[CLSA-2026:1781000421] Fix CVE(s): CVE-2026-27820
Type:
security
Severity:
Critical
Release date:
2026-06-09 10:20:38 UTC
Description:
* SECURITY UPDATE: Heap buffer overflow in bundled zlib via Zlib::GzipReader#ungetc - debian/patches/CVE-2026-27820.patch: make the output-buffer expansion in zstream_buffer_ungets() unconditional via zstream_expand_buffer_into(z, len) instead of only growing when the buffer was already full. An ungetc payload larger than the remaining capacity previously made the memmove() calls write past the allocation, corrupting the heap. Adapted byte-identically from upstream ruby/zlib@608d2be6; the regression test test_ungetc_buffer_underflow is added to test/zlib/test_zlib.rb. - CVE-2026-27820
CVEs fixed:
Updated packages:
  • alt-ruby27_2.7.8-5_amd64.deb
    sha:565fc0113a113bd0e35e3c5c94f194a55308dc7c
  • alt-ruby27-default-gems_2.7.8-5_amd64.deb
    sha:ae01d77993c4685443d1bc4cd53d03c0ca526361
  • alt-ruby27-devel_2.7.8-5_amd64.deb
    sha:b9cf415b93a705fae89961c71ab53a75fca2a90a
  • alt-ruby27-doc_2.7.8-5_amd64.deb
    sha:017a5a63ad9f1e55b042e782ab4d46c626bc08b7
  • alt-ruby27-libs_2.7.8-5_amd64.deb
    sha:33163dbc79bba0be65c5c9aaa6e62114a9065e91
  • alt-ruby27-rubygem-bigdecimal_2.0.0-5_amd64.deb
    sha:9a766cd250edd04224e16303914e5098682ba0e7
  • alt-ruby27-rubygem-bundler_2.2.24-5_amd64.deb
    sha:42837b76ce878d5a04ada6a3cedc581d269cedac
  • alt-ruby27-rubygem-io-console_0.5.6-5_amd64.deb
    sha:fc47f6c49803084083f0a80ab77a0512babadf8e
  • alt-ruby27-rubygem-irb_1.2.6-5_amd64.deb
    sha:f6e9deddc4b7d9197cf7b07affca41c93145ddd3
  • alt-ruby27-rubygem-json_2.3.0-5_amd64.deb
    sha:927252a60a343a2362e3d4392820e1e33cfaba92
  • alt-ruby27-rubygem-minitest_5.13.0-5_amd64.deb
    sha:69151e74397654862b84fe65457e2902c7d1ea60
  • alt-ruby27-rubygem-net-telnet_0.2.0-5_amd64.deb
    sha:dffe40b17b47ff883e419386d6b034600c2e6db9
  • alt-ruby27-rubygem-power-assert_1.1.7-5_amd64.deb
    sha:7548ccb691e074a112870b74d249558c6df60ce1
  • alt-ruby27-rubygem-psych_3.1.0-5_amd64.deb
    sha:f776ac2fd52c454d35701f7e1abeb2d942fc4082
  • alt-ruby27-rubygem-rake_13.0.1-5_amd64.deb
    sha:125ff6f5d7779140c48b5986b8266c34c20f39f0
  • alt-ruby27-rubygem-rdoc_6.2.1.1-5_amd64.deb
    sha:adf32b4adb9f24968bdd24009d4711f139d2bf67
  • alt-ruby27-rubygem-test-unit_3.3.4-5_amd64.deb
    sha:4b52062da22d32a44851e41e2f6b77d4e16f154b
  • alt-ruby27-rubygem-typeprof_2.7.8-5_amd64.deb
    sha:c280204583dcfea91b8ccb29e02491e43c0ebdc4
  • alt-ruby27-rubygem-xmlrpc_0.3.0-5_amd64.deb
    sha:b0c95f6c5acedc4fd250b2ebb1c1b5a995f8a6ab
  • alt-ruby27-rubygems_3.1.6-5_amd64.deb
    sha:2885b16f206978467e661e673f793f67678de7a9
  • alt-ruby27-rubygems-devel_3.1.6-5_amd64.deb
    sha:a1826ddcc483f275af25e30beca06774a1bcca95
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.