[ALSA-2021:2588] ruby:2.6 security, bug fix, and enhancement update
Severity
Moderate
Affected Packages
51
CVEs
9
An update for the ruby:2.6 module is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: ruby (2.6.7). (BZ#1952627)
Security Fix(es):
rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code (CVE-2019-3881)
ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)
ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201)
ruby: Code injection via command argument of Shell#test / Shell#
rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)
ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)
ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)
ruby: HTTP response splitting in WEBrick (CVE-2019-16254)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Resolv::DNS: ruby:2.6/ruby: timeouts if multiple IPv6 name servers are given and address contains leading zero almalinux-8
- ID
- ALSA-2021:2588
- Severity
- moderate
- URL
- https://errata.almalinux.org/ALSA-2021:2588.html
- Published
-
2021-06-29T13:58:40
(3 years ago) - Modified
-
2023-09-15T13:41:48
(12 months ago) - Rights
- Copyright 2022 AlmaLinux OS
- Other Advisories
-
-
ALAS-2020-1416
-
ALAS-2020-1422
-
ALAS-2020-1423
-
ALAS-2020-1426
-
ALAS-2020-1451
-
ALAS-2021-1468
-
ALAS-2021-1501
-
ALAS2-2021-1641
-
ALAS2-2024-2486
-
ALPINE:CVE-2019-15845
-
ALPINE:CVE-2019-16201
-
ALPINE:CVE-2019-16254
-
ALPINE:CVE-2019-16255
-
ALPINE:CVE-2020-10663
-
ALPINE:CVE-2020-10933
-
ALPINE:CVE-2020-25613
-
ALPINE:CVE-2021-28965
-
ALSA-2021:2584
-
ALSA-2021:2587
-
ASA-201910-2
-
ASA-202104-1
-
DSA-4586-1
-
DSA-4587-1
-
DSA-4721-1
-
DSA-5066-1
-
ELSA-2020-5724
-
ELSA-2021-2584
-
ELSA-2021-2587
-
ELSA-2021-2588
-
FEDORA-2020-02ca18c2a0
-
FEDORA-2020-26df92331a
-
FEDORA-2020-a95706b117
-
FEDORA-2020-d171bf636d
-
FEDORA-2020-fe2a7d7390
-
FEDORA-2021-0ea39d8eb3
-
FEDORA-2021-6385a09efc
-
FEDORA-2021-7b8b65bc7a
-
FREEBSD:40194E1C-6D89-11EA-8082-80EE73419AF3
-
FREEBSD:A2A2B34D-52B4-11EB-87CB-001B217B3468
-
FREEBSD:DEC7E4B6-961A-11EB-9C34-080027F515EA
-
FREEBSD:F7FCB75C-E537-11E9-863E-B9B7AF01BA9E
-
FREEBSD:FB6E53AE-9DF6-11EB-BA8C-001B217B3468
-
GLSA-202003-06
-
GLSA-202401-27
-
GLSA-202408-22
-
MS:CVE-2019-15845
-
MS:CVE-2019-16201
-
MS:CVE-2019-16254
-
MS:CVE-2019-16255
-
MS:CVE-2020-10933
-
MS:CVE-2020-25613
-
MS:CVE-2021-28965
-
openSUSE-SU-2020:0395-1
-
openSUSE-SU-2020:0586-1
-
openSUSE-SU-2020:0803-1
-
openSUSE-SU-2020:0861-1
-
openSUSE-SU-2021:0471-1
-
openSUSE-SU-2021:0607-1
-
RHSA-2020:2462
-
RHSA-2021:2584
-
RHSA-2021:2587
-
RHSA-2021:2588
-
RLSA-2021:2584
-
RLSA-2021:2587
-
RLSA-2021:2588
-
RUBYSEC:BUNDLER-2019-3881
-
RUBYSEC:JSON-2020-10663
-
RUBYSEC:PUMA-2020-5247
-
RUBYSEC:REXML-2021-28965
-
RUBYSEC:WEBRICK-2020-25613
-
SUSE-SU-2020:0737-1
-
SUSE-SU-2020:0995-1
-
SUSE-SU-2020:1570-1
-
SUSE-SU-2020:1582-1
-
SUSE-SU-2020:1582-2
-
SUSE-SU-2020:1901-1
-
SUSE-SU-2021:0933-1
-
SUSE-SU-2021:1280-1
-
SUSE-SU-2021:3837-1
-
USN-4201-1
-
USN-4870-1
-
USN-4882-1
-
USN-4922-1
-
USN-4922-2
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2019-15845 |
|
|
| CVE | CVE-2019-16201 |
|
|
| CVE | CVE-2019-16254 |
|
|
| CVE | CVE-2019-16255 |
|
|
| CVE | CVE-2019-3881 |
|
|
| CVE | CVE-2020-10663 |
|
|
| CVE | CVE-2020-10933 |
|
|
| CVE | CVE-2020-25613 |
|
|
| CVE | CVE-2021-28965 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/almalinux/rubygems?arch=noarch&distro=almalinux-8.4 | almalinux |
 rubygems
|
< 3.0.3.1-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
| Affected | pkg:rpm/almalinux/rubygems-devel?arch=noarch&distro=almalinux-8.4 | almalinux |
rubygems-devel
|
