Release date:
2026-05-08 07:09:59 UTC
Description:
* SECURITY UPDATE: REXML ReDoS via leading-zero hex character reference
- debian/patches/CVE-2024-49761.patch: replace the
/�*((?:\d+)|(?:x[a-fA-F0-9]+));/ regex in unnormalize() with
/&#((?:\d+)|(?:x[a-fA-F0-9]+));/ so that �x...; is no longer
accepted as a hex character reference, eliminating the
catastrophic-backtracking ReDoS on inputs with many leading
zeros.
- CVE-2024-49761
* SECURITY UPDATE: REXML DoS via deep same-local-name attributes
- debian/patches/CVE-2024-43398.patch: replace the per-attribute
tree-walk in Element#[]= with an O(1) parse-time conflict check
using a parser-level @namespaces hash and an expanded_names
hash keyed on [uri, local_part]; seed @namespaces with the
implicitly-bound xml prefix per upstream 78f8712 to avoid
breaking XHTML documents that use both xml:lang and lang.
- CVE-2024-43398
* SECURITY UPDATE: REXML DoS via entity expansion in SAX/pull parsers
- debian/patches/CVE-2024-41946.patch: route the SAX2Parser :text
handler through @parser.unnormalize (upstream prerequisite
4ebf21f), and add @entity_expansion_count + per-call
sum/Security.entity_expansion_text_limit accounting in
BaseParser so that billion-laughs-style XML triggers
"entity expansion has grown too large" / "number of entity
expansions exceeded" in SAX and pull mode, matching the
existing DOM behaviour.
- CVE-2024-41946
* SECURITY UPDATE: REXML DoS via slow processing-instruction parsing
- debian/patches/CVE-2024-41123.patch: rewrite process_instruction
to call parse_name and then match the content separately,
avoiding the catastrophic-backtracking INSTRUCTION_PATTERN
regex; grow the IOSource read buffer exponentially via
min_bytes so that source.match() is O(log n) attempts rather
than O(n) on inputs that never match the regex.
- CVE-2024-41123
Updated packages:
-
alt-ruby30_3.0.7-171_amd64.deb
sha:adb0e85af84fab072200215871f9d37863e91847
-
alt-ruby30-default-gems_3.0.7-171_amd64.deb
sha:05b98fe73d50d4ab8f4e959f4ed8b7f7e14db96c
-
alt-ruby30-devel_3.0.7-171_amd64.deb
sha:36247becb936fb7e9a3bc58f43cbd901e5e97bcb
-
alt-ruby30-doc_3.0.7-171_amd64.deb
sha:8c97d776dee8e0b41bdf725eeafd04f146c9ef64
-
alt-ruby30-libs_3.0.7-171_amd64.deb
sha:2bb633a3a5ea48c55dfeaf4f141a156854c1a250
-
alt-ruby30-rubygem-bigdecimal_3.0.0-171_amd64.deb
sha:a76c1a275acad69d0f6e4bc49cbe8edd49f21da2
-
alt-ruby30-rubygem-bundler_2.2.33-171_amd64.deb
sha:e8aad0461cd3e7083fdf5b34a296ba7f2644c139
-
alt-ruby30-rubygem-io-console_0.5.7-171_amd64.deb
sha:d1c07f3c3d44b9934a82e34cc00763884f86b54b
-
alt-ruby30-rubygem-irb_1.3.5-171_amd64.deb
sha:f296889301a77163a936ed4a8e74c785331839f2
-
alt-ruby30-rubygem-json_2.5.1-171_amd64.deb
sha:53dcad7e7944d8505e8658ea71c77c5cf11158de
-
alt-ruby30-rubygem-minitest_5.14.2-171_amd64.deb
sha:3b77e26aea1b259e746efbb5a8b4a3019cb00d90
-
alt-ruby30-rubygem-power-assert_1.2.1-171_amd64.deb
sha:c95e66aecec6e5148473e5c809b6db68f4926497
-
alt-ruby30-rubygem-psych_3.3.2-171_amd64.deb
sha:e990391363ecd662e49baab96fdd22324e9c46cc
-
alt-ruby30-rubygem-rake_13.0.3-171_amd64.deb
sha:8c759c832613554c79196f84163523cd0131eca6
-
alt-ruby30-rubygem-rbs_1.4.0-171_amd64.deb
sha:2e8a6a32ba3fb8ac6e662a81cc889c3e385e6f38
-
alt-ruby30-rubygem-rdoc_6.3.4.1-171_amd64.deb
sha:973f6e5895c72cbc7c1e48dd94e37e1f149998b5
-
alt-ruby30-rubygem-rexml_3.2.5-171_amd64.deb
sha:c9ea22cf3be8a5a321e55a02c5077b7ee0ee9590
-
alt-ruby30-rubygem-rss_0.2.9-171_amd64.deb
sha:1818690f40f4c9f439d13ce52a3c2c5111bbf024
-
alt-ruby30-rubygem-test-unit_3.3.7-171_amd64.deb
sha:d3f0cf0310d7911d9e70b5fc8d35f232cdf63b96
-
alt-ruby30-rubygem-typeprof_0.15.2-171_amd64.deb
sha:b262b34b0db22f52cdc02dab3f0655cfdf6b5775
-
alt-ruby30-rubygems_3.2.33-171_amd64.deb
sha:2c58d42064b7c5093b6d0ff1c4888b4b956800bd
-
alt-ruby30-rubygems-devel_3.2.33-171_amd64.deb
sha:9c32fb9bbb53a57bfbf595ef2c552015910e6178
-
alt-ruby30_3.0.7-171_arm64.deb
sha:7a78ee493bf4f77f1f5649f68e0418e55e4571c5
-
alt-ruby30-default-gems_3.0.7-171_arm64.deb
sha:e5473173ab8f2819667807dd83c4db8bc4a00639
-
alt-ruby30-devel_3.0.7-171_arm64.deb
sha:f38127cb0501b7a730b3a7f1eba9ac9968607c59
-
alt-ruby30-doc_3.0.7-171_arm64.deb
sha:1d0c8ba434bdf5b7e470dcf4c936da131231c5dd
-
alt-ruby30-libs_3.0.7-171_arm64.deb
sha:099d6a69006a3487f927b942cb442460621dd3be
-
alt-ruby30-rubygem-bigdecimal_3.0.0-171_arm64.deb
sha:63c632d7a810f5b17772b74f8a61a01cd5297ba0
-
alt-ruby30-rubygem-bundler_2.2.33-171_arm64.deb
sha:9848ec941225468b21c631faac2594bca9a8ca6e
-
alt-ruby30-rubygem-io-console_0.5.7-171_arm64.deb
sha:8e39560de6f8e4f58887ebaefab9c4a0ce5ac6ea
-
alt-ruby30-rubygem-irb_1.3.5-171_arm64.deb
sha:e91d5fa4b8ba42e89e6adcadb92b74d2a30c1bf6
-
alt-ruby30-rubygem-json_2.5.1-171_arm64.deb
sha:096202e06505fe5f59a10779dd127bb6f5fbb445
-
alt-ruby30-rubygem-minitest_5.14.2-171_arm64.deb
sha:ab4e879c1bc95b45837f424aa3e5fb33fd5a2be0
-
alt-ruby30-rubygem-power-assert_1.2.1-171_arm64.deb
sha:aa4fe3d093c73a7f9902fdc4ea37b68735dc14d8
-
alt-ruby30-rubygem-psych_3.3.2-171_arm64.deb
sha:e7a08bdc7e2372a72c37516d8ef030438e715723
-
alt-ruby30-rubygem-rake_13.0.3-171_arm64.deb
sha:f62f5c8df40ec1e5ff5cc0d8cd91a5ba87e2abf0
-
alt-ruby30-rubygem-rbs_1.4.0-171_arm64.deb
sha:8257b263a6a6ae0ba11b72a9248c88de3078bd9c
-
alt-ruby30-rubygem-rdoc_6.3.4.1-171_arm64.deb
sha:cf16e6c30cf3fc06bff5f1a712b81b19934fe517
-
alt-ruby30-rubygem-rexml_3.2.5-171_arm64.deb
sha:5f0a0663958127328b7e5cce1871c25ebd3bd86f
-
alt-ruby30-rubygem-rss_0.2.9-171_arm64.deb
sha:dfd96556b64ebd2a6f8a94e11978bd3a027d36cb
-
alt-ruby30-rubygem-test-unit_3.3.7-171_arm64.deb
sha:b88528ab787a9417a17cfba39aa88f2f95dd7c4b
-
alt-ruby30-rubygem-typeprof_0.15.2-171_arm64.deb
sha:563b9c33c46de89653a80f04ead7aa1f492dfc7a
-
alt-ruby30-rubygems_3.2.33-171_arm64.deb
sha:6afb689decdf7679e3274eda8ab46db8e80bbbca
-
alt-ruby30-rubygems-devel_3.2.33-171_arm64.deb
sha:9fca40ef29a17195efaed75f4db6c2b6474b94f5
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
