An update for ruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1433 Final 1.0 1.0 2024-04-12 Initial 2024-04-12 2024-04-12 openEuler SA Tool V1.0 2024-04-12 ruby security update An update for ruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl). Security Fix(es): A buffer overread flaw was found in rubygem StringIO. The ungetbyte and ungetc methods on a StringIO object can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.(CVE-2024-27280) A flaw was found in Rubygem RDoc. When parsing .rdoc_options used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution.(CVE-2024-27281) An update for ruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium ruby https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1433 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-27280 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-27281 https://nvd.nist.gov/vuln/detail/CVE-2024-27280 https://nvd.nist.gov/vuln/detail/CVE-2024-27281 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 rubygem-json-2.1.0-122.oe1.aarch64.rpm ruby-devel-2.5.8-122.oe1.aarch64.rpm rubygem-bigdecimal-1.3.4-122.oe1.aarch64.rpm rubygem-openssl-2.1.2-122.oe1.aarch64.rpm ruby-debuginfo-2.5.8-122.oe1.aarch64.rpm rubygem-io-console-0.4.6-122.oe1.aarch64.rpm ruby-2.5.8-122.oe1.aarch64.rpm rubygem-psych-3.0.2-122.oe1.aarch64.rpm ruby-debugsource-2.5.8-122.oe1.aarch64.rpm ruby-debugsource-2.5.8-122.oe2003sp4.aarch64.rpm rubygem-json-2.1.0-122.oe2003sp4.aarch64.rpm ruby-2.5.8-122.oe2003sp4.aarch64.rpm rubygem-openssl-2.1.2-122.oe2003sp4.aarch64.rpm rubygem-io-console-0.4.6-122.oe2003sp4.aarch64.rpm rubygem-psych-3.0.2-122.oe2003sp4.aarch64.rpm ruby-devel-2.5.8-122.oe2003sp4.aarch64.rpm rubygem-bigdecimal-1.3.4-122.oe2003sp4.aarch64.rpm ruby-debuginfo-2.5.8-122.oe2003sp4.aarch64.rpm ruby-devel-3.0.3-132.oe2203.aarch64.rpm rubygem-psych-3.3.2-132.oe2203.aarch64.rpm rubygem-io-console-0.5.7-132.oe2203.aarch64.rpm ruby-debuginfo-3.0.3-132.oe2203.aarch64.rpm ruby-debugsource-3.0.3-132.oe2203.aarch64.rpm ruby-3.0.3-132.oe2203.aarch64.rpm rubygem-json-2.5.1-132.oe2203.aarch64.rpm rubygem-bigdecimal-3.0.0-132.oe2203.aarch64.rpm rubygem-openssl-2.2.1-132.oe2203.aarch64.rpm ruby-devel-3.0.3-132.oe2203sp1.aarch64.rpm rubygem-io-console-0.5.7-132.oe2203sp1.aarch64.rpm rubygem-openssl-2.2.1-132.oe2203sp1.aarch64.rpm ruby-3.0.3-132.oe2203sp1.aarch64.rpm rubygem-json-2.5.1-132.oe2203sp1.aarch64.rpm rubygem-psych-3.3.2-132.oe2203sp1.aarch64.rpm ruby-debuginfo-3.0.3-132.oe2203sp1.aarch64.rpm ruby-debugsource-3.0.3-132.oe2203sp1.aarch64.rpm rubygem-bigdecimal-3.0.0-132.oe2203sp1.aarch64.rpm