操作系统--麒麟信安操作系统,国产操作系统,麒麟信安云桌面—

公告ID (KylinSec-SA-2024-2340)

摘要:

ruby security update

安全等级: Low

公告ID: KylinSec-SA-2024-2340

发布日期: 2024年5月17日

关联CVE: CVE-2024-27282

详细介绍

1. 漏洞描述

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl).

Security Fix(es):

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.(CVE-2024-27282)

2. 影响范围

cve名称	产品	组件	是否受影响
CVE-2024-27282	KY3.5.2	ruby	Fixed

3. 影响组件

ruby

4. 修复版本

KY3.5.2

软件名称	架构	版本号
rubygem-bundler	noarch	2.2.32-133.ky3_5.kb1
rubygems	noarch	3.2.32-133.ky3_5.kb1
rubygem-test-unit	noarch	3.3.7-133.ky3_5.kb1
rubygem-rbs	noarch	1.4.0-133.ky3_5.kb1
rubygem-minitest	noarch	5.14.2-133.ky3_5.kb1
rubygem-rake	noarch	13.0.3-133.ky3_5.kb1
rubygem-typeprof	noarch	0.15.2-133.ky3_5.kb1
rubygem-did_you_mean	noarch	1.5.0-133.ky3_5.kb1
rubygems-devel	noarch	3.2.32-133.ky3_5.kb1
rubygem-rdoc	noarch	6.3.3-133.ky3_5.kb1
rubygem-rss	noarch	0.2.9-133.ky3_5.kb1
ruby-help	noarch	3.0.3-133.ky3_5.kb1
rubygem-rexml	noarch	3.2.5-133.ky3_5.kb1
ruby-irb	noarch	3.0.3-133.ky3_5.kb1
ruby	x86_64	3.0.3-133.ky3_5.kb1
ruby-devel	x86_64	3.0.3-133.ky3_5.kb1
rubygem-openssl	x86_64	2.2.1-133.ky3_5.kb1
rubygem-bigdecimal	x86_64	3.0.0-133.ky3_5.kb1
rubygem-psych	x86_64	3.3.2-133.ky3_5.kb1
rubygem-json	x86_64	2.5.1-133.ky3_5.kb1
rubygem-io-console	x86_64	0.5.7-133.ky3_5.kb1
rubygem-psych	aarch64	3.3.2-133.ky3_5.kb1
rubygem-io-console	aarch64	0.5.7-133.ky3_5.kb1
ruby-devel	aarch64	3.0.3-133.ky3_5.kb1
ruby	aarch64	3.0.3-133.ky3_5.kb1
rubygem-json	aarch64	2.5.1-133.ky3_5.kb1
rubygem-openssl	aarch64	2.2.1-133.ky3_5.kb1
rubygem-bigdecimal	aarch64	3.0.0-133.ky3_5.kb1