Copy from origin news at 2024-04-23

Author: riseshia

ko/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md

@@ -0,0 +1,42 @@
+---
+layout: news_post
+title: "CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search"
+author: "hsbt"
+translator:
+date: 2024-04-23 10:00:00 +0000
+tags: security
+lang: en
+---
+
+We have released the Ruby version 3.0.7, 3.1.5, 3.2.4 and 3.3.1 that have a security fix for an arbitrary memory address read vulnerability in Regex search.
+This vulnerability has been assigned the CVE identifier [CVE-2024-27282](https://www.cve.org/CVERecord?id=CVE-2024-27282).
+
+## Details
+
+An issue was discovered in Ruby 3.x through 3.3.0.
+
+If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings.
+
+## Recommended action
+
+We recommend to update the Ruby to version 3.3.1 or later. In order to ensure compatibility with older Ruby series, you may update as follows instead:
+
+* For Ruby 3.0 users: Update to 3.0.7
+* For Ruby 3.1 users: Update to 3.1.5
+* For Ruby 3.2 users: Update to 3.2.4
+* For Ruby 3.3 users: Update to 3.3.1
+
+## Affected versions
+
+* Ruby 3.0.6 or lower
+* Ruby 3.1.4 or lower
+* Ruby 3.2.3 or lower
+* Ruby 3.3.0
+
+## Credits
+
+Thanks to [sp2ip](https://hackerone.com/sp2ip?type=user) for discovering this issue.
+
+## History
+
+* Originally published at 2024-04-23 10:00:00 (UTC)

ko/news/_posts/2024-04-23-ruby-3-0-7-released.md

@@ -0,0 +1,53 @@
+---
+layout: news_post
+title: "Ruby 3.0.7 Released"
+author: "hsbt"
+translator:
+date: 2024-04-23 10:00:00 +0000
+lang: en
+---
+
+Ruby 3.0.7 has been released.
+
+This release includes security fixes.
+Please check the topics below for details.
+
+* [CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search]({%link en/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md %})
+* [CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc](https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/)
+* [CVE-2024-27280: Buffer overread vulnerability in StringIO](https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/)
+
+See the [GitHub releases](https://github.com/ruby/ruby/releases/tag/v3_0_7) for further details.
+
+After this release, Ruby 3.0 reaches EOL. In other words, this is expected to be the last release of Ruby 3.0 series.
+We will not release Ruby 3.0.8 even if a security vulnerability is found (but could release if a severe regression is found).
+We recommend all Ruby 3.0 users to start migration to Ruby 3.3, 3.2, or 3.1 immediately.
+
+## Download
+
+{% assign release = site.data.releases | where: "version", "3.0.7" | first %}
+
+* <{{ release.url.gz }}>
+
+      SIZE: {{ release.size.gz }}
+      SHA1: {{ release.sha1.gz }}
+      SHA256: {{ release.sha256.gz }}
+      SHA512: {{ release.sha512.gz }}
+
+* <{{ release.url.xz }}>
+
+      SIZE: {{ release.size.xz }}
+      SHA1: {{ release.sha1.xz }}
+      SHA256: {{ release.sha256.xz }}
+      SHA512: {{ release.sha512.xz }}
+
+* <{{ release.url.zip }}>
+
+      SIZE: {{ release.size.zip }}
+      SHA1: {{ release.sha1.zip }}
+      SHA256: {{ release.sha256.zip }}
+      SHA512: {{ release.sha512.zip }}
+
+## Release Comment
+
+Many committers, developers, and users who provided bug reports helped us make this release.
+Thanks for their contributions.