rubygem-bigdecimal-3.0.0-132.oe2203sp2.aarch64.rpm rubygem-json-2.5.1-132.oe2203sp2.aarch64.rpm ruby-debuginfo-3.0.3-132.oe2203sp2.aarch64.rpm ruby-debugsource-3.0.3-132.oe2203sp2.aarch64.rpm rubygem-io-console-0.5.7-132.oe2203sp2.aarch64.rpm ruby-3.0.3-132.oe2203sp2.aarch64.rpm rubygem-openssl-2.2.1-132.oe2203sp2.aarch64.rpm rubygem-psych-3.3.2-132.oe2203sp2.aarch64.rpm ruby-devel-3.0.3-132.oe2203sp2.aarch64.rpm rubygem-json-2.5.1-132.oe2203sp3.aarch64.rpm ruby-3.0.3-132.oe2203sp3.aarch64.rpm rubygem-openssl-2.2.1-132.oe2203sp3.aarch64.rpm rubygem-bigdecimal-3.0.0-132.oe2203sp3.aarch64.rpm rubygem-psych-3.3.2-132.oe2203sp3.aarch64.rpm ruby-devel-3.0.3-132.oe2203sp3.aarch64.rpm ruby-debuginfo-3.0.3-132.oe2203sp3.aarch64.rpm ruby-debugsource-3.0.3-132.oe2203sp3.aarch64.rpm rubygem-io-console-0.5.7-132.oe2203sp3.aarch64.rpm ruby-help-2.5.8-122.oe1.noarch.rpm rubygem-test-unit-3.2.7-122.oe1.noarch.rpm rubygem-power_assert-1.1.1-122.oe1.noarch.rpm rubygems-2.7.6-122.oe1.noarch.rpm rubygem-rdoc-6.0.1.1-122.oe1.noarch.rpm rubygem-net-telnet-0.1.1-122.oe1.noarch.rpm rubygem-xmlrpc-0.3.0-122.oe1.noarch.rpm ruby-irb-2.5.8-122.oe1.noarch.rpm rubygem-minitest-5.10.3-122.oe1.noarch.rpm rubygem-did_you_mean-1.2.0-122.oe1.noarch.rpm rubygem-rake-12.3.0-122.oe1.noarch.rpm rubygems-devel-2.7.6-122.oe1.noarch.rpm rubygems-devel-2.7.6-122.oe2003sp4.noarch.rpm rubygem-xmlrpc-0.3.0-122.oe2003sp4.noarch.rpm rubygem-did_you_mean-1.2.0-122.oe2003sp4.noarch.rpm rubygem-test-unit-3.2.7-122.oe2003sp4.noarch.rpm rubygems-2.7.6-122.oe2003sp4.noarch.rpm rubygem-rdoc-6.0.1.1-122.oe2003sp4.noarch.rpm ruby-help-2.5.8-122.oe2003sp4.noarch.rpm rubygem-power_assert-1.1.1-122.oe2003sp4.noarch.rpm ruby-irb-2.5.8-122.oe2003sp4.noarch.rpm rubygem-net-telnet-0.1.1-122.oe2003sp4.noarch.rpm rubygem-rake-12.3.0-122.oe2003sp4.noarch.rpm rubygem-minitest-5.10.3-122.oe2003sp4.noarch.rpm rubygems-devel-3.2.32-132.oe2203.noarch.rpm rubygem-did_you_mean-1.5.0-132.oe2203.noarch.rpm rubygem-rbs-1.4.0-132.oe2203.noarch.rpm ruby-help-3.0.3-132.oe2203.noarch.rpm rubygem-test-unit-3.3.7-132.oe2203.noarch.rpm rubygem-minitest-5.14.2-132.oe2203.noarch.rpm rubygem-typeprof-0.15.2-132.oe2203.noarch.rpm ruby-irb-3.0.3-132.oe2203.noarch.rpm rubygem-rake-13.0.3-132.oe2203.noarch.rpm rubygems-3.2.32-132.oe2203.noarch.rpm rubygem-rexml-3.2.5-132.oe2203.noarch.rpm rubygem-bundler-2.2.32-132.oe2203.noarch.rpm rubygem-rss-0.2.9-132.oe2203.noarch.rpm rubygem-rdoc-6.3.3-132.oe2203.noarch.rpm rubygem-test-unit-3.3.7-132.oe2203sp1.noarch.rpm rubygems-devel-3.2.32-132.oe2203sp1.noarch.rpm