ruby:3.3 security update
エラータID: AXSA:2024-8830:01
リリース日:
2024/09/27 Friday - 01:41
題名:
ruby:3.3 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- REXML には、リモートの攻撃者により、`<`、`0`、`%>`
などの特定の文字を含むように細工された XML 形式のデータ
の解析を介して、サービス拒否攻撃 (リソースの枯渇) を可能
とする脆弱性が存在します。(CVE-2024-39908)
- REXML には、空白文字、'>]'、']>' などの特定の文字を多く
含む XML 形式のデータの解析処理に問題があるため、
リモートの攻撃者により、細工された XML 形式のデータの
処理を介して、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2024-41123)
- REXML には、SAX2 もしくはプルパーサー API を用い XML
形式のデータの解析処理に問題があるため、ローカルの攻撃者
により、多数のエンティティ拡張を含むように細工された XML
形式のデータの解析を介して、サービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2024-41946)
- REXML には、リモートの攻撃者により、同じローカル名属性
を持つ多数の要素を含むように細工された XML 形式のデータ
の解析を介して、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2024-43398)
Modularity name: ruby
Stream name: 3.3
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-39908
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.
CVE-2024-41123
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
CVE-2024-43398
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- rpm-local-generator-support-1-1.module+el8+1807+0d32393b.src.rpm
MD5: 8ca44203e7b0baabc47ee2f9f46cc9e1
SHA-256: 4d16c2442dac51fb69b811eec63eebea40229f2d5f5894ad73506e1fb70f44a1
Size: 7.12 kB - rubygem-abrt-0.4.0-1.module+el8+1807+0d32393b.src.rpm
MD5: bc861eeaa551bf4753ccd3cba2d94fa4
SHA-256: da2e4537e739b34f99c8f5615cef003b966cc99db0be186a92f3be220efee3c1
Size: 16.60 kB - rubygem-mysql2-0.5.5-1.module+el8+1807+0d32393b.src.rpm
MD5: 80b8704137c8f4614de093531434353a
SHA-256: 22d371900e67b84c239197a67e95fcc6d3bcd60dfef718511f1e9c7b8166ac6f
Size: 124.07 kB - rubygem-pg-1.5.4-1.module+el8+1807+0d32393b.src.rpm
MD5: 10e2db48329adc0fbbb53cb4f18ebfac
SHA-256: 952b37f39b7d75e4954a903aef4349511382b369459f16240965f0ba0e12f6eb
Size: 309.79 kB - ruby-3.3.5-3.module+el8+1807+0d32393b.src.rpm
MD5: 4e4eb023b0a59054e655d63e07af90de
SHA-256: 4e5e339f82f53200b7560016fe63cfc9de5d97dcdb6357525bbc5629be3b403c
Size: 15.77 MB
Asianux Server 8 for x86_64
- ruby-3.3.5-3.module+el8+1807+0d32393b.i686.rpm
MD5: 2f0a73489e72de34d8b25395dd7db25c
SHA-256: 5b374a96523c9d5413321112fa135039e854ad138a58e834306e23024c025ee8
Size: 88.01 kB - ruby-3.3.5-3.module+el8+1807+0d32393b.x86_64.rpm
MD5: 132ddea3ddf4bb2d5c79b7bc9003f8c8
SHA-256: 8005f23b338d387e69af6b2aecaf5a8f3d0517601926616f220eb4b582ee1565
Size: 87.94 kB - ruby-bundled-gems-3.3.5-3.module+el8+1807+0d32393b.i686.rpm
MD5: 15e5697a6b632dfefccb5d75d54cb4c8
SHA-256: 18912852758185d5179bd1a320a9baabc12207abb9488ae0a9c853cd3c285b4a
