Ubuntu Security Notice USN-6838-1

Ubuntu Security Notice USN-6838-1: Posted Jun 17, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6838-1 - It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdoc_options file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that the Ruby regex compiler incorrectly handled certain memory operations. A remote attacker could possibly use this issue to obtain sensitive memory contents.; tags | advisory, remote, arbitrary, ruby; systems | linux, ubuntu; advisories | CVE-2024-27281, CVE-2024-27282; SHA-256 | 120b5d48766d2e4145ff11d42e77720c22fbb0e8c31ac33a57af9a29ab60b5c4; Download | Favorite | View

Ubuntu Security Notice USN-6838-1

==========================================================================
Ubuntu Security Notice USN-6838-1
June 17, 2024

ruby2.7, ruby3.0, ruby3.1, ruby3.2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Ruby.

Software Description:
- ruby3.2: Object-oriented scripting language
- ruby3.1: Object-oriented scripting language
- ruby3.0: Object-oriented scripting language
- ruby2.7: Object-oriented scripting language

Details:

It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If
a user or automated system were tricked into parsing a specially crafted
.rdoc_options file, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2024-27281)

It was discovered that the Ruby regex compiler incorrectly handled certain
memory operations. A remote attacker could possibly use this issue to
obtain sensitive memory contents. (CVE-2024-27282)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   libruby3.2                      3.2.3-1ubuntu0.24.04.1
   ruby3.2                         3.2.3-1ubuntu0.24.04.1

Ubuntu 23.10
   libruby3.1                      3.1.2-7ubuntu3.2
   ruby3.1                         3.1.2-7ubuntu3.2

Ubuntu 22.04 LTS
   libruby3.0                      3.0.2-7ubuntu2.6
   ruby3.0                         3.0.2-7ubuntu2.6

Ubuntu 20.04 LTS
   libruby2.7                      2.7.0-5ubuntu1.13
   ruby2.7                         2.7.0-5ubuntu1.13

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6838-1
   CVE-2024-27281, CVE-2024-27282

Package Information:
   https://launchpad.net/ubuntu/+source/ruby3.2/3.2.3-1ubuntu0.24.04.1
   https://launchpad.net/ubuntu/+source/ruby3.1/3.1.2-7ubuntu3.2
   https://launchpad.net/ubuntu/+source/ruby3.0/3.0.2-7ubuntu2.6
   https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.13

Top Authors In Last 30 Days

Red Hat 213 files
indoushka 118 files
Ubuntu 88 files
Gentoo 33 files
Debian 25 files
Jasper Nota 25 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,107)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,890)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,615)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,777)
UNIX (9,440)
UnixWare (187)
Windows (6,676)
Other

Ubuntu Security Notice USN-6838-1

Ubuntu Security Notice USN-6838-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6838-1

Share This

Ubuntu Security Notice USN-6838-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems