ruby:3.3 security update
エラータID: AXSA:2024-8857:01
リリース日:
2024/09/26 Thursday - 22:10
題名:
ruby:3.3 security update
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- REXML には、リモートの攻撃者により、`<`、`0`、`%>` など
の特定の文字を含むように細工された XML 形式のデータの解析
を介して、サービス拒否攻撃 (リソースの枯渇) を可能とする
脆弱性が存在します。(CVE-2024-39908)
- REXML には、空白文字、'>]'、']>' などの特定の文字を多く
含む XML 形式のデータの解析処理に問題があるため、リモート
の攻撃者により、細工された XML 形式のデータの処理を介して、
サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-41123)
- REXML には、SAX2 もしくはプルパーサー API を用い XML
形式のデータの解析処理に問題があるため、ローカルの攻撃者
により、多数のエンティティ拡張を含むように細工された XML
形式のデータの解析を介して、サービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2024-41946)
- REXML には、リモートの攻撃者により、同じローカル名属性
を持つ多数の要素を含むように細工された XML 形式のデータの
解析を介して、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2024-43398)
Modularity name: ruby
Stream name: 3.3
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-39908
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.
CVE-2024-41123
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
CVE-2024-43398
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- rpm-local-generator-support-1-1.module+el9+1050+1d8c4499.src.rpm
MD5: 465359f07d790be020a94a9da75aa5bd
SHA-256: ed2634fd4add7eb17c40d9363d028abe3f395205f126ca453c5412075e5a951d
Size: 7.31 kB - rubygem-mysql2-0.5.5-1.module+el9+1050+1d8c4499.src.rpm
MD5: ed0ce09f0c4631fcc2380bfac2585291
SHA-256: 64cd8d132e1107c72e034dc65e98801ca3ea12ac48c110f4ab3507cfe53d0586
Size: 121.83 kB - rubygem-pg-1.5.4-1.module+el9+1050+1d8c4499.src.rpm
MD5: f8589224704983ead1a6911baddbf861
SHA-256: bc5ab58ebea0fd3fd99bb4bd65d0655a9cf43027f4a5caef0fa35272022b8253
Size: 305.83 kB - ruby-3.3.5-3.module+el9+1050+1d8c4499.src.rpm
MD5: ec70d45e12c15b5a12591b5f1a749861
SHA-256: 7b5d2f7508b1abb27aa0b29598caa564036aa053dcecbd1ad1be6cab7b913ed5
Size: 15.72 MB
Asianux Server 9 for x86_64
- ruby-3.3.5-3.module+el9+1050+1d8c4499.i686.rpm
MD5: aa3d5eda0537f6e6a3bca0d572563281
SHA-256: ac3a4d870aabefebac891189dae737f483fd1e5a92f17e5ce62e628fb7fb05c0
Size: 37.38 kB - ruby-3.3.5-3.module+el9+1050+1d8c4499.x86_64.rpm
MD5: 5ea9f2355e4021286e8cd1244036783a
SHA-256: 65ffc7b32b5a0f65ad748e8d6d1b8f7a7da6a991d7ee98e4d564f4d2d8660d10
Size: 37.25 kB - ruby-bundled-gems-3.3.5-3.module+el9+1050+1d8c4499.i686.rpm
MD5: 466c3ba1a17a967d1dff7f150417d570
SHA-256: 87416377170bf5eb25739d758190852579cd2c176630cdaadc1820605d4ea2f3
Size: 254.04 kB - ruby-bundled-gems-3.3.5-3.module+el9+1050+1d8c4499.x86_64.rpm
MD5: 52e76ec9b6bbdf6bf65841410799ead9
SHA-256: 15f331175992b1af98bdaf995edb554c28f2f90547ac85c34360fbb6ebe51acd
Size: 253.90 kB - ruby-debugsource-3.3.5-3.module+el9+1050+1d8c4499.i686.rpm
MD5: 55429a74929a1c51cccd25b926bdcd50
SHA-256: eb44514380f7784f11be9e22e277b48f390aba3e966f94577ffb9fb9f1f324e3
Size: 3.77 MB - ruby-debugsource-3.3.5-3.module+el9+1050+1d8c4499.x86_64.rpm
MD5: add190df749822490c329abae725da37
SHA-256: 23547c6d2af9664c1d5e005b153e7d39c067cecfd6c815ad8554bdd81ac11703
Size: 3.99 MB - ruby-default-gems-3.3.5-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: 49ce6718f0a3ac4cfa4e86d75cec5e11
SHA-256: f807c6e1d07ea31f72c3562af69aad68452527a8e506879924c7b7747f8a728a
Size: 33.54 kB - ruby-devel-3.3.5-3.module+el9+1050+1d8c4499.i686.rpm
MD5: f3e6c7361075cc5627b64969ed109c6d
SHA-256: 0f78eff2dbfcddb1f5d2c1983812e2bf284f18d2518da26e929015c8523e9212
