[ALSA-2021:2588] ruby:2.6 security, bug fix, and enhancement update
An update for the ruby:2.6 module is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: ruby (2.6.7). (BZ#1952627)
Security Fix(es):
rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code (CVE-2019-3881)
ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)
ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201)
ruby: Code injection via command argument of Shell#test / Shell#
rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)
ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)
ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)
ruby: HTTP response splitting in WEBrick (CVE-2019-16254)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Resolv::DNS: ruby:2.6/ruby: timeouts if multiple IPv6 name servers are given and address contains leading zero almalinux-8
- ID
- ALSA-2021:2588
- Severity
- moderate
- URL
- https://errata.almalinux.org/ALSA-2021:2588.html
- Published
-
2021-06-29T13:58:40
(3 years ago) - Modified
-
2023-09-15T13:41:48
(12 months ago) - Rights
- Copyright 2022 AlmaLinux OS
- Other Advisories
-
- ALAS-2020-1416
- ALAS-2020-1422
- ALAS-2020-1423
- ALAS-2020-1426
- ALAS-2020-1451
- ALAS-2021-1468
- ALAS-2021-1501
- ALAS2-2021-1641
- ALAS2-2024-2486
- ALPINE:CVE-2019-15845
- ALPINE:CVE-2019-16201
- ALPINE:CVE-2019-16254
- ALPINE:CVE-2019-16255
- ALPINE:CVE-2020-10663
- ALPINE:CVE-2020-10933
- ALPINE:CVE-2020-25613
- ALPINE:CVE-2021-28965
- ALSA-2021:2584
- ALSA-2021:2587
- ASA-201910-2
- ASA-202104-1
- DSA-4586-1
- DSA-4587-1
- DSA-4721-1
- DSA-5066-1
- ELSA-2020-5724
- ELSA-2021-2584
- ELSA-2021-2587
- ELSA-2021-2588
- FEDORA-2020-02ca18c2a0
- FEDORA-2020-26df92331a
- FEDORA-2020-a95706b117
- FEDORA-2020-d171bf636d
- FEDORA-2020-fe2a7d7390
- FEDORA-2021-0ea39d8eb3
- FEDORA-2021-6385a09efc
- FEDORA-2021-7b8b65bc7a
- FREEBSD:40194E1C-6D89-11EA-8082-80EE73419AF3
- FREEBSD:A2A2B34D-52B4-11EB-87CB-001B217B3468
- FREEBSD:DEC7E4B6-961A-11EB-9C34-080027F515EA
- FREEBSD:F7FCB75C-E537-11E9-863E-B9B7AF01BA9E
- FREEBSD:FB6E53AE-9DF6-11EB-BA8C-001B217B3468
- GLSA-202003-06
- GLSA-202401-27
- GLSA-202408-22
- MS:CVE-2019-15845
- MS:CVE-2019-16201
- MS:CVE-2019-16254
- MS:CVE-2019-16255
- MS:CVE-2020-10933
- MS:CVE-2020-25613
- MS:CVE-2021-28965
- openSUSE-SU-2020:0395-1
- openSUSE-SU-2020:0586-1
- openSUSE-SU-2020:0803-1
- openSUSE-SU-2020:0861-1
- openSUSE-SU-2021:0471-1
- openSUSE-SU-2021:0607-1
- RHSA-2020:2462
- RHSA-2021:2584
- RHSA-2021:2587
- RHSA-2021:2588
- RLSA-2021:2584
- RLSA-2021:2587
- RLSA-2021:2588
- RUBYSEC:BUNDLER-2019-3881
- RUBYSEC:JSON-2020-10663
- RUBYSEC:PUMA-2020-5247
- RUBYSEC:REXML-2021-28965
- RUBYSEC:WEBRICK-2020-25613
- SUSE-SU-2020:0737-1
- SUSE-SU-2020:0995-1
- SUSE-SU-2020:1570-1
- SUSE-SU-2020:1582-1
- SUSE-SU-2020:1582-2
- SUSE-SU-2020:1901-1
- SUSE-SU-2021:0933-1
- SUSE-SU-2021:1280-1
- SUSE-SU-2021:3837-1
- USN-4201-1
- USN-4870-1
- USN-4882-1
- USN-4922-1
- USN-4922-2
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2019-15845 | https://vulners.com/cve/CVE-2019-15845 | |
CVE | CVE-2019-16201 | https://vulners.com/cve/CVE-2019-16201 | |
CVE | CVE-2019-16254 | https://vulners.com/cve/CVE-2019-16254 | |
CVE | CVE-2019-16255 | https://vulners.com/cve/CVE-2019-16255 | |
CVE | CVE-2019-3881 | https://vulners.com/cve/CVE-2019-3881 | |
CVE | CVE-2020-10663 | https://vulners.com/cve/CVE-2020-10663 | |
CVE | CVE-2020-10933 | https://vulners.com/cve/CVE-2020-10933 | |
CVE | CVE-2020-25613 | https://vulners.com/cve/CVE-2020-25613 | |
CVE | CVE-2021-28965 | https://vulners.com/cve/CVE-2021-28965 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/almalinux/rubygems?arch=noarch&distro=almalinux-8.4 | almalinux | rubygems | < 3.0.3.1-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
