Release date:
2026-06-08 09:08:28 UTC
Description:
* SECURITY UPDATE: REXML DoS via many '<' or '>' characters in an attribute value
- debian/patches/CVE-2024-35176.patch: in parse_attributes, when the
outer @source.match stops at a '>' inside a quoted attribute value,
read forward to the actual closing quote in a single chunk instead
of looping one '>' at a time, so the per-attribute outer loop is
O(1) iterations rather than O(n). Also extend IOSource#match to
always re-try the regex after read() returns false at EOF so the
final partially-filled buffer is still matched.
- CVE-2024-35176
* SECURITY UPDATE: REXML ReDoS via repeated zeros in a character reference
- debian/patches/CVE-2024-39908.patch: rewrite REXML::Text.check to
iterate over '<' and '&' sentinels with String#index and validate
each entity / character reference explicitly, instead of
string.scan() with the NEEDS_A_SECOND_CHECK regex whose '�*'
branch caused O(n^2) backtracking on inputs with many leading
zeros. The remaining CVE-2024-39908 subvariants (repeated '>'
inside
Updated packages:
-
alt-ruby30_3.0.7-172_amd64.deb
sha:8afa79840e0fcfb2ad9a3d35214a1ebffe222650
-
alt-ruby30-default-gems_3.0.7-172_amd64.deb
sha:3c63c826dc45251bb3c1150192e1670103d20cf5
-
alt-ruby30-devel_3.0.7-172_amd64.deb
sha:a19a7c64358f26ddb5c5398ae60e105ff781591f
-
alt-ruby30-doc_3.0.7-172_amd64.deb
sha:3c0192d4dd1f4a83baa7a750287266eac218d067
-
alt-ruby30-libs_3.0.7-172_amd64.deb
sha:fbc5351b63f0443a3f6147d677c5b47d67d515cb
-
alt-ruby30-rubygem-bigdecimal_3.0.0-172_amd64.deb
sha:fefd07ef0244d41df96fbc30ab644a52090bcd16
-
alt-ruby30-rubygem-bundler_2.2.33-172_amd64.deb
sha:4909f7981b5e37417bfb80ebcde5b3bd0ca8213f
-
alt-ruby30-rubygem-io-console_0.5.7-172_amd64.deb
sha:9089dacf4d4e08cc9e8545b8c6e22e1411e63ee1
-
alt-ruby30-rubygem-irb_1.3.5-172_amd64.deb
sha:3cddb8ae3af45494f89a308a4e90a2fa4241e376
-
alt-ruby30-rubygem-json_2.5.1-172_amd64.deb
sha:c0d0a6d02fb4c4471c73f4e19c77709277e7353a
-
alt-ruby30-rubygem-minitest_5.14.2-172_amd64.deb
sha:3b128e6bcdc205e47a6c2a9f632242bc2c6d63bf
-
alt-ruby30-rubygem-power-assert_1.2.1-172_amd64.deb
sha:315c22f1a12421c003e5d8048624c7a218b37c73
-
alt-ruby30-rubygem-psych_3.3.2-172_amd64.deb
sha:6392a6babb6eeeee1f9e28639d5dfb2bba0abded
-
alt-ruby30-rubygem-rake_13.0.3-172_amd64.deb
sha:b9546ab6f3c6cf81681c0cd895fb5406d7830c95
-
alt-ruby30-rubygem-rbs_1.4.0-172_amd64.deb
sha:b8a30083fea4d408851f0ab7727201ae0d026367
-
alt-ruby30-rubygem-rdoc_6.3.4.1-172_amd64.deb
sha:2d1dde483ed45c098da543080d7cd1d28f10cdae
-
alt-ruby30-rubygem-rexml_3.2.5-172_amd64.deb
