[CLSA-2026:1780998402] Fix CVE(s): CVE-2026-27820
Type:
security
Severity:
Critical
Release date:
2026-06-09 09:46:59 UTC
Description:
* SECURITY UPDATE: Heap buffer overflow in bundled zlib via Zlib::GzipReader#ungetc - debian/patches/CVE-2026-27820.patch: make the output-buffer expansion in zstream_buffer_ungets() unconditional via zstream_expand_buffer_into(z, len) instead of only growing when the buffer was already full. An ungetc payload larger than the remaining capacity previously made the memmove() calls write past the allocation, corrupting the heap. Adapted byte-identically from upstream ruby/zlib@608d2be6; the regression test test_ungetc_buffer_underflow is added to test/zlib/test_zlib.rb. - CVE-2026-27820
CVEs fixed:
Updated packages:
  • alt-ruby27_2.7.8-5_amd64.deb
    sha:495fec5a5ca62fbf3de95c1fdcdfc827d250018e
  • alt-ruby27-default-gems_2.7.8-5_amd64.deb
    sha:7e77b2babce111ddcded67fb8b9c02bd96792906
  • alt-ruby27-devel_2.7.8-5_amd64.deb
    sha:0fb5aa3e8a3d4945b1854319de1fe8d607fa9f9c
  • alt-ruby27-doc_2.7.8-5_amd64.deb
    sha:b44b66c91d7ff286e332d46be9894a7d25269a4c
  • alt-ruby27-libs_2.7.8-5_amd64.deb
    sha:7bac2eca6598a6217544ff6248628076ca4247ec
  • alt-ruby27-rubygem-bigdecimal_2.0.0-5_amd64.deb
    sha:9821b0d6cbd783abe4a8b6909931255641037b57
  • alt-ruby27-rubygem-bundler_2.2.24-5_amd64.deb
    sha:e9dc73cee4bbb70f666993d1d99ec0dace14a5c2
  • alt-ruby27-rubygem-io-console_0.5.6-5_amd64.deb
    sha:2386bb85f5c9b606f887db2bd66f4d9ec34a9c8a
  • alt-ruby27-rubygem-irb_1.2.6-5_amd64.deb
    sha:c1c30659476ff00f31ad6aa29dc2271b4c36c984
  • alt-ruby27-rubygem-json_2.3.0-5_amd64.deb
    sha:32293fd08b0c365ad49ad6938fcb6ece59971442
  • alt-ruby27-rubygem-minitest_5.13.0-5_amd64.deb
    sha:15b1bd4f320c04ccb75b583b6dc38a9790acdd3e
  • alt-ruby27-rubygem-net-telnet_0.2.0-5_amd64.deb
    sha:b97a109e0e6620e7de325ae7b7ca55b85e1f5e3e
  • alt-ruby27-rubygem-power-assert_1.1.7-5_amd64.deb
    sha:858deba62107d2d5269dc1bd46f59f23335c50e3
  • alt-ruby27-rubygem-psych_3.1.0-5_amd64.deb
    sha:ae299f537952b6710d9b2a3cbaa8bdc862d8a21f
  • alt-ruby27-rubygem-rake_13.0.1-5_amd64.deb
    sha:be4bdeef6532b93d519d7b6eea767a62359fcfe5
  • alt-ruby27-rubygem-rdoc_6.2.1.1-5_amd64.deb
    sha:056fe22594cdc3ac21de1b941ee1325f471cd9d5
  • alt-ruby27-rubygem-test-unit_3.3.4-5_amd64.deb
    sha:4b8d9eda98f248b9ee20beeaa3b00153428dbf97
  • alt-ruby27-rubygem-typeprof_2.7.8-5_amd64.deb
    sha:58d88c0b72a532f345d197ea5d8e255a574baf16
  • alt-ruby27-rubygem-xmlrpc_0.3.0-5_amd64.deb
    sha:4cdb0d791e86e8a8a335460018804ed771552d54
  • alt-ruby27-rubygems_3.1.6-5_amd64.deb
    sha:94e7555d19b794132969c210f3053d1ba8625abf
  • alt-ruby27-rubygems-devel_3.1.6-5_amd64.deb
    sha:d26cbf01eb1eb3b782982fddca016ab3d1a7f49d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.