Size: 321.58 kB - ruby-bundled-gems-3.3.5-3.module+el8+1807+0d32393b.x86_64.rpm
MD5: 655c1295aec6904a8ff280237ac65ddb
SHA-256: 6431a84a8ca70a3c04224d3febb05d6071abc867088a9cdc6685fbbdba771a85
Size: 321.18 kB - ruby-debugsource-3.3.5-3.module+el8+1807+0d32393b.i686.rpm
MD5: 2cad732c147791c4534abf67bd45a2fd
SHA-256: 756ba9f15d6d60ef5d4249a9fcaccb0b2087ad63cb9eedb3b3b2455a5834078d
Size: 4.43 MB - ruby-debugsource-3.3.5-3.module+el8+1807+0d32393b.x86_64.rpm
MD5: 42a2e0253cd251ba68d5f6c17fe3a6b2
SHA-256: 0f328929381bf0cdb4550e482321fd08b244187b8afcb24c257266dc20bcedc1
Size: 4.68 MB - ruby-default-gems-3.3.5-3.module+el8+1807+0d32393b.noarch.rpm
MD5: d79d03eccb6d73d2e186b87def13d6b4
SHA-256: 1c90ac8eff25fb99edaf88e6a8a3b5a35dbc0f332a80473fe543b495a1d8957a
Size: 84.33 kB - ruby-devel-3.3.5-3.module+el8+1807+0d32393b.i686.rpm
MD5: 39b05edf17ac66898393ab58bf544cbf
SHA-256: a6a8d1415fc41ac9f9de0092550713b7ac2b6af82ee5532971e83834551c320f
Size: 365.13 kB - ruby-devel-3.3.5-3.module+el8+1807+0d32393b.x86_64.rpm
MD5: bc9ecbd3bae3b09d01aefbaef201de3a
SHA-256: db1a7b3815d108b8b3a44d44b0144c40f98dbdf78160202d21222e1bdc843192
Size: 365.13 kB - ruby-doc-3.3.5-3.module+el8+1807+0d32393b.noarch.rpm
MD5: 0be5c5c275f4c21613e7f2cccb03ea7c
SHA-256: 4b3b453f0c7c1af8f3ae76c77a152b2e0ff8320f98561eccb09685450eb8806e
Size: 4.82 MB - rubygem-abrt-0.4.0-1.module+el8+1807+0d32393b.noarch.rpm
MD5: 0cd69702e7fc4e9953c7feacadc8dbe8
SHA-256: 0677004a58ce4cb400d9cd6432afdd28def36bacea6d2ad0ebb55c1ca62f9140
Size: 12.51 kB - rubygem-abrt-doc-0.4.0-1.module+el8+1807+0d32393b.noarch.rpm
MD5: da8071edddc3e006a83cb71757a5c526
SHA-256: 0abd5d4368eb313eb11102d94b8926b0a1c3a0757f38d3e3cc0cd157959cc439
Size: 256.72 kB - rubygem-bigdecimal-3.1.5-3.module+el8+1807+0d32393b.i686.rpm
MD5: 3b96e57610872f17a1d813a14d495aa4
SHA-256: 17ef68b74e4db186e23671595ae79646ba69dd13c6b007d2bac85c0d172275e7
Size: 117.78 kB - rubygem-bigdecimal-3.1.5-3.module+el8+1807+0d32393b.x86_64.rpm
MD5: c81da6fa5499081c9215fc29a00215ab
SHA-256: bc711476ff4dc63c4db3d4ee74beb550e8c7cb30376a691a995d0ef84e773710
Size: 114.14 kB - rubygem-bundler-2.5.16-3.module+el8+1807+0d32393b.noarch.rpm
MD5: 9afb2b92af590d4ba64e8214998ab3ab
SHA-256: bfec9fddafff7bf08beb21868625bc676dfb0e81f28d82883e577d94aea05ad5
Size: 472.84 kB - rubygem-io-console-0.7.1-3.module+el8+1807+0d32393b.i686.rpm
MD5: f547edce85cf4c1eef54871f66c4e47c
SHA-256: f68d94d06f2bf01cfff65a24a522bd3e269ba8babef4e3907e081083d70d3e3c
Size: 73.85 kB - rubygem-io-console-0.7.1-3.module+el8+1807+0d32393b.x86_64.rpm
MD5: 51f031bffc29fe0afa0d067ca333c057
