[CLSA-2026:1781171570] Fix CVE(s): CVE-2026-27820
Type:
security
Severity:
Critical
Release date:
2026-06-11 09:55:37 UTC
Description:
* SECURITY UPDATE: Heap buffer overflow in the bundled zlib extension via Zlib::GzipReader#ungetc - debian/patches/CVE-2026-27820.patch: in zstream_buffer_ungets() (ext/zlib/zlib.c) the output buffer was expanded only when it was already full (rb_str_capacity(z->buf) <= ZSTREAM_BUF_FILLED(z)), so a large ungetc payload memmove()'d and wrote past the allocation. Make the expansion unconditional via zstream_expand_buffer_into(z, len), which guarantees capacity for filled + len before the memmove. Also backports the upstream regression test test_ungetc_buffer_underflow. - CVE-2026-27820
CVEs fixed:
Updated packages:
  • alt-ruby30_3.0.7-173_amd64.deb
    sha:0ff632ec6137d9888e73dc1a55412faff94aaa9d
  • alt-ruby30-default-gems_3.0.7-173_amd64.deb
    sha:ccbcf83298c45cd75c25454e3819a03acf01e3e9
  • alt-ruby30-devel_3.0.7-173_amd64.deb
    sha:577d3b82ffe29bc933b42ba600f4c4b687a038d3
  • alt-ruby30-doc_3.0.7-173_amd64.deb
    sha:9a33ca0e82cb8689459ca144e1490ee4b58206c2
  • alt-ruby30-libs_3.0.7-173_amd64.deb
    sha:30597f6f88f84df97bd337defa15630272a1c758
  • alt-ruby30-rubygem-bigdecimal_3.0.0-173_amd64.deb
    sha:4d6bf45a4e829b9e378d26f0ae11ab2a798b8b35
  • alt-ruby30-rubygem-bundler_2.2.33-173_amd64.deb
    sha:706288a6ed694a2d271aaec6e421c48ae108d221
  • alt-ruby30-rubygem-io-console_0.5.7-173_amd64.deb
    sha:6e836498005fd3db6f5124de55c7e9e3d268bc41
  • alt-ruby30-rubygem-irb_1.3.5-173_amd64.deb
    sha:213244109c5cf5d9be84bad07eb209c3bdff9a21
  • alt-ruby30-rubygem-json_2.5.1-173_amd64.deb
    sha:9a508d31e153d6618a5cfed5df01551fc1225429
  • alt-ruby30-rubygem-minitest_5.14.2-173_amd64.deb
    sha:1f370b1e1d917d1077f22f8249e36a24f35ba3c1
  • alt-ruby30-rubygem-power-assert_1.2.1-173_amd64.deb
    sha:137f06d8b30091b880218fdbc2dbf73c6f677ac3
  • alt-ruby30-rubygem-psych_3.3.2-173_amd64.deb
    sha:5f8218e9adf9bac7ea158d93058f52acfd4d973e
  • alt-ruby30-rubygem-rake_13.0.3-173_amd64.deb
    sha:eca29b1933622a58ea4415c7f2e4ea72700667c2
  • alt-ruby30-rubygem-rbs_1.4.0-173_amd64.deb
    sha:acfca0af9592fdd44d90616ef4b31b111ee79ac7
  • alt-ruby30-rubygem-rdoc_6.3.4.1-173_amd64.deb
    sha:4aa249b42e775e7b64b234546496c7c2d247240b
  • alt-ruby30-rubygem-rexml_3.2.5-173_amd64.deb
    sha:4c38232f968e0d4d075955b09d237fd3009e5866
  • alt-ruby30-rubygem-rss_0.2.9-173_amd64.deb
    sha:62f60f8d045e37c6fc24205fef0108b7621d6c19
  • alt-ruby30-rubygem-test-unit_3.3.7-173_amd64.deb
