ALT-PU-2022-6233-1
Package ruby updated to version 3.1.1-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Published: 2023-03-30
BDU:2023-02020
Уязвимость библиотеки Time интерпретатора Ruby, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-03-31
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
- https://github.com/ruby/time/releases/
- [debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update
- FEDORA-2023-6b924d3b75
- FEDORA-2023-f58d72c700
- FEDORA-2023-a7be7ea1aa
- GLSA-202401-27
- https://security.netapp.com/advisory/ntap-20230526-0004/
- https://www.ruby-lang.org/en/downloads/releases/
- https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/
- https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
- https://github.com/ruby/time/releases/
- https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
- https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/
- https://www.ruby-lang.org/en/downloads/releases/
- https://security.netapp.com/advisory/ntap-20230526-0004/
- GLSA-202401-27
- FEDORA-2023-a7be7ea1aa
- FEDORA-2023-f58d72c700
- FEDORA-2023-6b924d3b75
- [debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update