Affected | pkg:rpm/almalinux/rubygems-devel?arch=noarch&distro=almalinux-8.4 | almalinux | rubygems-devel | < 3.0.3.1-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-xmlrpc?arch=noarch&distro=almalinux-8.4 | almalinux | rubygem-xmlrpc | < 0.3.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-test-unit?arch=noarch&distro=almalinux-8.4 | almalinux | rubygem-test-unit | < 3.2.9-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-rdoc?arch=noarch&distro=almalinux-8.4 | almalinux | rubygem-rdoc | < 6.1.2-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-rake?arch=noarch&distro=almalinux-8.4 | almalinux | rubygem-rake | < 12.3.3-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-psych?arch=x86_64&distro=almalinux-8.4 | almalinux | rubygem-psych | < 3.1.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
Affected | pkg:rpm/almalinux/rubygem-psych?arch=i686&distro=almalinux-8.4 | almalinux | rubygem-psych | < 3.1.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 | |
Affected | pkg:rpm/almalinux/rubygem-power_assert?arch=noarch&distro=almalinux-8.4 | almalinux | rubygem-power_assert | < 1.1.3-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-pg?arch=x86_64&distro=almalinux-8.5 | almalinux | rubygem-pg | < 1.1.4-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | x86_64 | |
Affected | pkg:rpm/almalinux/rubygem-pg?arch=x86_64&distro=almalinux-8.1 | almalinux | rubygem-pg | < 1.1.4-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | x86_64 | |
Affected | pkg:rpm/almalinux/rubygem-pg?arch=aarch64&distro=almalinux-8.5 | almalinux | rubygem-pg | < 1.1.4-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | aarch64 | |
Affected | pkg:rpm/almalinux/rubygem-pg-doc?arch=noarch&distro=almalinux-8.5 | almalinux | rubygem-pg-doc | < 1.1.4-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-pg-doc?arch=noarch&distro=almalinux-8.1 | almalinux | rubygem-pg-doc | < 1.1.4-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-openssl?arch=x86_64&distro=almalinux-8.4 | almalinux | rubygem-openssl | < 2.1.2-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
Affected | pkg:rpm/almalinux/rubygem-openssl?arch=i686&distro=almalinux-8.4 | almalinux | rubygem-openssl | < 2.1.2-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 | |
Affected | pkg:rpm/almalinux/rubygem-net-telnet?arch=noarch&distro=almalinux-8.4 | almalinux | rubygem-net-telnet | < 0.2.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-mysql2?arch=x86_64&distro=almalinux-8.5 | almalinux | rubygem-mysql2 | < 0.5.2-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | x86_64 | |
Affected | pkg:rpm/almalinux/rubygem-mysql2?arch=x86_64&distro=almalinux-8.1 | almalinux | rubygem-mysql2 | < 0.5.2-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | x86_64 | |
Affected | pkg:rpm/almalinux/rubygem-mysql2?arch=aarch64&distro=almalinux-8.5 | almalinux | rubygem-mysql2 | < 0.5.2-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | aarch64 | |
Affected | pkg:rpm/almalinux/rubygem-mysql2-doc?arch=noarch&distro=almalinux-8.5 | almalinux | rubygem-mysql2-doc | < 0.5.2-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-mysql2-doc?arch=noarch&distro=almalinux-8.1 | almalinux | rubygem-mysql2-doc | < 0.5.2-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-mongo?arch=noarch&distro=almalinux-8.5 | almalinux | rubygem-mongo | < 2.8.0-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-mongo?arch=noarch&distro=almalinux-8.1 | almalinux | rubygem-mongo | < 2.8.0-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-mongo-doc?arch=noarch&distro=almalinux-8.5 | almalinux | rubygem-mongo-doc | < 2.8.0-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-mongo-doc?arch=noarch&distro=almalinux-8.1 | almalinux | rubygem-mongo-doc | < 2.8.0-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-minitest?arch=noarch&distro=almalinux-8.4 | almalinux | rubygem-minitest | < 5.11.3-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-json?arch=x86_64&distro=almalinux-8.4 | almalinux | rubygem-json | < 2.1.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
