b359b84e7292b87d5dc3d8
SHA-256: b11f7e45d47953ed7ad2b3b83db2bab6e2599a1e63ddc0c5c7af622cc20ff38b
Size: 4.99 MB - rubygem-bigdecimal-3.1.1-143.module+el9+1031+a2878962.i686.rpm
MD5: d1d87beecaa7f897ac4fc38c01f807c3
SHA-256: f685d9f027dff5de77cf4ddd6272521218c53b72b8c58e9272dbbe83007ab9be
Size: 69.94 kB - rubygem-bigdecimal-3.1.1-143.module+el9+1031+a2878962.x86_64.rpm
MD5: ab81ae6c6a4107d8275d52b59a6c0d9b
SHA-256: 0cda6ac4aa0bd6f8372b66ae3e8edce2d984617d38777e8e072771de33693c21
Size: 65.53 kB - rubygem-bundler-2.3.26-143.module+el9+1031+a2878962.noarch.rpm
MD5: 461b8cc805319f72df649932db576a7a
SHA-256: 6db90ac8cddfad5644e0dd7ec1f96a5ce0af718835427492744cb39f265932ce
Size: 376.87 kB - rubygem-io-console-0.5.11-143.module+el9+1031+a2878962.i686.rpm
MD5: b9de08fb63c7b3024efe5ead5dff978f
SHA-256: 469f1002462cb6004e72d077eead2c6d9cbb8f2ea29683be3738de2c8af932b0
Size: 23.49 kB - rubygem-io-console-0.5.11-143.module+el9+1031+a2878962.x86_64.rpm
MD5: 1b314a3e9b6d388df60e60621ca6c1c2
SHA-256: 850a642becc1aa05b20797f67f004c4e87daa81feb12394f2d4d0851bd449bdb
Size: 21.66 kB - rubygem-irb-1.4.1-143.module+el9+1031+a2878962.noarch.rpm
MD5: c95b0d2eef4bdaa6a3c34702681a0514
SHA-256: d774145c918b84edfc0b1e233cdbad40f0e7051b7a554bcf50843620e593f5a0
Size: 66.28 kB - rubygem-json-2.6.1-143.module+el9+1031+a2878962.i686.rpm
MD5: 5b8bd0182c02de8b58c90b47eb9d600e
SHA-256: d2c566feed46d86c31d82351fc3ee11681bd32189d97031a2ff3be5420483bf4
Size: 51.88 kB - rubygem-json-2.6.1-143.module+el9+1031+a2878962.x86_64.rpm
MD5: 352bff8e7ba4592a6ecd64161bd625c0
SHA-256: e1915651cb7d3fe552f5cfd75e0ee387a3dbfa04adb28376562379b83265c785
Size: 50.13 kB - rubygem-minitest-5.15.0-143.module+el9+1031+a2878962.noarch.rpm
MD5: 39d1fd07fc70908098c4c7ed310d6c39
SHA-256: 93cd7be4fd8a8f758f961d688b2cf771c7c3de4a05f46fec5f36adc6cd614dd5
Size: 79.00 kB - rubygem-mysql2-0.5.4-1.module+el9+1031+a2878962.ML.1.x86_64.rpm
MD5: df65c1d5aa6e0054b4b0e2937b5527a5
SHA-256: eb21c3a8eee190c0d1cedcbc7c7d39da05f3ae0436bd68ad3dbf2b62e3f761f5
Size: 47.24 kB - rubygem-mysql2-debugsource-0.5.4-1.module+el9+1031+a2878962.ML.1.x86_64.rpm
MD5: c04f0cc71e294dc384b249043da987a0
SHA-256: 20917f9d70bdb474074305ad1baeef9c94a6ca67638a773b6e094ce0a7b8a382
Size: 34.90 kB - rubygem-mysql2-doc-0.5.4-1.module+el9+1031+a2878962.ML.1.noarch.rpm
MD5: aec24740a7f528b650d3bc24aec1cc84
SHA-256: 8355c19b552d8ae9054e42f31aabefbd5644c229fd1b5610cb39018ad0be2f00
Size: 311.97 kB - rubygem-pg-1.3.5-1.module+el9+1031+a2878962.x86_64.rpm
MD5: 8ffb6dcd7fe654caefc6a15a3288c621
SHA-256: 39f5fff46cdfa9c2e6470bf50b56d43a0ec5e911673aeabd635dd33c73cff364
Size: 110.56 kB - rubygem-pg-debugsource-1.3.5-1.module+el9+1031+a2878962.x86_64.rpm
MD5: a2368c904c246a920f767d35e557cbbd
SHA-256: 9ce7bead4b8f8fe0adad38ffba9d9245de37b62e473a12ca4aa1bfcfc751051c
Size: 90.87 kB - rubygem-pg-doc-1.3.5-1.module+el9+1031+a2878962.noarch.rpm
MD5: 149f00eee4650ab1ef21d2c8ec730cd7
SHA-256: 0fc655c6758223c907978b70d4af3f28ea8c102fff7c04854b3f2db854a84e02
Size: 557.00 kB - rubygem-power_assert-2.0.1-143.module+el9+1031+a2878962.noarch.rpm
MD5: 63c612b14ffd5bcf4544972e6f334a5d
SHA-256: 44efb429bc29c4a4cb19bffaeddd9b34c0dc254f46560b8e95d15c78b8e59995
Size: 19.51 kB - rubygem-psych-4.0.4-143.module+el9+1031+a2878962.i686.rpm
MD5: efaa2e27afea91a235c386f44eb94939
SHA-256: c14653163fb794386862031b64a690d51bb7a4867780b4184301704b17b8c9cc
Size: 48.89 kB - rubygem-psych-4.0.4-143.module+el9+1031+a2878962.x86_64.rpm
MD5: a6d5eeba11cba83094f8d05eb61f59b0
SHA-256: 9ea63185a0fc8d566448d5ae06d0465bc782a64d317ba0d73d9e0f754848c34a
Size: 47.67 kB - rubygem-rake-13.0.6-143.module+el9+1031+a2878962.noarch.rpm
MD5: c17fc9ca856394c4130303e614c51d48
SHA-256: 71ae621eeb79104618e51da25a1d25198389d231dd66afc0732e2b0c9aa58352
Size: 84.90 kB - rubygem-rbs-2.7.0-143.module+el9+1031+a2878962.i686.rpm
MD5: 1eb9956120549fa9c1fb3969b611d8cf
SHA-256: f19c765fc56ea0c9a94d95a7895580872c60e80e61069b7769c4ebc8a6cc1264
Size: 775.59 kB - rubygem-rbs-2.7.0-143.module+el9+1031+a2878962.x86_64.rpm
MD5: d1a48fe68ebe769e93450a1ff66ff192
SHA-256: 9e1e500b22b1fabcd13a2dbffafa2d5b2698dab5ae5f90661a44c4d565f2179f
Size: 771.50 kB - rubygem-rdoc-6.4.0-143.module+el9+1031+a2878962.noarch.rpm
MD5: 236da26f36a28032556a2417cea5f885
SHA-256: 2e44f3397bf778bebd062981bcffc2241efe8f9a5e33c8c4d65cb68a2e99c376
Size: 458.06 kB - rubygem-rexml-3.2.5-143.module+el9+1031+a2878962.noarch.rpm
MD5: 58afdc5a8489839a79e36ab7b087d491
SHA-256: 7099b51054adaeee053216edaa3dcb287f6582db25367df756e39278c260b4dc
Size: 91.51 kB - rubygem-rss-0.2.9-143.module+el9+1031+a2878962.noarch.rpm
MD5: 0cefbead185e109939f849f1ea8cf21a
SHA-256: ef12667970d990b510c1a9b769a070e1d41c46ead23968c2e896936802c1c983
Size: 99.29 kB - rubygems-3.3.26-143.module+el9+1031+a2878962.noarch.rpm
MD5: 59d31f477b578cd44fbac0787e08fd21
SHA-256: 6bc13889049615ad4f589d9d90f67f8c61440a1d84ea418d218c347d78f4dc1d
Size: 249.14 kB - rubygems-devel-3.3.26-143.module+el9+1031+a2878962.noarch.rpm
MD5: 4c33809fe4207ef3127ae07474ab6eb0
SHA-256: bc86771d911cc31c67a859ffa218b13fec32b1cb4a1b7d8ac0e3bb463e7afcec
Size: 11.34 kB - rubygem-test-unit-3.5.3-143.module+el9+1031+a2878962.noarch.rpm
MD5: 7f030608a5cb75a8010568d5e3f53946
SHA-256: 7384b86ff807784dd607165764cba0b594e7d881e186d077b2c5c24f7d4bd7f0
Size: 91.25 kB - rubygem-typeprof-0.21.3-143.module+el9+1031+a2878962.noarch.rpm
MD5: 91ed38c3c9b21cbe68e4f85a01491c22
SHA-256: 0016682ef8c33b1d14c75c2007b4d94acf9e848a011f93bb036231a84f9b3568
Size: 69.60 kB - ruby-libs-3.1.4-143.module+el9+1031+a2878962.i686.rpm
MD5: 574832f87bdbda629e32c3356095a823
SHA-256: 1e8b48a03e110ca2e895baf4c04fc9d68ed36ba9a4dcf26100a4f048afff0319
Size: 3.26 MB - ruby-libs-3.1.4-143.module+el9+1031+a2878962.x86_64.rpm
MD5: bef1753a7f451e8a806ede02ce4f5e0d
SHA-256: 9c6134fd8e64d71071a7cf734c5f028f01b4502419d9fcbe7ba3cfdcb1870831
Size: 3.22 MB