sha:44eb06c601ae197676bbfa518f5db35801440671
-
alt-ruby30-rubygem-rss_0.2.9-172_amd64.deb
sha:6e82f8fb241fe578d15e8f117f01ef06fc7c8e25
-
alt-ruby30-rubygem-test-unit_3.3.7-172_amd64.deb
sha:1034852a00d1510367aa8e6137d6e4a15e9702c2
-
alt-ruby30-rubygem-typeprof_0.15.2-172_amd64.deb
sha:6fb4ee68d270dac8b9ac6c82a7914a68b0640441
-
alt-ruby30-rubygems_3.2.33-172_amd64.deb
sha:c3a25b5addb391d1603675e50b6e2d33577908ac
-
alt-ruby30-rubygems-devel_3.2.33-172_amd64.deb
sha:4d015687df6567432d48ebc59853c3727d208a89
-
alt-ruby30_3.0.7-172_arm64.deb
sha:f22bb48ec8f8ac73736cc056da554fad3424bec2
-
alt-ruby30-default-gems_3.0.7-172_arm64.deb
sha:edf774ce5c4c128dba1f80b53bdc372c3b359b29
-
alt-ruby30-devel_3.0.7-172_arm64.deb
sha:5cb6dbbad0f08ef6484a9dd2a77a727991c8f3fd
-
alt-ruby30-doc_3.0.7-172_arm64.deb
sha:0487271b38bf70433d38abb8edcdc32027d8aa9f
-
alt-ruby30-libs_3.0.7-172_arm64.deb
sha:4a30ce5570c998c6cade007988162c10456f4d6c
-
alt-ruby30-rubygem-bigdecimal_3.0.0-172_arm64.deb
sha:dd6d1ff40ed3a4aeb5bb83e10c7dcebc66f1981b
-
alt-ruby30-rubygem-bundler_2.2.33-172_arm64.deb
sha:f0548004d994cd06d89a5b34dfc1957f5cbb831c
-
alt-ruby30-rubygem-io-console_0.5.7-172_arm64.deb
sha:d5534e731d5c494a0357754a67488a6585be62de
-
alt-ruby30-rubygem-irb_1.3.5-172_arm64.deb
sha:1ab07de4fe2fd722d797a6d478af05e43e0ed0f3
-
alt-ruby30-rubygem-json_2.5.1-172_arm64.deb
sha:49050aa2be53004adb7b72224f6e3445d70c5fe7
-
alt-ruby30-rubygem-minitest_5.14.2-172_arm64.deb
sha:0c4409e04e8e9c885f07d375bcf88ee5b24ea0ec
-
alt-ruby30-rubygem-power-assert_1.2.1-172_arm64.deb
sha:791c0216ea43cfd376b4e9a03f3e15f44ed080f1
-
alt-ruby30-rubygem-psych_3.3.2-172_arm64.deb
sha:fc2765b63c749c475eaa0c8417851c273f5c74d3
-
alt-ruby30-rubygem-rake_13.0.3-172_arm64.deb
sha:6a083d9d48c501d86b76d75775dab3727363e2aa
-
alt-ruby30-rubygem-rbs_1.4.0-172_arm64.deb
sha:09d3566f52f914cae35f048feedd6169838c42b2
-
alt-ruby30-rubygem-rdoc_6.3.4.1-172_arm64.deb
sha:bb2ddf49f1f5496451d725fc5ac44100531eccb9
-
alt-ruby30-rubygem-rexml_3.2.5-172_arm64.deb
sha:8c9c9327d2d3f224a9dda7822f36db90e9c7dc76
-
alt-ruby30-rubygem-rss_0.2.9-172_arm64.deb
sha:13c14afed62bb9bc315d40c8e9ff3540a711c350
-
alt-ruby30-rubygem-test-unit_3.3.7-172_arm64.deb
sha:47fde52fe0b48b43146d2ca6098ffb926629b040
-
alt-ruby30-rubygem-typeprof_0.15.2-172_arm64.deb
sha:206196df72a2a40d93981f23222dfe9f162c4128
-
alt-ruby30-rubygems_3.2.33-172_arm64.deb
sha:8bcba3daaad904f5d54fa3c09d860bd744ce8479
-
alt-ruby30-rubygems-devel_3.2.33-172_arm64.deb
sha:3ddf0e1156420c4bfaf4cf3f1f681f0985e82304
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