< 3.0.3.1-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-xmlrpc?arch=noarch&distro=almalinux-8.4 | almalinux |
rubygem-xmlrpc
|
< 0.3.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-test-unit?arch=noarch&distro=almalinux-8.4 | almalinux |
rubygem-test-unit
|
< 3.2.9-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-rdoc?arch=noarch&distro=almalinux-8.4 | almalinux |
rubygem-rdoc
|
< 6.1.2-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-rake?arch=noarch&distro=almalinux-8.4 | almalinux |
rubygem-rake
|
< 12.3.3-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-psych?arch=x86_64&distro=almalinux-8.4 | almalinux |
rubygem-psych
|
< 3.1.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-psych?arch=i686&distro=almalinux-8.4 | almalinux |
rubygem-psych
|
< 3.1.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 | |
| Affected | pkg:rpm/almalinux/rubygem-power_assert?arch=noarch&distro=almalinux-8.4 | almalinux |
rubygem-power_assert
|
< 1.1.3-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-pg?arch=x86_64&distro=almalinux-8.5 | almalinux |
rubygem-pg
|
< 1.1.4-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-pg?arch=x86_64&distro=almalinux-8.1 | almalinux |
rubygem-pg
|
< 1.1.4-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-pg?arch=aarch64&distro=almalinux-8.5 | almalinux |
rubygem-pg
|
< 1.1.4-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | aarch64 | |
| Affected | pkg:rpm/almalinux/rubygem-pg-doc?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-pg-doc
|
< 1.1.4-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-pg-doc?arch=noarch&distro=almalinux-8.1 | almalinux |
rubygem-pg-doc
|
< 1.1.4-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-openssl?arch=x86_64&distro=almalinux-8.4 | almalinux |
rubygem-openssl
|
< 2.1.2-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-openssl?arch=i686&distro=almalinux-8.4 | almalinux |
rubygem-openssl
|
< 2.1.2-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 | |
| Affected | pkg:rpm/almalinux/rubygem-net-telnet?arch=noarch&distro=almalinux-8.4 | almalinux |
rubygem-net-telnet
|
< 0.2.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-mysql2?arch=x86_64&distro=almalinux-8.5 | almalinux |
rubygem-mysql2
|
< 0.5.2-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-mysql2?arch=x86_64&distro=almalinux-8.1 | almalinux |
rubygem-mysql2
|
< 0.5.2-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-mysql2?arch=aarch64&distro=almalinux-8.5 | almalinux |
rubygem-mysql2
|
< 0.5.2-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | aarch64 | |
| Affected | pkg:rpm/almalinux/rubygem-mysql2-doc?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-mysql2-doc
|
< 0.5.2-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-mysql2-doc?arch=noarch&distro=almalinux-8.1 | almalinux |
rubygem-mysql2-doc
|
< 0.5.2-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-mongo?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-mongo
|
< 2.8.0-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-mongo?arch=noarch&distro=almalinux-8.1 | almalinux |
rubygem-mongo
|
< 2.8.0-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-mongo-doc?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-mongo-doc
|
< 2.8.0-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-mongo-doc?arch=noarch&distro=almalinux-8.1 | almalinux |
rubygem-mongo-doc
|
< 2.8.0-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-minitest?arch=noarch&distro=almalinux-8.4 | almalinux |
rubygem-minitest
|
< 5.11.3-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-json?arch=x86_64&distro=almalinux-8.4 | almalinux |
rubygem-json
|
