Release date:
2026-06-08 12:59:59 UTC
Description:
* SECURITY UPDATE: REXML DoS via many '<' or '>' characters in an attribute value
- debian/patches/CVE-2024-35176.patch: in parse_attributes, when the
outer @source.match stops at a '>' inside a quoted attribute value,
read forward to the actual closing quote in a single chunk instead
of looping one '>' at a time, so the per-attribute outer loop is
O(1) iterations rather than O(n). Also extend IOSource#match to
always re-try the regex after read() returns false at EOF so the
final partially-filled buffer is still matched.
- CVE-2024-35176
* SECURITY UPDATE: REXML ReDoS via repeated zeros in a character reference
- debian/patches/CVE-2024-39908.patch: rewrite REXML::Text.check to
iterate over '<' and '&' sentinels with String#index and validate
each entity / character reference explicitly, instead of
string.scan() with the NEEDS_A_SECOND_CHECK regex whose '�*'
branch caused O(n^2) backtracking on inputs with many leading
zeros. The remaining CVE-2024-39908 subvariants (repeated '>'
inside
Updated packages:
-
alt-ruby30_3.0.7-172_amd64.deb
sha:832cdb7729a33e629165ab58c06a463aa11e535d
-
alt-ruby30-default-gems_3.0.7-172_amd64.deb
sha:3c63c826dc45251bb3c1150192e1670103d20cf5
-
alt-ruby30-devel_3.0.7-172_amd64.deb
sha:71f61f891573d93e4ce4688c6042ff212368e50b
-
alt-ruby30-doc_3.0.7-172_amd64.deb
sha:3c0192d4dd1f4a83baa7a750287266eac218d067
-
alt-ruby30-libs_3.0.7-172_amd64.deb
sha:0f2ffc379ad49236e50815db3bc1c8ecf04f1a98
-
alt-ruby30-rubygem-bigdecimal_3.0.0-172_amd64.deb
sha:6139b0017ff2b71f7552631b354eea46c7d69445
-
alt-ruby30-rubygem-bundler_2.2.33-172_amd64.deb
sha:4909f7981b5e37417bfb80ebcde5b3bd0ca8213f
-
alt-ruby30-rubygem-io-console_0.5.7-172_amd64.deb
sha:0d11dc6abe2f4b6615e237e060aff25ffadea154
-
alt-ruby30-rubygem-irb_1.3.5-172_amd64.deb
sha:3cddb8ae3af45494f89a308a4e90a2fa4241e376
-
alt-ruby30-rubygem-json_2.5.1-172_amd64.deb
sha:1081805fe6a182abee5f56608c74913e636a805b
-
alt-ruby30-rubygem-minitest_5.14.2-172_amd64.deb
sha:3b128e6bcdc205e47a6c2a9f632242bc2c6d63bf
-
alt-ruby30-rubygem-power-assert_1.2.1-172_amd64.deb
sha:315c22f1a12421c003e5d8048624c7a218b37c73
-
alt-ruby30-rubygem-psych_3.3.2-172_amd64.deb
sha:b99bc9aab9b251b6baf866d07d981f0eea91bc30
-
alt-ruby30-rubygem-rake_13.0.3-172_amd64.deb
sha:b9546ab6f3c6cf81681c0cd895fb5406d7830c95
-
alt-ruby30-rubygem-rbs_1.4.0-172_amd64.deb
sha:b8a30083fea4d408851f0ab7727201ae0d026367
-
alt-ruby30-rubygem-rdoc_6.3.4.1-172_amd64.deb
sha:2d1dde483ed45c098da543080d7cd1d28f10cdae
-
alt-ruby30-rubygem-rexml_3.2.5-172_amd64.deb
sha:44eb06c601ae197676bbfa518f5db35801440671
-
alt-ruby30-rubygem-rss_0.2.9-172_amd64.deb
sha:6e82f8fb241fe578d15e8f117f01ef06fc7c8e25
-
alt-ruby30-rubygem-test-unit_3.3.7-172_amd64.deb
sha:1034852a00d1510367aa8e6137d6e4a15e9702c2
-
alt-ruby30-rubygem-typeprof_0.15.2-172_amd64.deb
sha:6fb4ee68d270dac8b9ac6c82a7914a68b0640441
-
alt-ruby30-rubygems_3.2.33-172_amd64.deb
sha:c3a25b5addb391d1603675e50b6e2d33577908ac
-
alt-ruby30-rubygems-devel_3.2.33-172_amd64.deb
sha:4d015687df6567432d48ebc59853c3727d208a89
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