ruby-irb-3.0.3-132.oe2203sp1.noarch.rpm rubygem-rbs-1.4.0-132.oe2203sp1.noarch.rpm rubygem-rdoc-6.3.3-132.oe2203sp1.noarch.rpm rubygem-rexml-3.2.5-132.oe2203sp1.noarch.rpm rubygem-bundler-2.2.32-132.oe2203sp1.noarch.rpm rubygem-did_you_mean-1.5.0-132.oe2203sp1.noarch.rpm rubygem-minitest-5.14.2-132.oe2203sp1.noarch.rpm ruby-help-3.0.3-132.oe2203sp1.noarch.rpm rubygem-rake-13.0.3-132.oe2203sp1.noarch.rpm rubygem-rss-0.2.9-132.oe2203sp1.noarch.rpm rubygems-3.2.32-132.oe2203sp1.noarch.rpm rubygem-typeprof-0.15.2-132.oe2203sp1.noarch.rpm rubygem-typeprof-0.15.2-132.oe2203sp2.noarch.rpm rubygem-rss-0.2.9-132.oe2203sp2.noarch.rpm rubygems-devel-3.2.32-132.oe2203sp2.noarch.rpm rubygem-rexml-3.2.5-132.oe2203sp2.noarch.rpm rubygem-test-unit-3.3.7-132.oe2203sp2.noarch.rpm rubygem-rdoc-6.3.3-132.oe2203sp2.noarch.rpm rubygem-bundler-2.2.32-132.oe2203sp2.noarch.rpm rubygem-did_you_mean-1.5.0-132.oe2203sp2.noarch.rpm rubygem-rbs-1.4.0-132.oe2203sp2.noarch.rpm rubygems-3.2.32-132.oe2203sp2.noarch.rpm ruby-help-3.0.3-132.oe2203sp2.noarch.rpm rubygem-minitest-5.14.2-132.oe2203sp2.noarch.rpm ruby-irb-3.0.3-132.oe2203sp2.noarch.rpm rubygem-rake-13.0.3-132.oe2203sp2.noarch.rpm rubygem-bundler-2.2.32-132.oe2203sp3.noarch.rpm rubygem-rss-0.2.9-132.oe2203sp3.noarch.rpm ruby-irb-3.0.3-132.oe2203sp3.noarch.rpm rubygem-rbs-1.4.0-132.oe2203sp3.noarch.rpm rubygem-rdoc-6.3.3-132.oe2203sp3.noarch.rpm ruby-help-3.0.3-132.oe2203sp3.noarch.rpm rubygem-typeprof-0.15.2-132.oe2203sp3.noarch.rpm rubygem-rexml-3.2.5-132.oe2203sp3.noarch.rpm rubygem-test-unit-3.3.7-132.oe2203sp3.noarch.rpm rubygems-devel-3.2.32-132.oe2203sp3.noarch.rpm rubygems-3.2.32-132.oe2203sp3.noarch.rpm rubygem-did_you_mean-1.5.0-132.oe2203sp3.noarch.rpm rubygem-rake-13.0.3-132.oe2203sp3.noarch.rpm rubygem-minitest-5.14.2-132.oe2203sp3.noarch.rpm ruby-2.5.8-122.oe1.src.rpm ruby-2.5.8-122.oe2003sp4.src.rpm ruby-3.0.3-132.oe2203.src.rpm ruby-3.0.3-132.oe2203sp1.src.rpm ruby-3.0.3-132.oe2203sp2.src.rpm ruby-3.0.3-132.oe2203sp3.src.rpm rubygem-io-console-0.4.6-122.oe1.x86_64.rpm ruby-2.5.8-122.oe1.x86_64.rpm ruby-debugsource-2.5.8-122.oe1.x86_64.rpm ruby-devel-2.5.8-122.oe1.x86_64.rpm rubygem-json-2.1.0-122.oe1.x86_64.rpm rubygem-psych-3.0.2-122.oe1.x86_64.rpm rubygem-bigdecimal-1.3.4-122.oe1.x86_64.rpm rubygem-openssl-2.1.2-122.oe1.x86_64.rpm ruby-debuginfo-2.5.8-122.oe1.x86_64.rpm rubygem-json-2.1.0-122.oe2003sp4.x86_64.rpm ruby-debuginfo-2.5.8-122.oe2003sp4.x86_64.rpm ruby-2.5.8-122.oe2003sp4.x86_64.rpm ruby-debugsource-2.5.8-122.oe2003sp4.x86_64.rpm rubygem-psych-3.0.2-122.oe2003sp4.x86_64.rpm