< 2.1.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-json?arch=i686&distro=almalinux-8.4 | almalinux |
rubygem-json
|
< 2.1.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 | |
| Affected | pkg:rpm/almalinux/rubygem-irb?arch=noarch&distro=almalinux-8.4 | almalinux |
rubygem-irb
|
< 1.0.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-io-console?arch=x86_64&distro=almalinux-8.4 | almalinux |
rubygem-io-console
|
< 0.4.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-io-console?arch=i686&distro=almalinux-8.4 | almalinux |
rubygem-io-console
|
< 0.4.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 | |
| Affected | pkg:rpm/almalinux/rubygem-did_you_mean?arch=noarch&distro=almalinux-8.4 | almalinux |
rubygem-did_you_mean
|
< 1.3.0-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-bundler?arch=noarch&distro=almalinux-8.4 | almalinux |
rubygem-bundler
|
< 1.17.2-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-bson?arch=x86_64&distro=almalinux-8.5 | almalinux |
rubygem-bson
|
< 4.5.0-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-bson?arch=x86_64&distro=almalinux-8.1 | almalinux |
rubygem-bson
|
< 4.5.0-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-bson?arch=aarch64&distro=almalinux-8.5 | almalinux |
rubygem-bson
|
< 4.5.0-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | aarch64 | |
| Affected | pkg:rpm/almalinux/rubygem-bson-doc?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-bson-doc
|
< 4.5.0-1.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-bson-doc?arch=noarch&distro=almalinux-8.1 | almalinux |
rubygem-bson-doc
|
< 4.5.0-1.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-bigdecimal?arch=x86_64&distro=almalinux-8.4 | almalinux |
rubygem-bigdecimal
|
< 1.4.1-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
| Affected | pkg:rpm/almalinux/rubygem-bigdecimal?arch=i686&distro=almalinux-8.4 | almalinux |
rubygem-bigdecimal
|
< 1.4.1-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 | |
| Affected | pkg:rpm/almalinux/rubygem-abrt?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-abrt
|
< 0.3.0-4.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-abrt?arch=noarch&distro=almalinux-8.1 | almalinux |
rubygem-abrt
|
< 0.3.0-4.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-abrt-doc?arch=noarch&distro=almalinux-8.5 | almalinux |
rubygem-abrt-doc
|
< 0.3.0-4.module_el8.5.0+2623+08a8ba32 | almalinux-8.5 | noarch | |
| Affected | pkg:rpm/almalinux/rubygem-abrt-doc?arch=noarch&distro=almalinux-8.1 | almalinux |
rubygem-abrt-doc
|
< 0.3.0-4.module_el8.1.0+6018+ce4da579 | almalinux-8.1 | noarch | |
| Affected | pkg:rpm/almalinux/ruby?arch=x86_64&distro=almalinux-8.4 | almalinux |
ruby
|
< 2.6.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
| Affected | pkg:rpm/almalinux/ruby-libs?arch=x86_64&distro=almalinux-8.4 | almalinux |
ruby-libs
|
< 2.6.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
| Affected | pkg:rpm/almalinux/ruby-libs?arch=i686&distro=almalinux-8.4 | almalinux |
ruby-libs
|
< 2.6.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 | |
| Affected | pkg:rpm/almalinux/ruby-doc?arch=noarch&distro=almalinux-8.4 | almalinux |
ruby-doc
|
< 2.6.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | noarch | |
| Affected | pkg:rpm/almalinux/ruby-devel?arch=x86_64&distro=almalinux-8.4 | almalinux |
ruby-devel
|
< 2.6.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | x86_64 | |
| Affected | pkg:rpm/almalinux/ruby-devel?arch=i686&distro=almalinux-8.4 | almalinux |
ruby-devel
|
< 2.6.7-107.module_el8.4.0+2507+bbd85cce | almalinux-8.4 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |