[ALAS2-2024-2534] Amazon Linux 2 2017.12 - ALAS2-2024-2534: medium priority package update for ruby
Severity
Medium
Affected Packages
34
CVEs
1
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2021-31810:
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
- ID
- ALAS2-2024-2534
- Severity
- medium
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2024-2534.html
- Published
-
2024-04-24T22:15:00
(4 months ago) - Modified
-
2024-04-24T22:15:00
(4 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALPINE:CVE-2021-31810
- ALSA-2021:3020
- ALSA-2022:0543
- ALSA-2022:0672
- ASA-202107-23
- ASA-202107-24
- DSA-5066-1
- ELSA-2021-3020
- ELSA-2022-0543
- ELSA-2022-0672
- FEDORA-2021-36cdab1f8d
- FREEBSD:7ED5779C-E4C7-11EB-91D7-08002728F74C
- GLSA-202401-27
- openSUSE-SU-2021:1535-1
- openSUSE-SU-2021:3838-1
- RHSA-2021:3020
- RHSA-2022:0543
- RHSA-2022:0672
- RLSA-2021:3020
- RLSA-2022:0543
- RLSA-2022:0672
- SUSE-SU-2021:3837-1
- SUSE-SU-2021:3838-1
- SUSE-SU-2022:1512-1
- USN-5020-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2021-31810 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/rubygems?arch=noarch&distro=amazonlinux-2 | amazonlinux | rubygems | < 2.0.14.1-36.amzn2.0.9 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/rubygems-devel?arch=noarch&distro=amazonlinux-2 | amazonlinux | rubygems-devel | < 2.0.14.1-36.amzn2.0.9 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/rubygem-rdoc?arch=noarch&distro=amazonlinux-2 | amazonlinux | rubygem-rdoc | < 4.0.0-36.amzn2.0.9 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/rubygem-rake?arch=noarch&distro=amazonlinux-2 | amazonlinux | rubygem-rake | < 0.9.6-36.amzn2.0.9 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=x86_64&distro=amazonlinux-2 | amazonlinux | rubygem-psych | < 2.0.0-36.amzn2.0.9 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=i686&distro=amazonlinux-2 | amazonlinux | rubygem-psych | < 2.0.0-36.amzn2.0.9 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=aarch64&distro=amazonlinux-2 | amazonlinux | rubygem-psych | < 2.0.0-36.amzn2.0.9 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/rubygem-minitest?arch=noarch&distro=amazonlinux-2 | amazonlinux | rubygem-minitest | < 4.3.2-36.amzn2.0.9 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/rubygem-json?arch=x86_64&distro=amazonlinux-2 | amazonlinux | rubygem-json | < 1.7.7-36.amzn2.0.9 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/rubygem-json?arch=i686&distro=amazonlinux-2 | amazonlinux | rubygem-json | < 1.7.7-36.amzn2.0.9 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/rubygem-json?arch=aarch64&distro=amazonlinux-2 | amazonlinux | rubygem-json | < 1.7.7-36.amzn2.0.9 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=x86_64&distro=amazonlinux-2 | amazonlinux | rubygem-io-console | < 0.4.2-36.amzn2.0.9 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=i686&distro=amazonlinux-2 | amazonlinux | rubygem-io-console | < 0.4.2-36.amzn2.0.9 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=aarch64&distro=amazonlinux-2 | amazonlinux | rubygem-io-console | < 0.4.2-36.amzn2.0.9 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=x86_64&distro=amazonlinux-2 | amazonlinux | rubygem-bigdecimal | < 1.2.0-36.amzn2.0.9 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=i686&distro=amazonlinux-2 | amazonlinux | rubygem-bigdecimal | < 1.2.0-36.amzn2.0.9 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=aarch64&distro=amazonlinux-2 | amazonlinux | rubygem-bigdecimal | < 1.2.0-36.amzn2.0.9 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/ruby?arch=x86_64&distro=amazonlinux-2 | amazonlinux | ruby | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby?arch=i686&distro=amazonlinux-2 | amazonlinux | ruby | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby?arch=aarch64&distro=amazonlinux-2 | amazonlinux | ruby | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=x86_64&distro=amazonlinux-2 | amazonlinux | ruby-tcltk | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=i686&distro=amazonlinux-2 | amazonlinux | ruby-tcltk | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=aarch64&distro=amazonlinux-2 | amazonlinux | ruby-tcltk | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/ruby-libs?arch=x86_64&distro=amazonlinux-2 | amazonlinux | ruby-libs | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby-libs?arch=i686&distro=amazonlinux-2 | amazonlinux | ruby-libs | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby-libs?arch=aarch64&distro=amazonlinux-2 | amazonlinux | ruby-libs | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/ruby-irb?arch=noarch&distro=amazonlinux-2 | amazonlinux | ruby-irb | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/ruby-doc?arch=noarch&distro=amazonlinux-2 | amazonlinux | ruby-doc | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/ruby-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | ruby-devel | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby-devel?arch=i686&distro=amazonlinux-2 | amazonlinux | ruby-devel | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | ruby-devel | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | ruby-debuginfo | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=i686&distro=amazonlinux-2 | amazonlinux | ruby-debuginfo | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | ruby-debuginfo | < 2.0.0.648-36.amzn2.0.9 | amazonlinux-2 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |