-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-8cf0124add 2022-05-08 01:45:04.718148 --------------------------------------------------------------------------------
Name : ruby Product : Fedora 35 Version : 3.0.4 Release : 153.fc35 URL : https://www.ruby-lang.org/ Summary : An interpreter of object-oriented scripting language Description : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible.
-------------------------------------------------------------------------------- Update Information:
Upgrade to Ruby 3.0.4. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 V��t Ondruch vondruch@redhat.com - 3.0.4-153 - Fix loading of default gems. Resolves: rhbz#2027099 * Tue Apr 19 2022 V��t Ondruch vondruch@redhat.com - 3.0.4-152 - Upgrade to Ruby 3.0.4. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2025104 - CVE-2021-41817 ruby: Regular expression denial of service vulnerability of Date parsing methods https://bugzilla.redhat.com/show_bug.cgi?id=2025104 [ 2 ] Bug #2026752 - CVE-2021-41816 ruby: buffer overflow in CGI.escape_html https://bugzilla.redhat.com/show_bug.cgi?id=2026752 [ 3 ] Bug #2026757 - CVE-2021-41819 ruby: Cookie prefix spoofing in CGI::Cookie.parse https://bugzilla.redhat.com/show_bug.cgi?id=2026757 [ 4 ] Bug #2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation https://bugzilla.redhat.com/show_bug.cgi?id=2075685 [ 5 ] Bug #2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion https://bugzilla.redhat.com/show_bug.cgi?id=2075687 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-8cf0124add' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------