ruby-2.0.0.648-39.0.4.el7.AXS7
エラータID: AXSA:2025-10964:04
リリース日:
2025/10/16 Thursday - 11:23
題名:
ruby-2.0.0.648-39.0.4.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Ruby には、型の取り違えの問題があるため、ローカルの攻撃者に
より、任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2016-2337)
- Ruby、および PHP で用いられる Oniguruma には、メモリ領域の
範囲外読み取りの問題があるため、リモートの攻撃者により、情報の
漏洩、およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2017-9224)
- Ruby、および PHP で用いられる Oniguruma には、メモリ領域の
範囲外読み取りの問題があるため、リモートの攻撃者により、
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2017-9227)
- PHP が利用する Oniguruma には、ヒープベースのバッファオーバー
フローの問題があるため、リモートの攻撃者により、メモリ破壊を可能
とする脆弱性が存在します。(CVE-2017-9228)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-2337
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
CVE-2017-9224
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
CVE-2017-9228
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
追加情報:
N/A
ダウンロード:
SRPMS
- ruby-2.0.0.648-39.0.4.el7.AXS7.src.rpm not found
Asianux Server 7 for x86_64
- ruby-2.0.0.648-39.0.4.el7.AXS7.x86_64.rpm
MD5: 1ad3f2a28e0c64f9eb6d5e559f160920
SHA-256: c8a581cdefc5ba14026d3c4b91191e3f58f53f2dbecbdb637d2badd93e1facef
Size: 74.82 kB - rubygem-bigdecimal-1.2.0-39.0.4.el7.AXS7.x86_64.rpm
MD5: f899aeb9b3af1cbb7f57e5599c6cc6ea
SHA-256: 908c086b9f92633712c2e81ee6d79c4cc4b64823f32022b6663184888f0272c0
Size: 86.73 kB - rubygem-io-console-0.4.2-39.0.4.el7.AXS7.x86_64.rpm
MD5: bbce6cad7bbd88ad19f0e70838129b40
SHA-256: 3ab9f26b1736fc1fabd184be9a4159cfa4945d8008d11105a79fc965b8779399
Size: 57.78 kB - rubygem-json-1.7.7-39.0.4.el7.AXS7.x86_64.rpm
MD5: 69d558e56b6d35115278f93b3dfbea7c
SHA-256: a88fb436426948640f1ebd6a4e6d24b6e584f53877018f849d9bed3c38877e79
Size: 83.32 kB - rubygem-psych-2.0.0-39.0.4.el7.AXS7.x86_64.rpm
MD5: 9de97f4b05c6012fd5999d72834117c7
SHA-256: e8b183f7e435b43a69ec396adba8eb6bdcfa7a63424b3365c51d94038a30175e
Size: 86.28 kB - rubygem-rdoc-4.0.0-39.0.4.el7.AXS7.noarch.rpm
MD5: 26f12bc4567dc3d81d4b080fa29bcf49
SHA-256: 8ba633caeea1a3d1437d8e040966aa6042c54aed42cef3402629b176dacb1de6
Size: 325.61 kB - rubygems-2.0.14.1-39.0.4.el7.AXS7.noarch.rpm
MD5: ef757c5d8a1111ae61a64d80771a6eb8
SHA-256: 5353d1ca8553eb297df79140e07f92b701766fa9cba4984bc830110be3b3d0b6
Size: 217.23 kB - ruby-irb-2.0.0.648-39.0.4.el7.AXS7.noarch.rpm
MD5: 18c57c95be7fa3d4ee7abb6a43d991b9
SHA-256: 5b3844e55ad7541b43aa8cd264992a90ab5eea3698387af7966f67dd20c164ed
Size: 95.87 kB - ruby-libs-2.0.0.648-39.0.4.el7.AXS7.i686.rpm
MD5: 172b16a033193108dbcf7cacb1ec7872
SHA-256: a8f580bd853575de13363f41521c0151c6872cf2ef3afa96e72daa5ccc229c2c
Size: 2.84 MB - ruby-libs-2.0.0.648-39.0.4.el7.AXS7.x86_64.rpm
MD5: b07083efa6af7b40dc8b0f9bd672e181
SHA-256: 66701eadd467d556d1e21a181077274ec458c403a0994ec89053db74926d7e28
Size: 2.80 MB
English