openSUSE Security Update: Security update for rubygem-rexml
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2025:0129-1
Rating:             moderate
References:         #1224390 #1228072 #1228794 #1228799 #1229673 
                    #1232440 
Cross-References:   CVE-2024-35176 CVE-2024-39908 CVE-2024-41123
                    CVE-2024-41946 CVE-2024-43398 CVE-2024-49761
                   
CVSS scores:
                    CVE-2024-35176 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2024-39908 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2024-41123 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
                    CVE-2024-41946 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
                    CVE-2024-43398 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
                    CVE-2024-49761 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    openSUSE Backports SLE-15-SP6
______________________________________________________________________________

   An update that fixes 6 vulnerabilities is now available.

Description:

   rubygem-rexml was updated to 3.3.9:

   - fixes CVE-2024-49761, CVE-2024-43398, CVE-2024-41946, CVE-2024-41123,
     CVE-2024-39908, CVE-2024-35176
   - bsc#1232440, bsc#1229673, bsc#1228799, bsc#1228794, bsc#1228072,
     bsc#1224390

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP6:

      zypper in -t patch openSUSE-2025-129=1

Package List:

   - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

      ruby2.5-rubygem-rexml-3.3.9-bp156.4.3.1
      ruby2.5-rubygem-rexml-doc-3.3.9-bp156.4.3.1

References:

   https://www.suse.com/security/cve/CVE-2024-35176.html
   https://www.suse.com/security/cve/CVE-2024-39908.html
   https://www.suse.com/security/cve/CVE-2024-41123.html
   https://www.suse.com/security/cve/CVE-2024-41946.html
   https://www.suse.com/security/cve/CVE-2024-43398.html
   https://www.suse.com/security/cve/CVE-2024-49761.html
   https://bugzilla.suse.com/1224390
   https://bugzilla.suse.com/1228072
   https://bugzilla.suse.com/1228794
   https://bugzilla.suse.com/1228799
   https://bugzilla.suse.com/1229673
   https://bugzilla.suse.com/1232440