[CLSA-2026:1781179481] Fix CVE(s): CVE-2026-27820

Type:

security

Severity:

Critical

Release date:

2026-06-11 16:03:07 UTC

Description:

   * SECURITY UPDATE: Heap buffer overflow in the bundled zlib extension via
     Zlib::GzipReader#ungetc
     - debian/patches/CVE-2026-27820.patch: in zstream_buffer_ungets()
       (ext/zlib/zlib.c) the output buffer was expanded only when it was
       already full (rb_str_capacity(z->buf) <= ZSTREAM_BUF_FILLED(z)), so a
       large ungetc payload memmove()'d and wrote past the allocation. Make
       the expansion unconditional via zstream_expand_buffer_into(z, len),
       which guarantees capacity for filled + len before the memmove. Also
       backports the upstream regression test test_ungetc_buffer_underflow.
     - CVE-2026-27820

CVEs fixed:

CVE-2026-27820

Updated packages:

alt-ruby30_3.0.7-173_amd64.deb
sha:440057ca72e5228f1b2a44f51c0bc26e4803d000
alt-ruby30-default-gems_3.0.7-173_amd64.deb
sha:78396167f643f49b6051e5db8ce36833410b5bb3
alt-ruby30-devel_3.0.7-173_amd64.deb
sha:35922a44735e5d065a811d40e81f4a581edaac6e
alt-ruby30-doc_3.0.7-173_amd64.deb
sha:fc3d713fb6754e863558f5bc0f823ce4bb0e6935
alt-ruby30-libs_3.0.7-173_amd64.deb
sha:38671c6f3f9df9ec5683ff9959fed1d16ca4be88
alt-ruby30-rubygem-bigdecimal_3.0.0-173_amd64.deb
sha:896e49d6377fea2a54438a77bc4956daf524dd87
alt-ruby30-rubygem-bundler_2.2.33-173_amd64.deb
sha:c58dcf41bdf26baf907bf645221e42ca9c03fb9a
alt-ruby30-rubygem-io-console_0.5.7-173_amd64.deb
sha:3601e2dddef10e8d7eb4ca0ff5f68574089203d2
alt-ruby30-rubygem-irb_1.3.5-173_amd64.deb
sha:f33303ff0432a8d45cb3dbd72ae4d2eeebb06a13
alt-ruby30-rubygem-json_2.5.1-173_amd64.deb
sha:743eb07ccf87395600df2767170f64e1a1d23184
alt-ruby30-rubygem-minitest_5.14.2-173_amd64.deb
sha:2f125bc0e1dcfab48a24f9d26b4ac6a2cf7accdb
alt-ruby30-rubygem-power-assert_1.2.1-173_amd64.deb
sha:49318402d68c9ea43354f962c6946171d28d54c2
alt-ruby30-rubygem-psych_3.3.2-173_amd64.deb
sha:beafd6874618220c785799e2625900f99bc26010
alt-ruby30-rubygem-rake_13.0.3-173_amd64.deb
sha:6a8caeed7e1dfb68582c86200d388d00089fef42
alt-ruby30-rubygem-rbs_1.4.0-173_amd64.deb
sha:874030a372ee70e1f8934450813301a2d89d0ad8
alt-ruby30-rubygem-rdoc_6.3.4.1-173_amd64.deb
sha:eefa358be2077764f9c8aaca3d5fdfa8955b675f
alt-ruby30-rubygem-rexml_3.2.5-173_amd64.deb
sha:219a2f5bea0c536d8efbb20ef522e36c7d6b012f
alt-ruby30-rubygem-rss_0.2.9-173_amd64.deb
sha:24ded8270bb1893f14bdfcd15b89bae0669bd8e0
alt-ruby30-rubygem-test-unit_3.3.7-173_amd64.deb
sha:ecfc32b53569c24f17a47bbcbe666aa218005441
alt-ruby30-rubygem-typeprof_0.15.2-173_amd64.deb
sha:41e1f18ec40d148ca65ebed4b2898d772bd0d077
alt-ruby30-rubygems_3.2.33-173_amd64.deb
sha:e07d282db3e416f3c210c41faedd954887bbe5dd
alt-ruby30-rubygems-devel_3.2.33-173_amd64.deb
sha:98bbe69bdabfaf0fa95c13a4b998436722e1beaa

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.