[ALAS2-2024-2503] Amazon Linux 2 2017.12 - ALAS2-2024-2503: important priority package update for ruby
Severity
Important
Affected Packages
34
CVEs
1
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2021-33621:
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
- ID
- ALAS2-2024-2503
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2024-2503.html
- Published
-
2024-03-13T20:26:00
(5 months ago) - Modified
-
2024-03-13T20:26:00
(5 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALPINE:CVE-2021-33621
-
ALSA-2023:3821
-
ALSA-2023:7025
-
ALSA-2024:1431
-
ALSA-2024:1576
-
ALSA-2024:3500
-
ALSA-2024:3838
-
ELSA-2023-3821
-
ELSA-2023-7025
-
ELSA-2024-1431
-
ELSA-2024-1576
-
ELSA-2024-3500
-
ELSA-2024-3838
-
FEDORA-2022-b9b710f199
-
FEDORA-2022-ef96a58bbe
-
FEDORA-2022-f0f6c6bec2
-
FREEBSD:84AB03B6-6C20-11ED-B519-080027F5FEC9
-
GLSA-202401-27
-
RHSA-2023:3821
-
RHSA-2023:7025
-
RHSA-2024:1431
-
RHSA-2024:1576
-
RHSA-2024:3500
-
RHSA-2024:3838
-
RUBYSEC:CGI-2021-33621
-
SSA:2022-328-01
-
SUSE-SU-2023:4176-1
-
USN-5806-1
-
USN-5806-2
-
USN-5806-3
-
USN-6181-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2021-33621 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/rubygems?arch=noarch&distro=amazonlinux-2 | amazonlinux |
 rubygems
|
< 2.0.14.1-36.amzn2.0.8 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygems-devel?arch=noarch&distro=amazonlinux-2 | amazonlinux |
rubygems-devel
|
< 2.0.14.1-36.amzn2.0.8 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem-rdoc?arch=noarch&distro=amazonlinux-2 | amazonlinux |
rubygem-rdoc
|
< 4.0.0-36.amzn2.0.8 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem-rake?arch=noarch&distro=amazonlinux-2 | amazonlinux |
rubygem-rake
|
< 0.9.6-36.amzn2.0.8 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
rubygem-psych
|
< 2.0.0-36.amzn2.0.8 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=i686&distro=amazonlinux-2 | amazonlinux |
rubygem-psych
|
< 2.0.0-36.amzn2.0.8 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
rubygem-psych
|
< 2.0.0-36.amzn2.0.8 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-minitest?arch=noarch&distro=amazonlinux-2 | amazonlinux |
rubygem-minitest
|
< 4.3.2-36.amzn2.0.8 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem-json?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
rubygem-json
|
< 1.7.7-36.amzn2.0.8 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-json?arch=i686&distro=amazonlinux-2 | amazonlinux |
rubygem-json
|
< 1.7.7-36.amzn2.0.8 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem-json?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
rubygem-json
|
< 1.7.7-36.amzn2.0.8 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
rubygem-io-console
|
< 0.4.2-36.amzn2.0.8 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=i686&distro=amazonlinux-2 | amazonlinux |
rubygem-io-console
|
< 0.4.2-36.amzn2.0.8 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
rubygem-io-console
|
< 0.4.2-36.amzn2.0.8 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
rubygem-bigdecimal
|
< 1.2.0-36.amzn2.0.8 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=i686&distro=amazonlinux-2 | amazonlinux |
rubygem-bigdecimal
|
< 1.2.0-36.amzn2.0.8 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
rubygem-bigdecimal
|
< 1.2.0-36.amzn2.0.8 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby-tcltk
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby-tcltk
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby-tcltk
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby-libs?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby-libs
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby-libs?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby-libs
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby-libs?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby-libs
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby-irb?arch=noarch&distro=amazonlinux-2 | amazonlinux |
ruby-irb
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/ruby-doc?arch=noarch&distro=amazonlinux-2 | amazonlinux |
ruby-doc
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/ruby-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby-devel
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby-devel?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby-devel
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby-devel
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby-debuginfo
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby-debuginfo
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby-debuginfo
|
< 2.0.0.648-36.amzn2.0.8 | amazonlinux-2 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |