Amazon Linux 2023 Security Advisory: ALAS-2024-743
Advisory Release Date: 2024-10-24 22:53 Pacific
Advisory Updated Date: 2024-10-31 16:00 Pacific
Severity:
Important
Issue Overview:
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production." (CVE-2024-47220)
Affected Packages:
ruby3.2
Issue Correction:
Run dnf update ruby3.2 --releasever 2023.6.20241028 to update your system.
New Packages:
aarch64:
ruby3.2-rubygem-bigdecimal-debuginfo-3.1.3-180.amzn2023.0.4.aarch64
ruby3.2-debugsource-3.2.2-180.amzn2023.0.4.aarch64
ruby3.2-rubygem-io-console-debuginfo-0.6.0-180.amzn2023.0.4.aarch64
ruby3.2-rubygem-json-2.6.3-180.amzn2023.0.4.aarch64
ruby3.2-rubygem-bigdecimal-3.1.3-180.amzn2023.0.4.aarch64
ruby3.2-rubygem-rbs-debuginfo-2.8.2-180.amzn2023.0.4.aarch64
ruby3.2-bundled-gems-3.2.2-180.amzn2023.0.4.aarch64
ruby3.2-libs-debuginfo-3.2.2-180.amzn2023.0.4.aarch64
ruby3.2-3.2.2-180.amzn2023.0.4.aarch64
ruby3.2-rubygem-psych-debuginfo-5.0.1-180.amzn2023.0.4.aarch64
ruby3.2-rubygem-io-console-0.6.0-180.amzn2023.0.4.aarch64
ruby3.2-debuginfo-3.2.2-180.amzn2023.0.4.aarch64
ruby3.2-rubygem-rbs-2.8.2-180.amzn2023.0.4.aarch64
ruby3.2-libs-3.2.2-180.amzn2023.0.4.aarch64
ruby3.2-devel-3.2.2-180.amzn2023.0.4.aarch64
ruby3.2-bundled-gems-debuginfo-3.2.2-180.amzn2023.0.4.aarch64
ruby3.2-rubygem-psych-5.0.1-180.amzn2023.0.4.aarch64
ruby3.2-rubygem-json-debuginfo-2.6.3-180.amzn2023.0.4.aarch64
noarch:
ruby3.2-rubygem-power_assert-2.0.3-180.amzn2023.0.4.noarch
ruby3.2-rubygem-typeprof-0.21.3-180.amzn2023.0.4.noarch
ruby3.2-rubygem-minitest-5.16.3-180.amzn2023.0.4.noarch
ruby3.2-rubygem-bundler-2.4.10-180.amzn2023.0.4.noarch
ruby3.2-rubygem-rdoc-6.5.0-180.amzn2023.0.4.noarch
ruby3.2-rubygems-devel-3.4.10-180.amzn2023.0.4.noarch
ruby3.2-rubygem-rexml-3.2.5-180.amzn2023.0.4.noarch
ruby3.2-rubygem-irb-1.6.2-180.amzn2023.0.4.noarch
ruby3.2-rubygem-rake-13.0.6-180.amzn2023.0.4.noarch
ruby3.2-default-gems-3.2.2-180.amzn2023.0.4.noarch
ruby3.2-rubygems-3.4.10-180.amzn2023.0.4.noarch
ruby3.2-rubygem-test-unit-3.5.7-180.amzn2023.0.4.noarch
ruby3.2-rubygem-rss-0.2.9-180.amzn2023.0.4.noarch
ruby3.2-doc-3.2.2-180.amzn2023.0.4.noarch
src:
ruby3.2-3.2.2-180.amzn2023.0.4.src
x86_64:
ruby3.2-debuginfo-3.2.2-180.amzn2023.0.4.x86_64
ruby3.2-debugsource-3.2.2-180.amzn2023.0.4.x86_64
ruby3.2-bundled-gems-debuginfo-3.2.2-180.amzn2023.0.4.x86_64
ruby3.2-libs-debuginfo-3.2.2-180.amzn2023.0.4.x86_64
ruby3.2-rubygem-bigdecimal-debuginfo-3.1.3-180.amzn2023.0.4.x86_64
ruby3.2-rubygem-rbs-debuginfo-2.8.2-180.amzn2023.0.4.x86_64
ruby3.2-rubygem-bigdecimal-3.1.3-180.amzn2023.0.4.x86_64
ruby3.2-rubygem-json-debuginfo-2.6.3-180.amzn2023.0.4.x86_64
ruby3.2-devel-3.2.2-180.amzn2023.0.4.x86_64
ruby3.2-rubygem-io-console-debuginfo-0.6.0-180.amzn2023.0.4.x86_64
ruby3.2-rubygem-psych-debuginfo-5.0.1-180.amzn2023.0.4.x86_64
ruby3.2-rubygem-io-console-0.6.0-180.amzn2023.0.4.x86_64
ruby3.2-3.2.2-180.amzn2023.0.4.x86_64
ruby3.2-bundled-gems-3.2.2-180.amzn2023.0.4.x86_64
ruby3.2-rubygem-psych-5.0.1-180.amzn2023.0.4.x86_64
ruby3.2-libs-3.2.2-180.amzn2023.0.4.x86_64
ruby3.2-rubygem-rbs-2.8.2-180.amzn2023.0.4.x86_64
ruby3.2-rubygem-json-2.6.3-180.amzn2023.0.4.x86_64