Amazon Linux 2 Security Advisory: ALASRUBY3.0-2024-008
Advisory Release Date: 2024-06-19 20:39 Pacific
Advisory Updated Date: 2024-06-24 11:30 Pacific
Severity:
Medium
Issue Overview:
ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)
Affected Packages:
ruby
Note:
This advisory is applicable to Amazon Linux 2 - Ruby3.0 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update ruby to update your system.
New Packages:
aarch64:
ruby-3.0.6-156.amzn2.0.2.aarch64
ruby-devel-3.0.6-156.amzn2.0.2.aarch64
ruby-libs-3.0.6-156.amzn2.0.2.aarch64
rubygem-bigdecimal-3.0.0-156.amzn2.0.2.aarch64
rubygem-io-console-0.5.7-156.amzn2.0.2.aarch64
rubygem-json-2.5.1-156.amzn2.0.2.aarch64
rubygem-psych-3.3.2-156.amzn2.0.2.aarch64
ruby-debuginfo-3.0.6-156.amzn2.0.2.aarch64
noarch:
rubygems-3.2.33-156.amzn2.0.2.noarch
rubygems-devel-3.2.33-156.amzn2.0.2.noarch
ruby-default-gems-3.0.6-156.amzn2.0.2.noarch
rubygem-irb-1.3.5-156.amzn2.0.2.noarch
rubygem-rdoc-6.3.3-156.amzn2.0.2.noarch
ruby-doc-3.0.6-156.amzn2.0.2.noarch
rubygem-bundler-2.2.33-156.amzn2.0.2.noarch
rubygem-minitest-5.14.2-156.amzn2.0.2.noarch
rubygem-power_assert-1.2.0-156.amzn2.0.2.noarch
rubygem-rake-13.0.3-156.amzn2.0.2.noarch
rubygem-rbs-1.4.0-156.amzn2.0.2.noarch
rubygem-test-unit-3.3.7-156.amzn2.0.2.noarch
rubygem-rexml-3.2.5-156.amzn2.0.2.noarch
rubygem-rss-0.2.9-156.amzn2.0.2.noarch
rubygem-typeprof-0.15.2-156.amzn2.0.2.noarch
src:
ruby-3.0.6-156.amzn2.0.2.src
x86_64:
ruby-3.0.6-156.amzn2.0.2.x86_64
ruby-devel-3.0.6-156.amzn2.0.2.x86_64
ruby-libs-3.0.6-156.amzn2.0.2.x86_64
rubygem-bigdecimal-3.0.0-156.amzn2.0.2.x86_64
rubygem-io-console-0.5.7-156.amzn2.0.2.x86_64
rubygem-json-2.5.1-156.amzn2.0.2.x86_64
rubygem-psych-3.3.2-156.amzn2.0.2.x86_64
ruby-debuginfo-3.0.6-156.amzn2.0.2.x86_64