Affected | pkg:rpm/almalinux/rubygem-json?arch=i686&distro=almalinux-8.4 | almalinux | rubygem-json | < 2.1.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 | |
Affected | pkg:rpm/almalinux/rubygem-irb?arch=noarch&distro=almalinux-8.4 | almalinux | rubygem-irb | < 1.0.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-io-console?arch=x86_64&distro=almalinux-8.4 | almalinux | rubygem-io-console | < 0.4.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
Affected | pkg:rpm/almalinux/rubygem-io-console?arch=i686&distro=almalinux-8.4 | almalinux | rubygem-io-console | < 0.4.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 | |
Affected | pkg:rpm/almalinux/rubygem-did_you_mean?arch=noarch&distro=almalinux-8.4 | almalinux | rubygem-did_you_mean | < 1.3.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-bundler?arch=noarch&distro=almalinux-8.4 | almalinux | rubygem-bundler | < 1.17.2-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-bson?arch=x86_64&distro=almalinux-8.5 | almalinux | rubygem-bson | < 4.5.0-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | x86_64 | |
Affected | pkg:rpm/almalinux/rubygem-bson?arch=x86_64&distro=almalinux-8.1 | almalinux | rubygem-bson | < 4.5.0-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | x86_64 | |
Affected | pkg:rpm/almalinux/rubygem-bson?arch=aarch64&distro=almalinux-8.5 | almalinux | rubygem-bson | < 4.5.0-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | aarch64 | |
Affected | pkg:rpm/almalinux/rubygem-bson-doc?arch=noarch&distro=almalinux-8.5 | almalinux | rubygem-bson-doc | < 4.5.0-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-bson-doc?arch=noarch&distro=almalinux-8.1 | almalinux | rubygem-bson-doc | < 4.5.0-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-bigdecimal?arch=x86_64&distro=almalinux-8.4 | almalinux | rubygem-bigdecimal | < 1.4.1-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
Affected | pkg:rpm/almalinux/rubygem-bigdecimal?arch=i686&distro=almalinux-8.4 | almalinux | rubygem-bigdecimal | < 1.4.1-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 | |
Affected | pkg:rpm/almalinux/rubygem-abrt?arch=noarch&distro=almalinux-8.5 | almalinux | rubygem-abrt | < 0.3.0-4.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-abrt?arch=noarch&distro=almalinux-8.1 | almalinux | rubygem-abrt | < 0.3.0-4.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-abrt-doc?arch=noarch&distro=almalinux-8.5 | almalinux | rubygem-abrt-doc | < 0.3.0-4.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
Affected | pkg:rpm/almalinux/rubygem-abrt-doc?arch=noarch&distro=almalinux-8.1 | almalinux | rubygem-abrt-doc | < 0.3.0-4.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
Affected | pkg:rpm/almalinux/ruby?arch=x86_64&distro=almalinux-8.4 | almalinux | ruby | < 2.6.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
Affected | pkg:rpm/almalinux/ruby-libs?arch=x86_64&distro=almalinux-8.4 | almalinux | ruby-libs | < 2.6.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
Affected | pkg:rpm/almalinux/ruby-libs?arch=i686&distro=almalinux-8.4 | almalinux | ruby-libs | < 2.6.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 | |
Affected | pkg:rpm/almalinux/ruby-doc?arch=noarch&distro=almalinux-8.4 | almalinux | ruby-doc | < 2.6.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
Affected | pkg:rpm/almalinux/ruby-devel?arch=x86_64&distro=almalinux-8.4 | almalinux | ruby-devel | < 2.6.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
Affected | pkg:rpm/almalinux/ruby-devel?arch=i686&distro=almalinux-8.4 | almalinux | ruby-devel | < 2.6.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |