Git and Ruby updates for Debian

Debian 10693 Published by

Debian GNU/Linux has been updated with two security enhancements: Git security update for Debian 12 and ELA-1305-1 Ruby 2.5 security update for Debian 10 ELTS

[DSA 5850-1] git security update
ELA-1305-1 ruby2.5 security update




[SECURITY] [DSA 5850-1] git security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5850-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 26, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : git
CVE ID : CVE-2024-50349 CVE-2024-52006
Debian Bug : 1093042

Multiple issues were found in Git, a fast, scalable, distributed
revision control system, which may result in leaking credential
information to an unintended host.

For the stable distribution (bookworm), these problems have been fixed in
version 1:2.39.5-0+deb12u2.

We recommend that you upgrade your git packages.

For the detailed security status of git please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/git

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


ELA-1305-1 ruby2.5 security update


Package : ruby2.5
Version : 2.5.5-3+deb10u8 (buster)

Related CVEs :
CVE-2024-35176
CVE-2024-39908
CVE-2024-41123
CVE-2024-41946
CVE-2024-43398
CVE-2024-49761

Multiple vulnerabilities were found in ruby a popular programming
language.

CVE-2024-35176
The REXML gem has a Denial of Service (DoS) vulnerability
when it parses an XML that has many ] and ]>.
If you need to parse untrusted XMLs, you may be impacted
to these vulnerabilities.

CVE-2024-41946
The REXML gem had a Denial of Service (DoS) vulnerability
when it parses an XML that has many entity expansions
with SAX2 or pull parser API.

CVE-2024-43398
REXML is an XML toolkit for Ruby.
The REXML gem before 3.3.6 has a Denial of Service (DoS)
vulnerability when it parses an XML that has many deep
elements that have same local name attributes.
If you need to parse untrusted XMLs with tree parser
API like REXML::Document.new, you may be impacted
to this vulnerability. If you use other parser APIs
such as stream parser API and SAX2 parser API,
you are not impacted.

CVE-2024-49761
REXML is an XML toolkit for Ruby.
The REXML gem before 3.3.9 has a ReDoS vulnerability
when it parses an XML that has many digits between
&# and x...; in a hex numeric character reference (&#x...;)


ELA-1305-1 ruby2.5 security update


Ruby3.4-Rubygem-Nokogiri, Libopenssl-3-Devel, Go updates for SUSE

Geometric Future Model 5 Vent Case Review and more

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...