Size: 287.21 kB - ruby-devel-3.3.5-3.module+el9+1050+1d8c4499.x86_64.rpm
MD5: a2ed3a6b770ede704561b264f866b454
SHA-256: f82040e0e901ec9bdd539d17206b7e971fe20502d4576988586f25a1dbb97a73
Size: 287.35 kB - ruby-doc-3.3.5-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: 99bbdbdb2c2512abbb33c750bf19d164
SHA-256: ff8b901bbe2535dd7c17a9a6e80605261073ba8167c5d8af86def1ce396d0a9e
Size: 4.47 MB - rubygem-bigdecimal-3.1.5-3.module+el9+1050+1d8c4499.i686.rpm
MD5: 016ee3e98f69996d504478a54bc1fb6e
SHA-256: ab622410aee2fd297b3cf6f54e706cdc093dcd56f32056ad6dbf3124bbb27f05
Size: 69.65 kB - rubygem-bigdecimal-3.1.5-3.module+el9+1050+1d8c4499.x86_64.rpm
MD5: e5217caf226757a4af02f3bdc3d12ff8
SHA-256: 53786d81e3149b2573796ff4c9c41db766f99f62ef6a0a1fd880fb5989548eb5
Size: 64.69 kB - rubygem-bundler-2.5.16-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: 3c5d5ef98a60040d91ee3480e49250f0
SHA-256: 1afd4ef654ad8be4de1aa33cacaa59db0d8c3a902bd4b00b74033b9a66d79788
Size: 390.16 kB - rubygem-io-console-0.7.1-3.module+el9+1050+1d8c4499.i686.rpm
MD5: 2d649a80a9e69d2cc3352be477f692aa
SHA-256: 2f2b93132e9a9eb5e7e8e9aa0c8a63f1b77cc81dc14a3f86695d66db5053be5b
Size: 23.66 kB - rubygem-io-console-0.7.1-3.module+el9+1050+1d8c4499.x86_64.rpm
MD5: 8b1b86c2ed1a11480476fe96f50a4475
SHA-256: f504240d9a9a908e84a65af626ce3bcf9539617b4f835086fcdb76b133c943b6
Size: 21.97 kB - rubygem-irb-1.13.1-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: 94eb5262ea442d967c3c3ad677285bbb
SHA-256: b3f19ba0f955ee28ef00b3852c7fb37630bdfb7543a3e5658739b364c4d6ab9d
Size: 85.19 kB - rubygem-json-2.7.1-3.module+el9+1050+1d8c4499.i686.rpm
MD5: 2cba8edf1a3c59c1934c1e544f9b103e
SHA-256: 5144a55ae6174413aaa7b1ccf6d819531b571bc47e93046920ee86440d566ee8
Size: 53.27 kB - rubygem-json-2.7.1-3.module+el9+1050+1d8c4499.x86_64.rpm
MD5: 143628ca68cffcb2b570f9b3794ae121
SHA-256: e1ca45ec8632c68dea54001137e79237b4066f94f0091ef4a84aece981679a1e
Size: 51.40 kB - rubygem-minitest-5.20.0-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: 897d18a309a41fd8f2a2f4159d3d93b6
SHA-256: 712d6ecc36088fac8c88a149306f41ddec79695557ba9878d753448a9220def5
Size: 86.90 kB - rubygem-mysql2-0.5.5-1.module+el9+1050+1d8c4499.x86_64.rpm
MD5: 7ed53934f7fb7998391bf6b76438b12f
SHA-256: f6955db1099827ea53efd0a22a1a8c6e3136fbc6b7b5204e418cf70c271b0a54
Size: 45.66 kB - rubygem-mysql2-debugsource-0.5.5-1.module+el9+1050+1d8c4499.x86_64.rpm
MD5: 8840c3332deb4b0e93e622533a25baed
SHA-256: f33a6a90ca770a46d08b4dad420407595f065d343dd37a1fa07bbb4cbcfe3ce0
Size: 35.59 kB - rubygem-mysql2-doc-0.5.5-1.module+el9+1050+1d8c4499.noarch.rpm
MD5: 23a17d42a644db9fdb713f7abb30cf33
SHA-256: 2d536074372ee15d78dfef239d7cdffb5a0d3e92a763817adcfb8dfccdcac5eb
Size: 312.46 kB - rubygem-pg-1.5.4-1.module+el9+1050+1d8c4499.x86_64.rpm
MD5: 7b5ca82db985972e1d662eb58b1a72a5
SHA-256: 8914564172a12adec534a963aed9567fe0bb478d199a9394be01426a05a7803d
Size: 116.85 kB - rubygem-pg-debugsource-1.5.4-1.module+el9+1050+1d8c4499.x86_64.rpm
MD5: f7f2818a1358c630cec3014dcf69d1d4
SHA-256: bd855c03b76f696bfebf3f1b2fe7b9a9d8ec8a390f1d98a6ea291f2742877dfe
Size: 94.69 kB - rubygem-pg-doc-1.5.4-1.module+el9+1050+1d8c4499.noarch.rpm
MD5: 734d5488a29c75a261a80a5bf6941ae4
SHA-256: c32e6825d84350392f2c38087124b6e68b744448978605e09fa968472c322b2d