SHA-256: e948fd33679c22fefd678e6e31dbbfda5f7cb35ddcdeb65563ee98d3078b1a4c
Size: 72.22 kB - rubygem-irb-1.13.1-3.module+el8+1807+0d32393b.noarch.rpm
MD5: b34d76b4f091d14b62f484f789b79b96
SHA-256: 2309d5f7e927ac6acdb6ceb06f7a3264d90ab1719209b3aa883073721a5ccbdd
Size: 150.21 kB - rubygem-json-2.7.1-3.module+el8+1807+0d32393b.i686.rpm
MD5: 1f95105bf6271725b4a42e7a6435039a
SHA-256: cd99fb2976c7668cfdabb720e26760592fa3e6dd5af998fd7ee46abc6f3e72de
Size: 101.88 kB - rubygem-json-2.7.1-3.module+el8+1807+0d32393b.x86_64.rpm
MD5: 8ef9f184c588526677bef7fcb7169673
SHA-256: 5e069e8a092560782beacbf6fd1c98035046b75d5656cf3f6279ec10dc44054c
Size: 100.48 kB - rubygem-minitest-5.20.0-3.module+el8+1807+0d32393b.noarch.rpm
MD5: 5e20a82d39b52b686b57aa476daa19be
SHA-256: 78de4b2e84bba0c27d5e029e61324e11ebcacffc70744fc478ce490a797ebae5
Size: 142.06 kB - rubygem-mysql2-0.5.5-1.module+el8+1807+0d32393b.x86_64.rpm
MD5: d816f5d38ace9e84204f48e9e96bce0c
SHA-256: 9cc38b4a811c4d72bf5f4a96e5601475024e4f6ee6cdbeec6711e7877fd06f0c
Size: 46.54 kB - rubygem-mysql2-debugsource-0.5.5-1.module+el8+1807+0d32393b.x86_64.rpm
MD5: 76ab89e96ec83b4ed0d6c015b6c02fb1
SHA-256: 0c122c94c99a94309c6a111237e9e05641c8a69e75210f1b3508aa1280672208
Size: 39.60 kB - rubygem-mysql2-doc-0.5.5-1.module+el8+1807+0d32393b.noarch.rpm
MD5: 03a7d7d138b60d06e3979b7b8e072d88
SHA-256: 4e716152ea576ccfb3aa23b1929436ca2961a036a54aa8c18c318e05d3c63ed5
Size: 309.10 kB - rubygem-pg-1.5.4-1.module+el8+1807+0d32393b.x86_64.rpm
MD5: aab5d806f931dc0d88fcfc9407afe9a2
SHA-256: 356b627e9ccc56d0fe0be59947c102160e6687c57d0dc2d58059cf167ff4b83b
Size: 116.06 kB - rubygem-pg-debugsource-1.5.4-1.module+el8+1807+0d32393b.x86_64.rpm
MD5: 2620f61c759542f68f5226c451e8474e
SHA-256: 4eeaa75a6b44eafb6a8da0801b79113f77ce24d30940e579d407bc27860b340e
Size: 104.80 kB - rubygem-pg-doc-1.5.4-1.module+el8+1807+0d32393b.noarch.rpm
MD5: baabccd802e4237f4d673c3dbcbd97e3
SHA-256: 1287d7e1d91567600577052e24d1f0c4c9added18108600a7955a128399c4f8b
Size: 630.11 kB - rubygem-power_assert-2.0.3-3.module+el8+1807+0d32393b.noarch.rpm
MD5: 48347f9da9513a1615bf55786c698bcc
SHA-256: 6e6172badda2c364bca25e1cb492541ba64b72cf7646bbefab0821d449c6062e
Size: 70.96 kB - rubygem-psych-5.1.2-3.module+el8+1807+0d32393b.i686.rpm
MD5: 7493fa49e1d9cf9566eca3fd464c762f
SHA-256: a3be9771e207e30a893d87ea8b937fdc3c1952436faaffad5ad49e05a0cd2268
Size: 100.57 kB - rubygem-psych-5.1.2-3.module+el8+1807+0d32393b.x86_64.rpm
MD5: 0b2512e39f4e0f70d96523b66ca8c017
SHA-256: 591a205866de548862cc896def890e6859b1699452ccf285f5766fb64c5a0c0b
Size: 99.26 kB - rubygem-racc-1.7.3-3.module+el8+1807+0d32393b.i686.rpm
