Version 3.1.5 fixes those problems: https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-1-5-released/ Mageia 9 is also affected.
Whiteboard: (none) => MGA9TOOStatus comment: (none) => Fixed upstream in 3.1.5CVE: (none) => CVE-2024-27280, CVE-2024-27281, CVE-2024-27282Source RPM: (none) => ruby-3.1.4-44.mga9.src.rpm
Looks right for you, Pascal. Just a version update.
Assignee: bugsquad => pterjan
ruby-3.1.5 is in cauldron and being uploaded to 9/updates_testing
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Buffer overread vulnerability in StringIO. (CVE-2024-27280) RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282) References: https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-1-5-released/ ======================== Updated packages in core/updates_testing: ======================== lib(64)ruby3.1-3.1.5-45.mga9 ruby-3.1.5-45.mga9 ruby-RubyGems-3.3.26-45.mga9 ruby-bigdecimal-3.1.1-45.mga9 ruby-bundled-gems-3.1.5-45.mga9 ruby-bundler-2.3.27-45.mga9 ruby-devel-3.1.5-45.mga9 ruby-doc-3.1.5-45.mga9 ruby-io-console-0.5.11-45.mga9 ruby-irb-3.1.5-45.mga9 ruby-json-2.6.1-45.mga9 ruby-power_assert-2.0.1-45.mga9 ruby-psych-4.0.4-45.mga9 ruby-rake-13.0.6-45.mga9 ruby-rbs-2.7.0-45.mga9 ruby-rdoc-6.4.1.1-45.mga9 ruby-rexml-3.2.5-45.mga9 ruby-rss-0.2.9-45.mga9 ruby-test-unit-3.5.3-45.mga9 ruby-typeprof-0.21.3-45.mga9 from SRPM: ruby-3.1.5-45.mga9.src.rpm
Whiteboard: MGA9TOO => (none)Version: Cauldron => 9Status: NEW => ASSIGNEDAssignee: pterjan => qa-bugsStatus comment: Fixed upstream in 3.1.5 => (none)
Keywords: (none) => advisory
Created attachment 14526 [details] fibonacci series demo script Not interactive - just run it.
CC: (none) => tarazed25
Created attachment 14527 [details] Fibonacci demo script Not interactive - just run it
Created attachment 14528 [details] plain text version of fibonacci test $ ruby fibonacci.rb
Mageia9, x64 Been using ruby for local utilities without issue for years. The packages updated cleanly. Managed to start puppet but there is nothing for it to work with. $ sudo systemctl start puppet $ sudo systemctl status puppet ● puppet.service - Puppet agent Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled; preset: disabled) Active: active (running) since Sat 2024-05-04 21:05:46 BST; 32min ago Main PID: 2873650 (puppet) Tasks: 1 (limit: 37990) Memory: 55.1M CPU: 713ms CGroup: /system.slice/puppet.service └─2873650 /usr/bin/ruby /usr/bin/puppet agent --no-daemonize May 04 21:33:47 yildun puppet-agent[2873650]: Failed to open TCP connection to puppet:8140 (getaddrinfo:> May 04 21:33:47 yildun puppet-agent[2873650]: No more routes to ca May 04 21:35:47 yildun puppet-agent[2873650]: Connection to https://puppet:8140/puppet-ca/v1 failed, try> May 04 21:35:47 yildun puppet-agent[2873650]: Wrapped exception: May 04 21:35:47 yildun puppet-agent[2873650]: Failed to open TCP connection to puppet:8140 (getaddrinfo:> May 04 21:35:47 yildun puppet-agent[2873650]: No more routes to ca May 04 21:37:47 yildun puppet-agent[2873650]: Connection to https://puppet:8140/puppet-ca/v1 failed, try> May 04 21:37:47 yildun puppet-agent[2873650]: Wrapped exception: May 04 21:37:47 yildun puppet-agent[2873650]: Failed to open TCP connection to puppet:8140 (getaddrinfo:> May 04 21:37:47 yildun puppet-agent[2873650]: No more routes to ca $ puppet --version 7.12.1 Ran attached script to deal with numbers from the Fibonacci series. $ ruby fibonacci.rb < Using recursion to calculate Fibonacci numbers 11 and 29 89 514229 Do not run anything larger than 39 or you may be here all day! The Golden Ratio is 1.618033988749895 Term 43 of Fibonacci sequence is 433494437 Any term beyond 70 is difficult to represent exactly. > Tried out the REPL = interactive function $ irb irb(main):002:0> e = Math::E => 2.718281828459045 irb(main):003:0> i = Complex::I => (0+1i) irb(main):004:0> puts "Euler's number is "+e.to_s Euler's number is 2.718281828459045 => nil irb(main):005:0> z = 7**7 => 823543 irb(main):006:0> bignumber = 7**z irb(main):007:0* #puts "Big number is "+bignumber.to_s irb(main):008:0> puts "Big number is 7^(7^7)" Big number is 7^(7^7) => nil irb(main):009:0> puts "Number of digits in big number is #{bignumber.to_s.length}" Number of digits in big number is 695975 => nil irb(main):010:0> puts sprintf( "π to 20 places is %22.20f\n", π ) π to 20 places is 3.14159265358979311600 => nil irb(main):011:0> exponent = π * i => (0.0+3.141592653589793i) irb(main):012:0> euleridentity = e**exponent + 1 irb(main):013:0> puts "The Euler identity: e^πi + 1 = #{euleridentity}" The Euler identity: e^πi + 1 = 0.0+0.0i => nil irb(main):014:0> quit $ gem list *** LOCAL GEMS *** abbrev (default: 0.1.0) addressable (2.8.1) afm (0.2.2) array_include_methods (1.4.0) Ascii85 (1.1.0) astro_moon (0.2) .... $ sudo gem install nokogiri Fetching nokogiri-1.16.4-x86_64-linux.gem Successfully installed nokogiri-1.16.4-x86_64-linux Parsing documentation for nokogiri-1.16.4-x86_64-linux Installing ri documentation for nokogiri-1.16.4-x86_64-linux Done installing documentation for nokogiri after 0 seconds 1 gem installed Looks OK.
Whiteboard: (none) => MGA9-64-OK
CC: (none) => andrewsfarm
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0160.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED