[CLSA-2026:1781167323] Fix CVE(s): CVE-2026-27820
Type:
security
Severity:
Critical
Release date:
2026-06-11 08:42:30 UTC
Description:
* SECURITY UPDATE: Heap buffer overflow in the bundled zlib extension via Zlib::GzipReader#ungetc - debian/patches/CVE-2026-27820.patch: in zstream_buffer_ungets() (ext/zlib/zlib.c) the output buffer was expanded only when it was already full (rb_str_capacity(z->buf) <= ZSTREAM_BUF_FILLED(z)), so a large ungetc payload memmove()'d and wrote past the allocation. Make the expansion unconditional via zstream_expand_buffer_into(z, len), which guarantees capacity for filled + len before the memmove. Also backports the upstream regression test test_ungetc_buffer_underflow. - CVE-2026-27820
CVEs fixed:
Updated packages:
  • alt-ruby30_3.0.7-173_amd64.deb
    sha:e59129def16e5232e811dacbbb3cd57c63533660
  • alt-ruby30-default-gems_3.0.7-173_amd64.deb
    sha:ccbcf83298c45cd75c25454e3819a03acf01e3e9
  • alt-ruby30-devel_3.0.7-173_amd64.deb
    sha:747f4d1bac6609f0d438a3b84cc93c140df9aec4
  • alt-ruby30-doc_3.0.7-173_amd64.deb
    sha:9a33ca0e82cb8689459ca144e1490ee4b58206c2
  • alt-ruby30-libs_3.0.7-173_amd64.deb
    sha:80811772000622cefd9a2102e75be14f6ba99d34
  • alt-ruby30-rubygem-bigdecimal_3.0.0-173_amd64.deb
    sha:009560fd14232cdd49944004c18b7e610821eea0
  • alt-ruby30-rubygem-bundler_2.2.33-173_amd64.deb
    sha:706288a6ed694a2d271aaec6e421c48ae108d221
  • alt-ruby30-rubygem-io-console_0.5.7-173_amd64.deb
    sha:492ac7706a81e9063371fd47acb0913e9ab9bccf
  • alt-ruby30-rubygem-irb_1.3.5-173_amd64.deb
    sha:213244109c5cf5d9be84bad07eb209c3bdff9a21
  • alt-ruby30-rubygem-json_2.5.1-173_amd64.deb
    sha:423b5ea563a3d6072280735a7176803eb1a51399
  • alt-ruby30-rubygem-minitest_5.14.2-173_amd64.deb
    sha:1f370b1e1d917d1077f22f8249e36a24f35ba3c1
  • alt-ruby30-rubygem-power-assert_1.2.1-173_amd64.deb
    sha:137f06d8b30091b880218fdbc2dbf73c6f677ac3
  • alt-ruby30-rubygem-psych_3.3.2-173_amd64.deb
    sha:2ecb80294c4140e9157934703857cc9cb1a80a68
  • alt-ruby30-rubygem-rake_13.0.3-173_amd64.deb
    sha:eca29b1933622a58ea4415c7f2e4ea72700667c2
  • alt-ruby30-rubygem-rbs_1.4.0-173_amd64.deb
    sha:acfca0af9592fdd44d90616ef4b31b111ee79ac7
  • alt-ruby30-rubygem-rdoc_6.3.4.1-173_amd64.deb
    sha:4aa249b42e775e7b64b234546496c7c2d247240b
  • alt-ruby30-rubygem-rexml_3.2.5-173_amd64.deb
    sha:4c38232f968e0d4d075955b09d237fd3009e5866
  • alt-ruby30-rubygem-rss_0.2.9-173_amd64.deb
    sha:62f60f8d045e37c6fc24205fef0108b7621d6c19
  • alt-ruby30-rubygem-test-unit_3.3.7-173_amd64.deb
    sha:dca9471f6162b0c862c628cc219cd464d64d82fa
  • alt-ruby30-rubygem-typeprof_0.15.2-173_amd64.deb
    sha:9b3a2fcf506ae655c6274c36193ef470f62499de
  • alt-ruby30-rubygems_3.2.33-173_amd64.deb
    sha:ee6c0ba238d9de2915051f43b98dd5dec439a626
  • alt-ruby30-rubygems-devel_3.2.33-173_amd64.deb
    sha:9113684b0bdc2a0aa0fc09914ccd009fbaa19e3a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.