Security update for rubygem-rexml
rubygem-rexml was updated to 3.3.9:
- fixes CVE-2024-49761, CVE-2024-43398, CVE-2024-41946,
CVE-2024-41123, CVE-2024-39908, CVE-2024-35176
- bsc#1232440, bsc#1229673, bsc#1228799, bsc#1228794,
bsc#1228072, bsc#1224390
-
Submitted by
Steven Baker (srbaker)
Fixed bugs
bnc#1224390
VUL-0: CVE-2024-35176: ruby3.2, rubygem-rexml: denial of service when parsing an XML that has many left angled brackets in an attribute value
bnc#1228072
VUL-0: CVE-2024-39908: ruby3.2, rubygem-rexml: ReDoS when parsing an XML that has many specific characters
bnc#1228794
VUL-0: CVE-2024-41123: ruby3.2, rubygem-rexml: denial of service when parsing an XML that contains many specific characters such as whitespaces, >] and ]>
bnc#1228799
VUL-0: CVE-2024-41946: ruby3.2, rubygem-rexml: denial of service when parsing an XML that has many entity expansions with SAX2 or pull parser API
bnc#1229673
VUL-0: CVE-2024-43398: ruby3.2,rubygem-rexml: denial of service when parsing a XML that has many deep elements with the same local name attributes
bnc#1232440
VUL-0: CVE-2024-49761: rubygem-rexml: ReDoS vulnerability
