| Summary: | ruby new security issues CVE-2024-2728[0-2] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, sysadmin-bugs, tarazed25 |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | ruby-3.1.4-44.mga9.src.rpm | CVE: | CVE-2024-27280, CVE-2024-27281, CVE-2024-27282 |
| Status comment: | |||
| Attachments: |
fibonacci series demo script
Fibonacci demo script plain text version of fibonacci test |
||
|
Description
Nicolas Salguero
2024-04-24 14:47:34 CEST
Nicolas Salguero
2024-04-24 14:48:06 CEST
Whiteboard:
(none) =>
MGA9TOO Looks right for you, Pascal. Just a version update. Assignee:
bugsquad =>
pterjan ruby-3.1.5 is in cauldron and being uploaded to 9/updates_testing Suggested advisory: ======================== The updated packages fix security vulnerabilities: Buffer overread vulnerability in StringIO. (CVE-2024-27280) RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282) References: https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-1-5-released/ ======================== Updated packages in core/updates_testing: ======================== lib(64)ruby3.1-3.1.5-45.mga9 ruby-3.1.5-45.mga9 ruby-RubyGems-3.3.26-45.mga9 ruby-bigdecimal-3.1.1-45.mga9 ruby-bundled-gems-3.1.5-45.mga9 ruby-bundler-2.3.27-45.mga9 ruby-devel-3.1.5-45.mga9 ruby-doc-3.1.5-45.mga9 ruby-io-console-0.5.11-45.mga9 ruby-irb-3.1.5-45.mga9 ruby-json-2.6.1-45.mga9 ruby-power_assert-2.0.1-45.mga9 ruby-psych-4.0.4-45.mga9 ruby-rake-13.0.6-45.mga9 ruby-rbs-2.7.0-45.mga9 ruby-rdoc-6.4.1.1-45.mga9 ruby-rexml-3.2.5-45.mga9 ruby-rss-0.2.9-45.mga9 ruby-test-unit-3.5.3-45.mga9 ruby-typeprof-0.21.3-45.mga9 from SRPM: ruby-3.1.5-45.mga9.src.rpm Whiteboard:
MGA9TOO =>
(none)
katnatek
2024-05-02 20:13:33 CEST
Keywords:
(none) =>
advisory Created attachment 14526 [details]
fibonacci series demo script
Not interactive - just run it.CC:
(none) =>
tarazed25 Created attachment 14527 [details]
Fibonacci demo script
Not interactive - just run it
Created attachment 14528 [details]
plain text version of fibonacci test
$ ruby fibonacci.rb
Mageia9, x64
Been using ruby for local utilities without issue for years.
The packages updated cleanly.
Managed to start puppet but there is nothing for it to work with.
$ sudo systemctl start puppet
$ sudo systemctl status puppet
● puppet.service - Puppet agent
Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled; preset: disabled)
Active: active (running) since Sat 2024-05-04 21:05:46 BST; 32min ago
Main PID: 2873650 (puppet)
Tasks: 1 (limit: 37990)
Memory: 55.1M
CPU: 713ms
CGroup: /system.slice/puppet.service
└─2873650 /usr/bin/ruby /usr/bin/puppet agent --no-daemonize
May 04 21:33:47 yildun puppet-agent[2873650]: Failed to open TCP connection to puppet:8140 (getaddrinfo:>
May 04 21:33:47 yildun puppet-agent[2873650]: No more routes to ca
May 04 21:35:47 yildun puppet-agent[2873650]: Connection to https://puppet:8140/puppet-ca/v1 failed, try>
May 04 21:35:47 yildun puppet-agent[2873650]: Wrapped exception:
May 04 21:35:47 yildun puppet-agent[2873650]: Failed to open TCP connection to puppet:8140 (getaddrinfo:>
May 04 21:35:47 yildun puppet-agent[2873650]: No more routes to ca
May 04 21:37:47 yildun puppet-agent[2873650]: Connection to https://puppet:8140/puppet-ca/v1 failed, try>
May 04 21:37:47 yildun puppet-agent[2873650]: Wrapped exception:
May 04 21:37:47 yildun puppet-agent[2873650]: Failed to open TCP connection to puppet:8140 (getaddrinfo:>
May 04 21:37:47 yildun puppet-agent[2873650]: No more routes to ca
$ puppet --version
7.12.1
Ran attached script to deal with numbers from the Fibonacci series.
$ ruby fibonacci.rb
<
Using recursion to calculate Fibonacci numbers 11 and 29
89
514229
Do not run anything larger than 39 or you may be here all day!
The Golden Ratio is 1.618033988749895
Term 43 of Fibonacci sequence is 433494437
Any term beyond 70 is difficult to represent exactly.
>
Tried out the REPL = interactive function
$ irb
irb(main):002:0> e = Math::E
=> 2.718281828459045
irb(main):003:0> i = Complex::I
=> (0+1i)
irb(main):004:0> puts "Euler's number is "+e.to_s
Euler's number is 2.718281828459045
=> nil
irb(main):005:0> z = 7**7
=> 823543
irb(main):006:0> bignumber = 7**z
irb(main):007:0* #puts "Big number is "+bignumber.to_s
irb(main):008:0> puts "Big number is 7^(7^7)"
Big number is 7^(7^7)
=> nil
irb(main):009:0> puts "Number of digits in big number is #{bignumber.to_s.length}"
Number of digits in big number is 695975
=> nil
irb(main):010:0> puts sprintf( "π to 20 places is %22.20f\n", π )
π to 20 places is 3.14159265358979311600
=> nil
irb(main):011:0> exponent = π * i
=> (0.0+3.141592653589793i)
irb(main):012:0> euleridentity = e**exponent + 1
irb(main):013:0> puts "The Euler identity: e^πi + 1 = #{euleridentity}"
The Euler identity: e^πi + 1 = 0.0+0.0i
=> nil
irb(main):014:0> quit
$ gem list
*** LOCAL GEMS ***
abbrev (default: 0.1.0)
addressable (2.8.1)
afm (0.2.2)
array_include_methods (1.4.0)
Ascii85 (1.1.0)
astro_moon (0.2)
....
$ sudo gem install nokogiri
Fetching nokogiri-1.16.4-x86_64-linux.gem
Successfully installed nokogiri-1.16.4-x86_64-linux
Parsing documentation for nokogiri-1.16.4-x86_64-linux
Installing ri documentation for nokogiri-1.16.4-x86_64-linux
Done installing documentation for nokogiri after 0 seconds
1 gem installed
Looks OK.Whiteboard:
(none) =>
MGA9-64-OK
katnatek
2024-05-05 00:15:24 CEST
CC:
(none) =>
andrewsfarm Validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0160.html Status:
ASSIGNED =>
RESOLVED |