[El-errata] ELSA-2024-4499 Moderate: Oracle Linux 8 ruby security update

[Errata Announcements for Oracle Linux]

Oracle Linux Security Advisory ELSA-2024-4499

http://linux.oracle.com/errata/ELSA-2024-4499.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
ruby-2.5.9-112.module+el8.10.0+90367+ae9e8511.i686.rpm
ruby-2.5.9-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm
ruby-devel-2.5.9-112.module+el8.10.0+90367+ae9e8511.i686.rpm
ruby-devel-2.5.9-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm
ruby-doc-2.5.9-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
ruby-irb-2.5.9-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
ruby-libs-2.5.9-112.module+el8.10.0+90367+ae9e8511.i686.rpm
ruby-libs-2.5.9-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm
rubygem-abrt-0.3.0-4.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-abrt-doc-0.3.0-4.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-bigdecimal-1.3.4-112.module+el8.10.0+90367+ae9e8511.i686.rpm
rubygem-bigdecimal-1.3.4-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm
rubygem-bson-4.3.0-2.module+el8.9.0+90042+a65659a6.x86_64.rpm
rubygem-bson-doc-4.3.0-2.module+el8.9.0+90042+a65659a6.noarch.rpm
rubygem-bundler-1.16.1-4.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-bundler-doc-1.16.1-4.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-did_you_mean-1.2.0-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-io-console-0.4.6-112.module+el8.10.0+90367+ae9e8511.i686.rpm
rubygem-io-console-0.4.6-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm
rubygem-json-2.1.0-112.module+el8.10.0+90367+ae9e8511.i686.rpm
rubygem-json-2.1.0-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm
rubygem-minitest-5.10.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-mongo-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm
rubygem-mongo-doc-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm
rubygem-mysql2-0.4.10-4.module+el8.9.0+90042+a65659a6.x86_64.rpm
rubygem-mysql2-doc-0.4.10-4.module+el8.9.0+90042+a65659a6.noarch.rpm
rubygem-net-telnet-0.1.1-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-openssl-2.1.2-112.module+el8.10.0+90367+ae9e8511.i686.rpm
rubygem-openssl-2.1.2-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm
rubygem-pg-1.0.0-3.module+el8.9.0+90042+a65659a6.x86_64.rpm
rubygem-pg-doc-1.0.0-3.module+el8.9.0+90042+a65659a6.noarch.rpm
rubygem-power_assert-1.1.1-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-psych-3.0.2-112.module+el8.10.0+90367+ae9e8511.i686.rpm
rubygem-psych-3.0.2-112.module+el8.10.0+90367+ae9e8511.x86_64.rpm
rubygem-rake-12.3.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-rdoc-6.0.1.1-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-test-unit-3.2.7-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-xmlrpc-0.3.0-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygems-2.7.6.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygems-devel-2.7.6.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm

aarch64:
ruby-doc-2.5.9-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
ruby-irb-2.5.9-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-abrt-0.3.0-4.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-abrt-doc-0.3.0-4.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-bson-doc-4.3.0-2.module+el8.9.0+90042+a65659a6.noarch.rpm
rubygem-bundler-1.16.1-4.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-bundler-doc-1.16.1-4.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-did_you_mean-1.2.0-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-minitest-5.10.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-mongo-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm
rubygem-mongo-doc-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm
rubygem-mysql2-doc-0.4.10-4.module+el8.9.0+90042+a65659a6.noarch.rpm
rubygem-net-telnet-0.1.1-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-pg-doc-1.0.0-3.module+el8.9.0+90042+a65659a6.noarch.rpm
rubygem-power_assert-1.1.1-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-rake-12.3.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-rdoc-6.0.1.1-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-test-unit-3.2.7-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygem-xmlrpc-0.3.0-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygems-2.7.6.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
rubygems-devel-2.7.6.3-112.module+el8.10.0+90367+ae9e8511.noarch.rpm
ruby-2.5.9-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm
ruby-devel-2.5.9-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm
ruby-libs-2.5.9-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm
rubygem-bigdecimal-1.3.4-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm
rubygem-bson-4.3.0-2.module+el8.9.0+90042+a65659a6.aarch64.rpm
rubygem-io-console-0.4.6-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm
rubygem-json-2.1.0-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm
rubygem-mysql2-0.4.10-4.module+el8.9.0+90042+a65659a6.aarch64.rpm
rubygem-openssl-2.1.2-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm
rubygem-pg-1.0.0-3.module+el8.9.0+90042+a65659a6.aarch64.rpm
rubygem-psych-3.0.2-112.module+el8.10.0+90367+ae9e8511.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//ruby-2.5.9-112.module+el8.10.0+90367+ae9e8511.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-abrt-0.3.0-4.module+el8.10.0+90367+ae9e8511.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-bson-4.3.0-2.module+el8.9.0+90042+a65659a6.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-bundler-1.16.1-4.module+el8.10.0+90367+ae9e8511.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-mongo-2.5.1-2.module+el8.9.0+90042+a65659a6.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-mysql2-0.4.10-4.module+el8.9.0+90042+a65659a6.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-pg-1.0.0-3.module+el8.9.0+90042+a65659a6.src.rpm

Related CVEs:

CVE-2023-36617
CVE-2024-27280
CVE-2024-27281
CVE-2024-27282
CVE-2024-35176




Description of changes:

ruby
[2.5.9-112]
- Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755.
(CVE-2023-36617)
Resolves: RHEL-5614
- Fix Buffer overread vulnerability in StringIO.
(CVE-2024-27280)
Resolves: RHEL-34125
- Fix RCE vulnerability with .rdoc_options in RDoc.
(CVE-2024-27281)
Resolves: RHEL-34117
- Fix Arbitrary memory address read vulnerability with Regex search.
(CVE-2024-27282)
Resolves: RHEL-33867
- Fix REXML DoS parsing an XML with many <'s in an attribute value.
(CVE-2024-35176)
Resolves: RHEL-37877

rubygem-abrt
rubygem-bson
rubygem-bundler
rubygem-mongo
rubygem-mysql2
rubygem-pg