Release date:
2026-06-08 11:46:59 UTC
Description:
* SECURITY UPDATE: REXML DoS via many '<' or '>' characters in an attribute value
- debian/patches/CVE-2024-35176.patch: in parse_attributes, when the
outer @source.match stops at a '>' inside a quoted attribute value,
read forward to the actual closing quote in a single chunk instead
of looping one '>' at a time, so the per-attribute outer loop is
O(1) iterations rather than O(n). Also extend IOSource#match to
always re-try the regex after read() returns false at EOF so the
final partially-filled buffer is still matched.
- CVE-2024-35176
* SECURITY UPDATE: REXML ReDoS via repeated zeros in a character reference
- debian/patches/CVE-2024-39908.patch: rewrite REXML::Text.check to
iterate over '<' and '&' sentinels with String#index and validate
each entity / character reference explicitly, instead of
string.scan() with the NEEDS_A_SECOND_CHECK regex whose '�*'
branch caused O(n^2) backtracking on inputs with many leading
zeros. The remaining CVE-2024-39908 subvariants (repeated '>'
inside
Updated packages:
-
alt-ruby30_3.0.7-172_amd64.deb
sha:38538b77f74c519a66a04ca88e405ba274617f99
-
alt-ruby30-default-gems_3.0.7-172_amd64.deb
sha:9cae8cbad202ab91fb38a917ae3cc39ad80e8ff3
-
alt-ruby30-devel_3.0.7-172_amd64.deb
sha:96142d6e49d6d0ed8ea415a75e49d3ebeed28f6e
-
alt-ruby30-doc_3.0.7-172_amd64.deb
sha:253555f0e23ed7a26c19d6425df78ce4c42664e1
-
alt-ruby30-libs_3.0.7-172_amd64.deb
sha:1c39dadfe76fb7718492f0dac739d5dda7dffd70
-
alt-ruby30-rubygem-bigdecimal_3.0.0-172_amd64.deb
sha:a28de5cb9313f206a8220c6901a5b2ddab54e94e
-
alt-ruby30-rubygem-bundler_2.2.33-172_amd64.deb
sha:d034cec73ddc6d91d99576e8d5c13489688cb8fe
-
alt-ruby30-rubygem-io-console_0.5.7-172_amd64.deb
sha:5b85ff2128ef26eae54e4a5f5bada2506c68d04b
-
alt-ruby30-rubygem-irb_1.3.5-172_amd64.deb
sha:f82e027cbdbf20d53958db151e32fc3d698d68ee
-
alt-ruby30-rubygem-json_2.5.1-172_amd64.deb
sha:267de2ce7685737bbd261502da55a1f4538b008a
-
alt-ruby30-rubygem-minitest_5.14.2-172_amd64.deb
sha:f45f85cf363128ba0aa787de8a934d164d76009a
-
alt-ruby30-rubygem-power-assert_1.2.1-172_amd64.deb
sha:beae404431b136d0a4ea569c23b1e36c28d81151
-
alt-ruby30-rubygem-psych_3.3.2-172_amd64.deb
sha:d4939211b7c6a9844509fdf0bf56ba7fcd49b263
-
alt-ruby30-rubygem-rake_13.0.3-172_amd64.deb
sha:36e8f9cbd9fc0f05cc998133bcafef6e6900ddc2
-
alt-ruby30-rubygem-rbs_1.4.0-172_amd64.deb
sha:b92678b7eb0767f4d63c0166bd114c2d85ec0f1a
-
alt-ruby30-rubygem-rdoc_6.3.4.1-172_amd64.deb
sha:a15c7ca9ca2d243953ef7e2e486f07cb5f468690
-
alt-ruby30-rubygem-rexml_3.2.5-172_amd64.deb
sha:c8b3c03b03efd8fdd52b97118362b1e1727080a6
-
alt-ruby30-rubygem-rss_0.2.9-172_amd64.deb
sha:9cf2d2c581771feaf8c6b79c89dc977f5e684d8f
-
alt-ruby30-rubygem-test-unit_3.3.7-172_amd64.deb
sha:b458ff7f94c84094511cfcc136878e6d7d5dfcd4
-
alt-ruby30-rubygem-typeprof_0.15.2-172_amd64.deb
sha:0ad092fd665622fea76b473e52c99fe1d72d65cf
-
alt-ruby30-rubygems_3.2.33-172_amd64.deb
sha:c3424f39699e13f732dded534386fd30233c6b1f
-
alt-ruby30-rubygems-devel_3.2.33-172_amd64.deb
sha:d193fa0bf888b84b070ed3c85a6a830f4a974a54
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