Size: 601.80 kB - rubygem-power_assert-2.0.3-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: e0da3d97c6055b77a0129d3db24f1141
SHA-256: e85a0dd9370a3000caf355533b6114fa2d367f01c2c85eb63ea864436139374e
Size: 20.17 kB - rubygem-psych-5.1.2-3.module+el9+1050+1d8c4499.i686.rpm
MD5: 6f458de80f0a65f1568788b233b83cb8
SHA-256: 839c3eb8bf49bab281108005ee9ac8d9a90fca196e6f31ddabb01e35ca7392cb
Size: 49.52 kB - rubygem-psych-5.1.2-3.module+el9+1050+1d8c4499.x86_64.rpm
MD5: 88816971a138589a3f0d8a91c3a3602b
SHA-256: 51d99a1c48593ff855c3c09a24ed0713df9ee55793d257113dd4b094476bc2cc
Size: 48.34 kB - rubygem-racc-1.7.3-3.module+el9+1050+1d8c4499.i686.rpm
MD5: 8e39ef706cea43b59cbc2cc71ec2c927
SHA-256: 0d0c836c3b47eafa85f18ca32116c88d6974dc026d3995620e803c05738097f8
Size: 71.43 kB - rubygem-racc-1.7.3-3.module+el9+1050+1d8c4499.x86_64.rpm
MD5: fc24b45d92eaad3627a64b9be5455735
SHA-256: 4465b7f81d5b13138b6dc67c7906311a6a23153aa75ceab1c40ae9e08e2f5285
Size: 70.75 kB - rubygem-rake-13.1.0-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: 74dec02cfa885e3130f43de8e060123b
SHA-256: c3a9a09ffa0a1468f60110e9ee2e4a21d43007aa1dd68e3330ae743db22be3e4
Size: 85.55 kB - rubygem-rbs-3.4.0-3.module+el9+1050+1d8c4499.i686.rpm
MD5: 930390184dcbc471f03a918ca395eb6d
SHA-256: 058377a728670c883efd59ba23d6a12c2c1f3f1c5247a480778d9699004d9e37
Size: 904.01 kB - rubygem-rbs-3.4.0-3.module+el9+1050+1d8c4499.x86_64.rpm
MD5: abc37c4da0365786d872a3b9d718c595
SHA-256: da48bffd4cd2a6d57bfc07111bdb85d3b057bc7a0e342ef272e3f3a1b9f5db91
Size: 899.14 kB - rubygem-rdoc-6.6.3.1-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: 4485afec18d875b520ef2b018e0e4b1c
SHA-256: 535f38a64b0c2a736b5aa34a8121858a2f86ccebdfe59ce6dec3841d60f2769a
Size: 461.75 kB - rubygem-rexml-3.3.6-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: 6d6690a204519d90f6e55229d14359f5
SHA-256: dd16952f2444589c747637ee0d77a1748ae8d537396419ff9a40617cecf47720
Size: 101.11 kB - rubygem-rss-0.3.1-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: 0ea6515e12ed6667177815fb116ff349
SHA-256: 847b9af325a295d314382b76538f73386375b35bc4c6f0995da4aff37e8cf349
Size: 55.87 kB - rubygems-3.5.16-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: 16effd8be6b327b8152a57c71388fd53
SHA-256: 1300e5c1b8a69c5940d4c1cb5d8c6f1d1499ca6234cbd8f03d8021865043997c
Size: 350.47 kB - rubygems-devel-3.5.16-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: 0d12d5ec21f687d00f3167cdbd3b4b1f
SHA-256: ebf1c6b48be5a82cba425135c2545a3bb41ed6e8d9d89bf8ea5451944fe4c802
Size: 12.05 kB - rubygem-test-unit-3.6.1-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: 8201ba6a5a1186a42569b5365f0d66e4
SHA-256: 12ab4df1227dd846ba4a5052c101856eca0a4e20554a26119d84abea1fbefcd2
Size: 94.01 kB - rubygem-typeprof-0.21.9-3.module+el9+1050+1d8c4499.noarch.rpm
MD5: c89eea433bd6aa16a5c30a47cbb33d58
SHA-256: 00212edfd24952025a10521286590b2a4b98f26fa205503e37c549d04aff076b
Size: 70.96 kB - ruby-libs-3.3.5-3.module+el9+1050+1d8c4499.i686.rpm
MD5: a2c6de971066d9a3e33183aaa6924189
SHA-256: a7cd5e1f8258c307cd13e4ca2079b3ec3f7b3d9d2946a534b81e5289cbeb04da
Size: 3.61 MB - ruby-libs-3.3.5-3.module+el9+1050+1d8c4499.x86_64.rpm
MD5: fcddca35fb855e161100eae4dfe39d03
SHA-256: 7c3adbe634dec4695ece6d20304a3fddf9c728ba2d50f4165033d87517bc0776
Size: 3.96 MB