An update for rubygem-actionmailer is now available for openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2383 Final 1.0 1.0 2024-11-15 Initial 2024-11-15 2024-11-15 openEuler SA Tool V1.0 2024-11-15 rubygem-actionmailer security update An update for rubygem-actionmailer is now available for openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS Email on Rails. Compose, deliver, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments. Security Fix(es): Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling the `block_format` helper or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected.(CVE-2024-47889) An update for rubygem-actionmailer is now available for openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low rubygem-actionmailer https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2383 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47889 https://nvd.nist.gov/vuln/detail/CVE-2024-47889 openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS rubygem-actionmailer-6.1.4.1-2.oe2203sp4.noarch.rpm rubygem-actionmailer-doc-6.1.4.1-2.oe2203sp4.noarch.rpm rubygem-actionmailer-6.1.4.1-2.oe2203sp3.noarch.rpm rubygem-actionmailer-doc-6.1.4.1-2.oe2203sp3.noarch.rpm rubygem-actionmailer-5.2.4.4-2.oe2003sp4.noarch.rpm rubygem-actionmailer-doc-5.2.4.4-2.oe2003sp4.noarch.rpm rubygem-actionmailer-6.1.4.1-2.oe2203sp1.noarch.rpm rubygem-actionmailer-doc-6.1.4.1-2.oe2203sp1.noarch.rpm rubygem-actionmailer-7.0.7-2.oe2403.noarch.rpm rubygem-actionmailer-doc-7.0.7-2.oe2403.noarch.rpm rubygem-actionmailer-6.1.4.1-2.oe2203sp4.src.rpm rubygem-actionmailer-6.1.4.1-2.oe2203sp3.src.rpm rubygem-actionmailer-5.2.4.4-2.oe2003sp4.src.rpm rubygem-actionmailer-6.1.4.1-2.oe2203sp1.src.rpm rubygem-actionmailer-7.0.7-2.oe2403.src.rpm Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling the `block_format` helper or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected. 2024-11-15 CVE-2024-47889 openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS Low 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L rubygem-actionmailer security update 2024-11-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2383