Closed chaitrahegde115 closed 1 week ago
It seems that it is a library side CVE, not ruby gem.
https://security-tracker.debian.org/tracker/CVE-2023-0464 https://security-tracker.debian.org/tracker/CVE-2023-4807 https://security-tracker.debian.org/tracker/CVE-2023-5363
At least about debian, it seems that these CVE was already fixed so If you update to latest one, it does not affect.
RHEL or other distribution, need to check it.
https://access.redhat.com/errata/RHSA-2023:3722 CVE-2023-0464 https://access.redhat.com/errata/RHSA-2024:0310 CVE-2023-5363
CVE-2023-4807 may be windows specific and it says:
However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.
ref. https://security-tracker.debian.org/tracker/CVE-2023-4807
Need to update system's library, so no need to taking action, I'll close it.
Hi, Below CVE's are reported in 5.0.2 fluent-package-builder openssl gem(/opt/fluent/lib/ruby/gems/3.2.0/specifications/default/openssl-3.1.0.gemspec). CVE-2023-0464, CVE-2023-4807, CVE-2023-5363. Let me know if these CVE's have any impact on openssl ruby gem.