[ALSA-2019:1972] ruby:2.5 security update
Severity
Important
Affected Packages
13
CVEs
1
An update for the ruby:2.5 module is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
- rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- ID
- ALSA-2019:1972
- Severity
- important
- URL
- https://errata.almalinux.org/ALSA-2019:1972.html
- Published
-
2019-07-30T11:16:25
(5 years ago) - Modified
-
2019-07-30T15:56:05
(5 years ago) - Rights
- Copyright 2022 AlmaLinux OS
- Other Advisories
-
-
ALAS-2019-1255
-
ALAS2-2019-1249
-
ALPINE:CVE-2019-8324
-
DSA-4433-1
-
ELSA-2019-1235
-
ELSA-2019-1972
-
FEDORA-2019-a155364f3c
-
FEDORA-2019-feac6674b7
-
FREEBSD:27B12D04-4722-11E9-8B7C-B5E01141761F
-
openSUSE-SU-2019:1771-1
-
RHSA-2019:1235
-
RHSA-2019:1972
-
RLSA-2019:1972
-
RUBYSEC:RUBYGEMS-UPDATE-2019-8324
-
SUSE-SU-2019:1804-1
-
SUSE-SU-2020:1570-1
-
USN-3945-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Self | ALSA-2019-1972 |
|
|
| CVE | CVE-2019-8324 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/almalinux/rubygem-pg?arch=x86_64&distro=almalinux-8.5 | almalinux |
 rubygem-pg
|
< 1.0.0-2.module_el8.5.0+2625+ec418553 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-pg?arch=aarch64&distro=almalinux-8.5 | almalinux |
rubygem-pg
|
< 1.0.0-2.module_el8.5.0+2625+ec418553 | almalinux-8.5 | aarch64 | |
| Affected | pkg:rpm/almalinux/rubygem-pg-doc?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-pg-doc
|
< 1.0.0-2.module_el8.5.0+2625+ec418553 | almalinux-8.5 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-mysql2?arch=x86_64&distro=almalinux-8.5 | almalinux |
rubygem-mysql2
|
< 0.4.10-4.module_el8.5.0+2625+ec418553 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-mysql2?arch=aarch64&distro=almalinux-8.5 | almalinux |
rubygem-mysql2
|
< 0.4.10-4.module_el8.5.0+2625+ec418553 | almalinux-8.5 | aarch64 | |
| Affected | pkg:rpm/almalinux/rubygem-mysql2-doc?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-mysql2-doc
|
< 0.4.10-4.module_el8.5.0+2625+ec418553 | almalinux-8.5 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-mongo?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-mongo
|
< 2.5.1-2.module_el8.5.0+2625+ec418553 | almalinux-8.5 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-mongo-doc?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-mongo-doc
|
< 2.5.1-2.module_el8.5.0+2625+ec418553 | almalinux-8.5 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-bson?arch=x86_64&distro=almalinux-8.5 | almalinux |
rubygem-bson
|
< 4.3.0-2.module_el8.5.0+2625+ec418553 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-bson?arch=aarch64&distro=almalinux-8.5 | almalinux |
rubygem-bson
|
< 4.3.0-2.module_el8.5.0+2625+ec418553 | almalinux-8.5 | aarch64 | |
| Affected | pkg:rpm/almalinux/rubygem-bson-doc?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-bson-doc
|
< 4.3.0-2.module_el8.5.0+2625+ec418553 | almalinux-8.5 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-abrt?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-abrt
|
< 0.3.0-4.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-abrt-doc?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-abrt-doc
|
< 0.3.0-4.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |