Oracle Linux 6269 Published by

A ruby:2.7 security, bug fix, and enhancement update has been released for Oracle Linux 8.



ELSA-2023-3821 Moderate: Oracle Linux 8 ruby:2.7 security, bug fix, and enhancement update


Oracle Linux Security Advisory ELSA-2023-3821

http://linux.oracle.com/errata/ELSA-2023-3821.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
ruby-2.7.8-139.module+el8.8.0+21111+2e34bf27.i686.rpm
ruby-2.7.8-139.module+el8.8.0+21111+2e34bf27.x86_64.rpm
ruby-default-gems-2.7.8-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
ruby-devel-2.7.8-139.module+el8.8.0+21111+2e34bf27.i686.rpm
ruby-devel-2.7.8-139.module+el8.8.0+21111+2e34bf27.x86_64.rpm
ruby-doc-2.7.8-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-abrt-0.4.0-1.module+el8.3.0+7760+537395ec.noarch.rpm
rubygem-abrt-doc-0.4.0-1.module+el8.3.0+7760+537395ec.noarch.rpm
rubygem-bigdecimal-2.0.0-139.module+el8.8.0+21111+2e34bf27.i686.rpm
rubygem-bigdecimal-2.0.0-139.module+el8.8.0+21111+2e34bf27.x86_64.rpm
rubygem-bson-4.8.1-1.module+el8.4.0+20239+cbf59dc8.x86_64.rpm
rubygem-bson-doc-4.8.1-1.module+el8.4.0+20239+cbf59dc8.noarch.rpm
rubygem-bundler-2.2.24-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-io-console-0.5.6-139.module+el8.8.0+21111+2e34bf27.i686.rpm
rubygem-io-console-0.5.6-139.module+el8.8.0+21111+2e34bf27.x86_64.rpm
rubygem-irb-1.2.6-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-json-2.3.0-139.module+el8.8.0+21111+2e34bf27.i686.rpm
rubygem-json-2.3.0-139.module+el8.8.0+21111+2e34bf27.x86_64.rpm
rubygem-minitest-5.13.0-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-mongo-2.11.3-1.module+el8.3.0+7760+537395ec.noarch.rpm
rubygem-mongo-doc-2.11.3-1.module+el8.3.0+7760+537395ec.noarch.rpm
rubygem-mysql2-0.5.3-1.module+el8.4.0+20239+cbf59dc8.x86_64.rpm
rubygem-mysql2-doc-0.5.3-1.module+el8.4.0+20239+cbf59dc8.noarch.rpm
rubygem-net-telnet-0.2.0-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-openssl-2.1.4-139.module+el8.8.0+21111+2e34bf27.i686.rpm
rubygem-openssl-2.1.4-139.module+el8.8.0+21111+2e34bf27.x86_64.rpm
rubygem-pg-1.2.3-1.module+el8.4.0+20239+cbf59dc8.x86_64.rpm
rubygem-pg-doc-1.2.3-1.module+el8.4.0+20239+cbf59dc8.noarch.rpm
rubygem-power_assert-1.1.7-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-psych-3.1.0-139.module+el8.8.0+21111+2e34bf27.i686.rpm
rubygem-psych-3.1.0-139.module+el8.8.0+21111+2e34bf27.x86_64.rpm
rubygem-rake-13.0.1-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-rdoc-6.2.1.1-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygems-3.1.6-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygems-devel-3.1.6-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-test-unit-3.3.4-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-xmlrpc-0.3.0-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
ruby-libs-2.7.8-139.module+el8.8.0+21111+2e34bf27.i686.rpm
ruby-libs-2.7.8-139.module+el8.8.0+21111+2e34bf27.x86_64.rpm

aarch64:
ruby-2.7.8-139.module+el8.8.0+21111+2e34bf27.aarch64.rpm
ruby-default-gems-2.7.8-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
ruby-devel-2.7.8-139.module+el8.8.0+21111+2e34bf27.aarch64.rpm
ruby-doc-2.7.8-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-abrt-0.4.0-1.module+el8.3.0+7760+537395ec.noarch.rpm
rubygem-abrt-doc-0.4.0-1.module+el8.3.0+7760+537395ec.noarch.rpm
rubygem-bigdecimal-2.0.0-139.module+el8.8.0+21111+2e34bf27.aarch64.rpm
rubygem-bson-4.8.1-1.module+el8.4.0+20239+cbf59dc8.aarch64.rpm
rubygem-bson-doc-4.8.1-1.module+el8.4.0+20239+cbf59dc8.noarch.rpm
rubygem-bundler-2.2.24-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-io-console-0.5.6-139.module+el8.8.0+21111+2e34bf27.aarch64.rpm
rubygem-irb-1.2.6-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-json-2.3.0-139.module+el8.8.0+21111+2e34bf27.aarch64.rpm
rubygem-minitest-5.13.0-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-mongo-2.11.3-1.module+el8.3.0+7760+537395ec.noarch.rpm
rubygem-mongo-doc-2.11.3-1.module+el8.3.0+7760+537395ec.noarch.rpm
rubygem-mysql2-0.5.3-1.module+el8.4.0+20239+cbf59dc8.aarch64.rpm
rubygem-mysql2-doc-0.5.3-1.module+el8.4.0+20239+cbf59dc8.noarch.rpm
rubygem-net-telnet-0.2.0-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-openssl-2.1.4-139.module+el8.8.0+21111+2e34bf27.aarch64.rpm
rubygem-pg-1.2.3-1.module+el8.4.0+20239+cbf59dc8.aarch64.rpm
rubygem-pg-doc-1.2.3-1.module+el8.4.0+20239+cbf59dc8.noarch.rpm
rubygem-power_assert-1.1.7-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-psych-3.1.0-139.module+el8.8.0+21111+2e34bf27.aarch64.rpm
rubygem-rake-13.0.1-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-rdoc-6.2.1.1-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygems-3.1.6-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygems-devel-3.1.6-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-test-unit-3.3.4-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
rubygem-xmlrpc-0.3.0-139.module+el8.8.0+21111+2e34bf27.noarch.rpm
ruby-libs-2.7.8-139.module+el8.8.0+21111+2e34bf27.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//ruby-2.7.8-139.module+el8.8.0+21111+2e34bf27.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-abrt-0.4.0-1.module+el8.3.0+7760+537395ec.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-bson-4.8.1-1.module+el8.4.0+20239+cbf59dc8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-mongo-2.11.3-1.module+el8.3.0+7760+537395ec.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-mysql2-0.5.3-1.module+el8.4.0+20239+cbf59dc8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//rubygem-pg-1.2.3-1.module+el8.4.0+20239+cbf59dc8.src.rpm

Related CVEs:

CVE-2021-33621
CVE-2023-28755
CVE-2023-28756

Description of changes:

ruby
[2.7.8-139]
- Upgrade to Ruby 2.7.8.
Resolves: rhbz#2149262
- Fix HTTP response splitting in CGI.
Resolves: CVE-2021-33621
- Fix ReDoS vulnerability in URI.
Resolves: CVE-2023-28755
- Fix ReDoS vulnerability in Time.
Resolves: CVE-2023-28756

rubygem-abrt
[0.4.0-1]
- Update to abrt 0.4.0.
Resolves: rhbz#1842476

rubygem-bson
[4.8.1-1]
- Update to bson 4.8.1 by merging Fedora master branch (commit: 0741dbc)
Resolves: rhbz#1817135

rubygem-mongo
[2.11.3-1]
- Update to mongo 2.11.3 by merging Fedora master branch (commit: c3f83c2)
Resolves: rhbz#1817135

rubygem-mysql2
[0.5.3-2]
- Update by merging Fedora rawhide branch (commit: 81e2cc9)
- Fix Mysql2::Result test for Ruby 3.1.
- Remove gem_make.out and mkmf.log files from the binary RPM package.
- Fix test assertion for mariadb-connector-c.
Related: rhbz#2063772

[0.5.3-1]
- New upstream release 0.5.3 by merging Fedora master branch (commit: 674d475)
Resolves: rhbz#1817135

[0.5.2-1]
- New upstream release 0.5.2 by merging Fedora master branch (commit: cc15309)
Resolves: rhbz#1672575

rubygem-pg
[1.2.3-1]
- Update to pg 1.2.3 by merging Fedora master branch (commit: 5db4d26)
Resolves: rhbz#1817135