ruby-2.0.0.648-39.0.4.el7.AXS7
エラータID: AXSA:2025-10964:04
Release date:
Thursday, October 16, 2025 - 11:23
Subject:
ruby-2.0.0.648-39.0.4.el7.AXS7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.
Security Fix(es):
* CVE-2016-2337: Fix type confusion in _cancel_eval Ruby's TclTkIp class method
to prevent arbitrary code execution
* CVE-2017-9224: Fix stack out-of-bounds read in match_at() during regular
expression searching
* CVE-2017-9227: Fix stack out-of-bounds read in mbc_enc_len() and invalid
pointer dereference in forward_search_range()
* CVE-2017-9228: Fix heap out-of-bounds write in bitset_set_range() and
parse_char_class() by initializing critical local variable
CVE(s):
CVE-2017-9227
CVE-2017-9228
CVE-2016-2337
CVE-2017-9224
Solution:
Update packages.
CVEs:
CVE-2016-2337
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
CVE-2017-9224
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
CVE-2017-9228
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
Additional Info:
N/A
Download:
SRPMS
- ruby-2.0.0.648-39.0.4.el7.AXS7.src.rpm not found
Asianux Server 7 for x86_64
- ruby-2.0.0.648-39.0.4.el7.AXS7.x86_64.rpm
MD5: 1ad3f2a28e0c64f9eb6d5e559f160920
SHA-256: c8a581cdefc5ba14026d3c4b91191e3f58f53f2dbecbdb637d2badd93e1facef
Size: 74.82 kB - rubygem-bigdecimal-1.2.0-39.0.4.el7.AXS7.x86_64.rpm
MD5: f899aeb9b3af1cbb7f57e5599c6cc6ea
SHA-256: 908c086b9f92633712c2e81ee6d79c4cc4b64823f32022b6663184888f0272c0
Size: 86.73 kB - rubygem-io-console-0.4.2-39.0.4.el7.AXS7.x86_64.rpm
MD5: bbce6cad7bbd88ad19f0e70838129b40
SHA-256: 3ab9f26b1736fc1fabd184be9a4159cfa4945d8008d11105a79fc965b8779399
Size: 57.78 kB - rubygem-json-1.7.7-39.0.4.el7.AXS7.x86_64.rpm
MD5: 69d558e56b6d35115278f93b3dfbea7c
SHA-256: a88fb436426948640f1ebd6a4e6d24b6e584f53877018f849d9bed3c38877e79
Size: 83.32 kB - rubygem-psych-2.0.0-39.0.4.el7.AXS7.x86_64.rpm
MD5: 9de97f4b05c6012fd5999d72834117c7
SHA-256: e8b183f7e435b43a69ec396adba8eb6bdcfa7a63424b3365c51d94038a30175e
Size: 86.28 kB - rubygem-rdoc-4.0.0-39.0.4.el7.AXS7.noarch.rpm
MD5: 26f12bc4567dc3d81d4b080fa29bcf49
SHA-256: 8ba633caeea1a3d1437d8e040966aa6042c54aed42cef3402629b176dacb1de6
Size: 325.61 kB - rubygems-2.0.14.1-39.0.4.el7.AXS7.noarch.rpm
MD5: ef757c5d8a1111ae61a64d80771a6eb8
SHA-256: 5353d1ca8553eb297df79140e07f92b701766fa9cba4984bc830110be3b3d0b6
Size: 217.23 kB - ruby-irb-2.0.0.648-39.0.4.el7.AXS7.noarch.rpm
MD5: 18c57c95be7fa3d4ee7abb6a43d991b9
SHA-256: 5b3844e55ad7541b43aa8cd264992a90ab5eea3698387af7966f67dd20c164ed
Size: 95.87 kB - ruby-libs-2.0.0.648-39.0.4.el7.AXS7.i686.rpm
MD5: 172b16a033193108dbcf7cacb1ec7872
SHA-256: a8f580bd853575de13363f41521c0151c6872cf2ef3afa96e72daa5ccc229c2c
Size: 2.84 MB - ruby-libs-2.0.0.648-39.0.4.el7.AXS7.x86_64.rpm
MD5: b07083efa6af7b40dc8b0f9bd672e181
SHA-256: 66701eadd467d556d1e21a181077274ec458c403a0994ec89053db74926d7e28
Size: 2.80 MB
日本語