Oracle Linux Security Advisory ELSA-2024-10858 http://linux.oracle.com/errata/ELSA-2024-10858.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: ruby-3.0.7-163.el9_5.i686.rpm ruby-3.0.7-163.el9_5.x86_64.rpm ruby-default-gems-3.0.7-163.el9_5.noarch.rpm ruby-devel-3.0.7-163.el9_5.i686.rpm ruby-devel-3.0.7-163.el9_5.x86_64.rpm ruby-libs-3.0.7-163.el9_5.i686.rpm ruby-libs-3.0.7-163.el9_5.x86_64.rpm rubygem-bigdecimal-3.0.0-163.el9_5.x86_64.rpm rubygem-bundler-2.2.33-163.el9_5.noarch.rpm rubygem-io-console-0.5.7-163.el9_5.x86_64.rpm rubygem-irb-1.3.5-163.el9_5.noarch.rpm rubygem-json-2.5.1-163.el9_5.x86_64.rpm rubygem-minitest-5.14.2-163.el9_5.noarch.rpm rubygem-power_assert-1.2.1-163.el9_5.noarch.rpm rubygem-psych-3.3.2-163.el9_5.x86_64.rpm rubygem-rake-13.0.3-163.el9_5.noarch.rpm rubygem-rbs-1.4.0-163.el9_5.noarch.rpm rubygem-rdoc-6.3.4.1-163.el9_5.noarch.rpm rubygem-rexml-3.2.5-163.el9_5.noarch.rpm rubygem-rss-0.2.9-163.el9_5.noarch.rpm rubygem-test-unit-3.3.7-163.el9_5.noarch.rpm rubygem-typeprof-0.15.2-163.el9_5.noarch.rpm rubygems-3.2.33-163.el9_5.noarch.rpm rubygems-devel-3.2.33-163.el9_5.noarch.rpm ruby-doc-3.0.7-163.el9_5.noarch.rpm aarch64: ruby-3.0.7-163.el9_5.aarch64.rpm ruby-default-gems-3.0.7-163.el9_5.noarch.rpm ruby-devel-3.0.7-163.el9_5.aarch64.rpm ruby-libs-3.0.7-163.el9_5.aarch64.rpm rubygem-bigdecimal-3.0.0-163.el9_5.aarch64.rpm rubygem-bundler-2.2.33-163.el9_5.noarch.rpm rubygem-io-console-0.5.7-163.el9_5.aarch64.rpm rubygem-irb-1.3.5-163.el9_5.noarch.rpm rubygem-json-2.5.1-163.el9_5.aarch64.rpm rubygem-minitest-5.14.2-163.el9_5.noarch.rpm rubygem-power_assert-1.2.1-163.el9_5.noarch.rpm rubygem-psych-3.3.2-163.el9_5.aarch64.rpm rubygem-rake-13.0.3-163.el9_5.noarch.rpm rubygem-rbs-1.4.0-163.el9_5.noarch.rpm rubygem-rdoc-6.3.4.1-163.el9_5.noarch.rpm rubygem-rexml-3.2.5-163.el9_5.noarch.rpm rubygem-rss-0.2.9-163.el9_5.noarch.rpm rubygem-test-unit-3.3.7-163.el9_5.noarch.rpm rubygem-typeprof-0.15.2-163.el9_5.noarch.rpm rubygems-3.2.33-163.el9_5.noarch.rpm rubygems-devel-3.2.33-163.el9_5.noarch.rpm ruby-doc-3.0.7-163.el9_5.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//ruby-3.0.7-163.el9_5.src.rpm Related CVEs: CVE-2024-49761 Description of changes: [3.0.7-163] - Fix REXML ReDoS vulnerability. (CVE-2024-49761) Resolves: rbhz#2322153 [3.0.7-162] - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35746 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35747 [3.0.4-161] - Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-12724 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-12724 [3.0.4-160] - Bypass git submodule test failure on Git >= 2.38.1. - Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. - Fix for tzdata-2022g. - Fix File.utime test. _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata