{"schema_version": "1.3.1", "id": "RLSA-2024:1576", "modified": "2024-04-05T14:58:33.591303Z", "published": "2024-04-05T14:57:12.936995Z", "related": ["CVE-2021-33621", "CVE-2023-28755", "CVE-2023-28756", "CVE-2023-36617"], "summary": "Moderate: ruby:3.1 security, bug fix, and enhancement update", "details": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nThe following packages have been upgraded to a later upstream version: ruby (3.1). (Rocky Linux-29052)\n\nSecurity Fix(es):\n\n* ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)\n\n* ruby: ReDoS vulnerability in URI (CVE-2023-28755)\n\n* ruby: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617)\n\n* ruby: ReDoS vulnerability in Time (CVE-2023-28756)\n\nBug Fix(es):\n\n* ruby/rubygem-irb: IRB has hard dependency on rubygem-rdoc (Rocky Linux-29048)\n\n* ruby: Ruby cannot read private key in FIPS mode on Rocky Linux 9 (Rocky Linux-12437)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "affected": [{"package": {"ecosystem": "Rocky Linux:9", "name": "rubygem-mysql2", "purl": "pkg:rpm/rocky-linux/rubygem-mysql2?distro=rocky-linux-9&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.5.4-1.module+el9.1.0+13172+8d1baf64"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:9", "name": "rubygem-pg", "purl": "pkg:rpm/rocky-linux/rubygem-pg?distro=rocky-linux-9&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.3.5-1.module+el9.1.0+13172+8d1baf64"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2024:1576"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149706"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184059"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184061"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218614"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}