An update for jruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1121 Final 1.0 1.0 2024-02-02 Initial 2024-02-02 2024-02-02 openEuler SA Tool V1.0 2024-02-02 jruby security update An update for jruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. JRuby is a 100% Java implementation of the Ruby programming language. It is Ruby for the JVM. JRuby provides a complete set of core "builtin" classes and syntax for the Ruby language, as well as most of the Ruby Standard Libraries. Security Fix(es): A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.(CVE-2023-28756) An update for jruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium jruby https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1121 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-28756 https://nvd.nist.gov/vuln/detail/CVE-2023-28756 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 jruby-javadoc-1.7.22-4.oe1.noarch.rpm jruby-devel-1.7.22-4.oe1.noarch.rpm jruby-1.7.22-4.oe1.noarch.rpm jruby-1.7.22-4.oe2003sp4.noarch.rpm jruby-javadoc-1.7.22-4.oe2003sp4.noarch.rpm jruby-devel-1.7.22-4.oe2003sp4.noarch.rpm jruby-devel-1.7.22-4.oe2203.noarch.rpm jruby-javadoc-1.7.22-4.oe2203.noarch.rpm jruby-1.7.22-4.oe2203.noarch.rpm jruby-javadoc-1.7.22-4.oe2203sp1.noarch.rpm jruby-devel-1.7.22-4.oe2203sp1.noarch.rpm jruby-1.7.22-4.oe2203sp1.noarch.rpm jruby-javadoc-1.7.22-4.oe2203sp2.noarch.rpm jruby-devel-1.7.22-4.oe2203sp2.noarch.rpm jruby-1.7.22-4.oe2203sp2.noarch.rpm jruby-javadoc-1.7.22-4.oe2203sp3.noarch.rpm jruby-devel-1.7.22-4.oe2203sp3.noarch.rpm jruby-1.7.22-4.oe2203sp3.noarch.rpm jruby-1.7.22-4.oe1.src.rpm jruby-1.7.22-4.oe2003sp4.src.rpm jruby-1.7.22-4.oe2203.src.rpm jruby-1.7.22-4.oe2203sp1.src.rpm jruby-1.7.22-4.oe2203sp2.src.rpm jruby-1.7.22-4.oe2203sp3.src.rpm A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. 2024-02-02 CVE-2023-28756 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L jruby security update 2024-02-02 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1121