    sha:dca9471f6162b0c862c628cc219cd464d64d82fa
  • alt-ruby30-rubygem-typeprof_0.15.2-173_amd64.deb
    sha:9b3a2fcf506ae655c6274c36193ef470f62499de
  • alt-ruby30-rubygems_3.2.33-173_amd64.deb
    sha:ee6c0ba238d9de2915051f43b98dd5dec439a626
  • alt-ruby30-rubygems-devel_3.2.33-173_amd64.deb
    sha:9113684b0bdc2a0aa0fc09914ccd009fbaa19e3a
  • alt-ruby30_3.0.7-173_arm64.deb
    sha:a2fafb4ad3c88a81d244dff310cf560f0bc84e7f
  • alt-ruby30-default-gems_3.0.7-173_arm64.deb
    sha:9a178c1d00aa5d5c26109d7dde88166b4d9dcd6d
  • alt-ruby30-devel_3.0.7-173_arm64.deb
    sha:b5b248bc6604d390bd9af367ccc4d57c5a45abe5
  • alt-ruby30-doc_3.0.7-173_arm64.deb
    sha:2689d02a1f51f2457293a70af6ee5cbbc7bf899e
  • alt-ruby30-libs_3.0.7-173_arm64.deb
    sha:5c80c81d572cad4e08469e35a18fbd2e15384d9f
  • alt-ruby30-rubygem-bigdecimal_3.0.0-173_arm64.deb
    sha:4b19d597ea7d80568e021b8305ee2bf781ee1e0c
  • alt-ruby30-rubygem-bundler_2.2.33-173_arm64.deb
    sha:a9903f3cb150e29266f7affb12f68d01743a6090
  • alt-ruby30-rubygem-io-console_0.5.7-173_arm64.deb
    sha:803779de1cefab88874fe1b380d63097f7f012e3
  • alt-ruby30-rubygem-irb_1.3.5-173_arm64.deb
    sha:6c6c9f7bbdfb3b8747c34f155b2d41d11a1ac770
  • alt-ruby30-rubygem-json_2.5.1-173_arm64.deb
    sha:69619cc838839e0e9d1cf7db57d3647f9215ad2f
  • alt-ruby30-rubygem-minitest_5.14.2-173_arm64.deb
    sha:75320693fa92ca6da81bc4af6052988ab062500c
  • alt-ruby30-rubygem-power-assert_1.2.1-173_arm64.deb
    sha:457e2c7b750c80e26d9ae0ae32bd530e574e98a9
  • alt-ruby30-rubygem-psych_3.3.2-173_arm64.deb
    sha:ae6bf0fd07c4e7525e9dcedb4fc56790b2e86037
  • alt-ruby30-rubygem-rake_13.0.3-173_arm64.deb
    sha:9e86eeac0b5e5d8b344b1ddd941fe84b1ba9d9a9
  • alt-ruby30-rubygem-rbs_1.4.0-173_arm64.deb
    sha:02f2d7dfccbc4a955e2538764721b05e34ec6152
  • alt-ruby30-rubygem-rdoc_6.3.4.1-173_arm64.deb
    sha:132aa019f816c4d7df7aff6f1316cf8400763c3d
  • alt-ruby30-rubygem-rexml_3.2.5-173_arm64.deb
    sha:eb485910f43c36d0cba2eafde26bcf79b43b7f2c
  • alt-ruby30-rubygem-rss_0.2.9-173_arm64.deb
    sha:4a150931ff3093ade805af48de9d994b7c1809cb
  • alt-ruby30-rubygem-test-unit_3.3.7-173_arm64.deb
    sha:b5609a682bb4b2f48c8a537376d1cf7321bdcb8a
  • alt-ruby30-rubygem-typeprof_0.15.2-173_arm64.deb
    sha:c5a1b946cd22bf9396f579f077ff7c97fe62e125
  • alt-ruby30-rubygems_3.2.33-173_arm64.deb
    sha:c033e11585c45763046af6840a2e14afe88e1796
  • alt-ruby30-rubygems-devel_3.2.33-173_arm64.deb
    sha:71bae820c901f1ca192bbdf01ac981ecdf48e745
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.