ko/news/_posts/2024-04-23-ruby-3-1-5-released.md

@@ -0,0 +1,49 @@
+---
+layout: news_post
+title: "Ruby 3.1.5 Released"
+author: "hsbt"
+translator:
+date: 2024-04-23 10:00:00 +0000
+lang: en
+---
+
+Ruby 3.1.5 has been released.
+
+This release includes security fixes.
+Please check the topics below for details.
+
+* [CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search]({%link en/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md %})
+* [CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc](https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/)
+* [CVE-2024-27280: Buffer overread vulnerability in StringIO](https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/)
+
+See the [GitHub releases](https://github.com/ruby/ruby/releases/tag/v3_1_5) for further details.
+
+## Download
+
+{% assign release = site.data.releases | where: "version", "3.1.5" | first %}
+
+* <{{ release.url.gz }}>
+
+      SIZE: {{ release.size.gz }}
+      SHA1: {{ release.sha1.gz }}
+      SHA256: {{ release.sha256.gz }}
+      SHA512: {{ release.sha512.gz }}
+
+* <{{ release.url.xz }}>
+
+      SIZE: {{ release.size.xz }}
+      SHA1: {{ release.sha1.xz }}
+      SHA256: {{ release.sha256.xz }}
+      SHA512: {{ release.sha512.xz }}
+
+* <{{ release.url.zip }}>
+
+      SIZE: {{ release.size.zip }}
+      SHA1: {{ release.sha1.zip }}
+      SHA256: {{ release.sha256.zip }}
+      SHA512: {{ release.sha512.zip }}
+
+## Release Comment
+
+Many committers, developers, and users who provided bug reports helped us make this release.
+Thanks for their contributions.

ko/news/_posts/2024-04-23-ruby-3-2-4-released.md

@@ -0,0 +1,49 @@
+---
+layout: news_post
+title: "Ruby 3.2.4 Released"
+author: "nagachika"
+translator:
+date: 2024-04-23 10:00:00 +0000
+lang: en
+---
+
+Ruby 3.2.4 has been released.
+
+This release includes security fixes.
+Please check the topics below for details.
+
+* [CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search]({%link en/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md %})
+* [CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc](https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/)
+* [CVE-2024-27280: Buffer overread vulnerability in StringIO](https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/)
+
+See the [GitHub releases](https://github.com/ruby/ruby/releases/tag/v3_2_4) for further details.
+
+## Download
+
+{% assign release = site.data.releases | where: "version", "3.2.4" | first %}
+
+* <{{ release.url.gz }}>
+
+      SIZE: {{ release.size.gz }}
+      SHA1: {{ release.sha1.gz }}
+      SHA256: {{ release.sha256.gz }}
+      SHA512: {{ release.sha512.gz }}
+
+* <{{ release.url.xz }}>
+
+      SIZE: {{ release.size.xz }}
+      SHA1: {{ release.sha1.xz }}
+      SHA256: {{ release.sha256.xz }}
+      SHA512: {{ release.sha512.xz }}
+
+* <{{ release.url.zip }}>
+
+      SIZE: {{ release.size.zip }}
+      SHA1: {{ release.sha1.zip }}
+      SHA256: {{ release.sha256.zip }}
+      SHA512: {{ release.sha512.zip }}
+
+## Release Comment
+
+Many committers, developers, and users who provided bug reports helped us make this release.
+Thanks for their contributions.

ko/news/_posts/2024-04-23-ruby-3-3-1-released.md

@@ -0,0 +1,49 @@
+---
+layout: news_post
+title: "Ruby 3.3.1 Released"
+author: "naruse"
+translator:
+date: 2024-04-23 10:00:00 +0000
+lang: en
+---
+
+Ruby 3.3.1 has been released.
+
+This release includes security fixes.
+Please check the topics below for details.
+
+* [CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search]({%link en/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md %})
+* [CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc](https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/)
+* [CVE-2024-27280: Buffer overread vulnerability in StringIO](https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/)
+
+See the [GitHub releases](https://github.com/ruby/ruby/releases/tag/v3_3_1) for further details.
+
+## Download
+
+{% assign release = site.data.releases | where: "version", "3.3.1" | first %}
+
+* <{{ release.url.gz }}>
+
+      SIZE: {{ release.size.gz }}
+      SHA1: {{ release.sha1.gz }}
+      SHA256: {{ release.sha256.gz }}
+      SHA512: {{ release.sha512.gz }}
+
+* <{{ release.url.xz }}>
+
+      SIZE: {{ release.size.xz }}
+      SHA1: {{ release.sha1.xz }}
+      SHA256: {{ release.sha256.xz }}
+      SHA512: {{ release.sha512.xz }}
+
+* <{{ release.url.zip }}>
+
+      SIZE: {{ release.size.zip }}
+      SHA1: {{ release.sha1.zip }}
+      SHA256: {{ release.sha256.zip }}
+      SHA512: {{ release.sha512.zip }}
+
+## Release Comment
+
+Many committers, developers, and users who provided bug reports helped us make this release.
+Thanks for their contributions.