Advisories » MGASA-2024-0160

Updated ruby packages fix security vulnerabilities

Publication date: 09 May 2024
Modification date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-27280 , CVE-2024-27281 , CVE-2024-27282

Description

Buffer overread vulnerability in StringIO. (CVE-2024-27280)
RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281)
Arbitrary memory address read vulnerability with Regex search.
(CVE-2024-27282)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33138
• https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-1-5-released/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27280
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27281
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27282

SRPMS

9/core

• ruby-3.1.5-45.mga9