MD5: bd16d31081679a94d2a2c603140589cf
SHA-256: 1ed26ba10ce027e7d1e3f1caaeba78945ea44cce47b6c5fe2591c167d03f3448
Size: 123.63 kB - rubygem-racc-1.7.3-3.module+el8+1807+0d32393b.x86_64.rpm
MD5: 810988fa0f19c1e7cf67aee429f54749
SHA-256: 5f9834e15d766c1d9ae918f27966ea18a0c2ca4bc43da7502b02dd963c63c5d9
Size: 123.17 kB - rubygem-rake-13.1.0-3.module+el8+1807+0d32393b.noarch.rpm
MD5: aa8871cf3865ae79311e47779ee51738
SHA-256: 5e909af2f7932beb03e9d6b7c66711a623b584a24c3ba1335ea90b0b14d3af1b
Size: 140.08 kB - rubygem-rbs-3.4.0-3.module+el8+1807+0d32393b.i686.rpm
MD5: 7e33ed970d5ff2598df136e645b45778
SHA-256: 6b35bb87337b55e8088e0c27644d47588c80e85c9cb7aca296fe5c2984cfc73d
Size: 1.03 MB - rubygem-rbs-3.4.0-3.module+el8+1807+0d32393b.x86_64.rpm
MD5: c074e54567303179f474b198b8e24182
SHA-256: fc867d6d76ca8ce358c3b8ea2362bcac8e8f7eb27502d5140566500411d26864
Size: 1.02 MB - rubygem-rdoc-6.6.3.1-3.module+el8+1807+0d32393b.noarch.rpm
MD5: edf728204ca662151d80d666f27da52c
SHA-256: ac3a4175bad0ca421174ce440a12ed509c3c3cece79ea98d7ec6dc3a0fbb2cfa
Size: 519.89 kB - rubygem-rexml-3.3.6-3.module+el8+1807+0d32393b.noarch.rpm
MD5: 46f9d1e6eabb8d68cbee77f344b85c2e
SHA-256: 717b4b929388afc4126cecaeb916972327a10c4ae26cef4fb826b64dc0e7f2ad
Size: 158.55 kB - rubygem-rss-0.3.1-3.module+el8+1807+0d32393b.noarch.rpm
MD5: e5523496a2829add1fff0b530d40b797
SHA-256: 3e53cd906898e04dad6454a6559b489db5a71d21637a035098906e9d0b8a66a0
Size: 110.49 kB - rubygems-3.5.16-3.module+el8+1807+0d32393b.noarch.rpm
MD5: 5ff3bd8e7f12923ae090f5a03d6d015e
SHA-256: 13bbc6b64e8ec01d87af30798b0530dfd1e9711020958bb3b8fda6a8cbb52574
Size: 434.25 kB - rubygems-devel-3.5.16-3.module+el8+1807+0d32393b.noarch.rpm
MD5: b4d93b0cf735e476ab240119724ea7db
SHA-256: 488bce6f8defe70d265c8a9e455e51906b3fab85a461d0f9986c7c89af34188b
Size: 62.69 kB - rubygem-test-unit-3.6.1-3.module+el8+1807+0d32393b.noarch.rpm
MD5: f6a38b5bb2c3c1bbdd829b7c1b5ca1ca
SHA-256: 03779257acecfb1c54f9e831f3a320ede401c099d5345d051643a1fbd5b4f76e
Size: 149.57 kB - rubygem-typeprof-0.21.9-3.module+el8+1807+0d32393b.noarch.rpm
MD5: 749c8da8cb4681cd046b627212f33f7c
SHA-256: 31a41b745a5c5dfd37818d006b55a23fa5a300b6a986b1b2581d0769d0624e7f
Size: 127.29 kB - ruby-libs-3.3.5-3.module+el8+1807+0d32393b.i686.rpm
MD5: 3b8b33e419dfdd21d86e28c5f50abb43
SHA-256: 321e0a2133f457aa04980842696ed9b50c62cab9e539d2807c8e3d1732caf4d9
Size: 3.71 MB - ruby-libs-3.3.5-3.module+el8+1807+0d32393b.x86_64.rpm
MD5: d9f66b00e76674d0f80b73bf15e26043
SHA-256: 389581a8bfeb22db36301c00730157fe74bf40c7b2f641a8fbae4897a43f760d
Size: 4.01 MB