Release date:
2026-06-11 08:24:33 UTC
Description:
* SECURITY UPDATE: Heap buffer overflow in the bundled zlib extension via
Zlib::GzipReader#ungetc
- debian/patches/CVE-2026-27820.patch: in zstream_buffer_ungets()
(ext/zlib/zlib.c) the output buffer was expanded only when it was
already full (rb_str_capacity(z->buf) <= ZSTREAM_BUF_FILLED(z)), so a
large ungetc payload memmove()'d and wrote past the allocation. Make
the expansion unconditional via zstream_expand_buffer_into(z, len),
which guarantees capacity for filled + len before the memmove. Also
backports the upstream regression test test_ungetc_buffer_underflow.
- CVE-2026-27820
Updated packages:
-
alt-ruby30_3.0.7-173_amd64.deb
sha:5560e9cb330aad9746cc368ff16ff6f54060411a
-
alt-ruby30-default-gems_3.0.7-173_amd64.deb
sha:08daa913cda690e6d5afee6d8c49a29fce7c07e7
-
alt-ruby30-devel_3.0.7-173_amd64.deb
sha:bf4c9a97c60a9324dcc0c1e7ee83b0702c3bb1a8
-
alt-ruby30-doc_3.0.7-173_amd64.deb
sha:641eec750268fb026cf1d74c1a8514355cb3885c
-
alt-ruby30-libs_3.0.7-173_amd64.deb
sha:99591f6b1171b03024083d3f1fc48530d32de491
-
alt-ruby30-rubygem-bigdecimal_3.0.0-173_amd64.deb
sha:a993416737ed273a9aed760b7c4ba66ad3044922
-
alt-ruby30-rubygem-bundler_2.2.33-173_amd64.deb
sha:f5754c09db6cb740b612de7598ec7f6f2b0858c5
-
alt-ruby30-rubygem-io-console_0.5.7-173_amd64.deb
sha:f49e3109cd02ae48a4806a87558b324e83ca0b4f
-
alt-ruby30-rubygem-irb_1.3.5-173_amd64.deb
sha:f0fd1371df5cd63311fe6c5ae7d25d1ab75b37af
-
alt-ruby30-rubygem-json_2.5.1-173_amd64.deb
sha:c3af43eb176cb5c7ec4b95f9ff00a8059420628f
-
alt-ruby30-rubygem-minitest_5.14.2-173_amd64.deb
sha:f3e2652306749235c493d23fd8daf3aedc581e20
-
alt-ruby30-rubygem-power-assert_1.2.1-173_amd64.deb
sha:cb6df4878ab42bc743194a6c821d38d98d260407
-
alt-ruby30-rubygem-psych_3.3.2-173_amd64.deb
sha:25046dddcea906c8fa888c331025418560ce98f4
-
alt-ruby30-rubygem-rake_13.0.3-173_amd64.deb
sha:6a9432b044e7f500759485a5606dfef5cfd5b98a
-
alt-ruby30-rubygem-rbs_1.4.0-173_amd64.deb
sha:9f8ba30d90d8a4fed514e7d1ae020d812f0b1082
-
alt-ruby30-rubygem-rdoc_6.3.4.1-173_amd64.deb
sha:b06e0bf70cffa4a34b7e1abda32474e4e6f38a33
-
alt-ruby30-rubygem-rexml_3.2.5-173_amd64.deb
sha:f0643284b3d572af7751b6634e6d6e06bd6fc468
-
alt-ruby30-rubygem-rss_0.2.9-173_amd64.deb
sha:5425cef2544d5a23582e288f1abeb4292ebe9c40
-
alt-ruby30-rubygem-test-unit_3.3.7-173_amd64.deb
sha:0f3a0cc0a7e172ff85731c95bfd8a99c66523ea2
-
alt-ruby30-rubygem-typeprof_0.15.2-173_amd64.deb
sha:3ae3416aac3dcf9dd7de72e69213c0f7d426beb8
-
alt-ruby30-rubygems_3.2.33-173_amd64.deb
sha:0c2b279fdefa05575d48b54232e22153665c1e6d
-
alt-ruby30-rubygems-devel_3.2.33-173_amd64.deb
sha:e5219e59350cf7011e084618106fb650f5e77c63
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