ruby-devel-2.5.8-122.oe2003sp4.x86_64.rpm rubygem-io-console-0.4.6-122.oe2003sp4.x86_64.rpm rubygem-bigdecimal-1.3.4-122.oe2003sp4.x86_64.rpm rubygem-openssl-2.1.2-122.oe2003sp4.x86_64.rpm rubygem-io-console-0.5.7-132.oe2203.x86_64.rpm rubygem-openssl-2.2.1-132.oe2203.x86_64.rpm ruby-debuginfo-3.0.3-132.oe2203.x86_64.rpm rubygem-bigdecimal-3.0.0-132.oe2203.x86_64.rpm ruby-devel-3.0.3-132.oe2203.x86_64.rpm rubygem-psych-3.3.2-132.oe2203.x86_64.rpm rubygem-json-2.5.1-132.oe2203.x86_64.rpm ruby-3.0.3-132.oe2203.x86_64.rpm ruby-debugsource-3.0.3-132.oe2203.x86_64.rpm rubygem-openssl-2.2.1-132.oe2203sp1.x86_64.rpm rubygem-bigdecimal-3.0.0-132.oe2203sp1.x86_64.rpm ruby-debugsource-3.0.3-132.oe2203sp1.x86_64.rpm rubygem-psych-3.3.2-132.oe2203sp1.x86_64.rpm ruby-devel-3.0.3-132.oe2203sp1.x86_64.rpm rubygem-json-2.5.1-132.oe2203sp1.x86_64.rpm ruby-debuginfo-3.0.3-132.oe2203sp1.x86_64.rpm rubygem-io-console-0.5.7-132.oe2203sp1.x86_64.rpm ruby-3.0.3-132.oe2203sp1.x86_64.rpm rubygem-openssl-2.2.1-132.oe2203sp2.x86_64.rpm rubygem-psych-3.3.2-132.oe2203sp2.x86_64.rpm ruby-devel-3.0.3-132.oe2203sp2.x86_64.rpm ruby-3.0.3-132.oe2203sp2.x86_64.rpm ruby-debuginfo-3.0.3-132.oe2203sp2.x86_64.rpm rubygem-bigdecimal-3.0.0-132.oe2203sp2.x86_64.rpm rubygem-io-console-0.5.7-132.oe2203sp2.x86_64.rpm rubygem-json-2.5.1-132.oe2203sp2.x86_64.rpm ruby-debugsource-3.0.3-132.oe2203sp2.x86_64.rpm ruby-3.0.3-132.oe2203sp3.x86_64.rpm ruby-devel-3.0.3-132.oe2203sp3.x86_64.rpm rubygem-bigdecimal-3.0.0-132.oe2203sp3.x86_64.rpm rubygem-psych-3.3.2-132.oe2203sp3.x86_64.rpm rubygem-json-2.5.1-132.oe2203sp3.x86_64.rpm ruby-debuginfo-3.0.3-132.oe2203sp3.x86_64.rpm rubygem-openssl-2.2.1-132.oe2203sp3.x86_64.rpm ruby-debugsource-3.0.3-132.oe2203sp3.x86_64.rpm rubygem-io-console-0.5.7-132.oe2203sp3.x86_64.rpm An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4.The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later. 2024-04-12 CVE-2024-27280 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 Low 3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N ruby security update 2024-04-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1433 An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0.When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored.When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache. 2024-04-12 CVE-2024-27281 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 Medium 4.5 AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L ruby security update 2024-04-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1433