RLSA-2024:6784
- Source
- https://errata.rockylinux.org/RLSA-2024:6784
- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2024:6784.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2024:6784
- Related
- Published
- 2024-09-30T14:30:36.675668Z
- Modified
- 2024-09-30T14:33:13.189188Z
- Summary
- Moderate: ruby:3.3 security update
- Details
-
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
rexml: DoS vulnerability in REXML (CVE-2024-39908)
rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> (CVE-2024-41123)
rexml: DoS vulnerability in REXML (CVE-2024-41946)
rexml: DoS vulnerability in REXML (CVE-2024-43398)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:8 / ruby
Package
- Name
- ruby
- Purl
- pkg:rpm/rocky-linux/ruby?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / rubygem-abrt
Package
- Name
- rubygem-abrt
- Purl
- pkg:rpm/rocky-linux/rubygem-abrt?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / rubygem-mysql2
Package
- Name
- rubygem-mysql2
- Purl
- pkg:rpm/rocky-linux/rubygem-mysql2?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / rubygem-pg
Package
- Name
- rubygem-pg
- Purl
- pkg:rpm/rocky-linux/rubygem-pg?distro=rocky-linux-8&epoch=0