Ubuntu Security Notice USN-6838-1

Ubuntu Security Notice USN-6838-1: Posted Jun 17, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6838-1 - It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdoc_options file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that the Ruby regex compiler incorrectly handled certain memory operations. A remote attacker could possibly use this issue to obtain sensitive memory contents.; tags | advisory, remote, arbitrary, ruby; systems | linux, ubuntu; advisories | CVE-2024-27281, CVE-2024-27282; SHA-256 | 120b5d48766d2e4145ff11d42e77720c22fbb0e8c31ac33a57af9a29ab60b5c4; Download | Favorite | View

Ubuntu Security Notice USN-6838-1

==========================================================================
Ubuntu Security Notice USN-6838-1
June 17, 2024

ruby2.7, ruby3.0, ruby3.1, ruby3.2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Ruby.

Software Description:
- ruby3.2: Object-oriented scripting language
- ruby3.1: Object-oriented scripting language
- ruby3.0: Object-oriented scripting language
- ruby2.7: Object-oriented scripting language

Details:

It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If
a user or automated system were tricked into parsing a specially crafted
.rdoc_options file, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2024-27281)

It was discovered that the Ruby regex compiler incorrectly handled certain
memory operations. A remote attacker could possibly use this issue to
obtain sensitive memory contents. (CVE-2024-27282)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   libruby3.2                      3.2.3-1ubuntu0.24.04.1
   ruby3.2                         3.2.3-1ubuntu0.24.04.1

Ubuntu 23.10
   libruby3.1                      3.1.2-7ubuntu3.2
   ruby3.1                         3.1.2-7ubuntu3.2

Ubuntu 22.04 LTS
   libruby3.0                      3.0.2-7ubuntu2.6
   ruby3.0                         3.0.2-7ubuntu2.6

Ubuntu 20.04 LTS
   libruby2.7                      2.7.0-5ubuntu1.13
   ruby2.7                         2.7.0-5ubuntu1.13

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6838-1
   CVE-2024-27281, CVE-2024-27282

Package Information:
   https://launchpad.net/ubuntu/+source/ruby3.2/3.2.3-1ubuntu0.24.04.1
   https://launchpad.net/ubuntu/+source/ruby3.1/3.1.2-7ubuntu3.2
   https://launchpad.net/ubuntu/+source/ruby3.0/3.0.2-7ubuntu2.6
   https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.13

Top Authors In Last 30 Days

Red Hat 272 files
indoushka 184 files
Jay Turla 150 files
Ubuntu 90 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 25 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,126)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,592)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,362)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,911)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,882)
UNIX (9,459)
UnixWare (188)
Windows (6,772)
Other

Ubuntu Security Notice USN-6838-1

Ubuntu Security Notice USN-6838-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6838-1

Share This

Ubuntu Security Notice USN-6838-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems