ELSA-2022-6447 -- Oracle rubyID: oval:org.secpod.oval:def:1506005 | Date: (C)2022-09-19 (M)2024-04-17 |
Class: PATCH | Family: unix |
ruby [2.7.6-138] - Upgrade to Ruby 2.7.6. Resolves: rhbz#2109424 - Fix FTBFS due to an incompatible load directive. Related: rhbz#2109424 - Fix a fiddle import test on an optimized glibc on Power 9. Related: rhbz#2109424 - Fix regular Expression Denial of Service Vulnerability of Date Parsing Methods. Resolves: CVE-2021-41817 - Fix cookie prefix spoofing in CGI::Cookie.parse. Resolves: CVE-2021-41819 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739