[FEDORA-2017-81cf93b7c2] Fedora 27: rubygems
Severity
Critical
Affected Packages
1
CVEs
4
Update to RubyGems 2.6.13.
Package | Affected Version |
---|---|
pkg:rpm/fedora/rubygems?distro=fedora-27 | < 2.6.13.100.fc27 |
- ID
- FEDORA-2017-81cf93b7c2
- Severity
- critical
- Severity from
- CVE-2017-0899
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2017-81cf93b7c2
- Published
-
2017-09-30T07:26:40
(7 years ago) - Modified
-
2017-09-30T07:26:40
(7 years ago) - Rights
- Copyright 2017 Red Hat, Inc.
- Other Advisories
-
- ALAS-2017-906
- ALAS-2017-915
- ALPINE:CVE-2017-0899
- ALPINE:CVE-2017-0900
- ALPINE:CVE-2017-0901
- ALPINE:CVE-2017-0902
- DSA-3966-1
- ELSA-2018-0378
- FEDORA-2017-20214ad330
- FEDORA-2017-e136d63c99
- GLSA-201710-01
- RHSA-2018:0378
- RUBYSEC:RUBYGEMS-UPDATE-2017-0899
- RUBYSEC:RUBYGEMS-UPDATE-2017-0900
- RUBYSEC:RUBYGEMS-UPDATE-2017-0901
- RUBYSEC:RUBYGEMS-UPDATE-2017-0902
- SSA:2017-261-03
- SUSE-SU-2020:1570-1
- USN-3439-1
- USN-3553-1
- USN-3685-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1487590 | Bug #1487590 - CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec | https://bugzilla.redhat.com/show_bug.cgi?id=1487590 |
Bugzilla | 1487587 | Bug #1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name | https://bugzilla.redhat.com/show_bug.cgi?id=1487587 |
Bugzilla | 1487589 | Bug #1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability | https://bugzilla.redhat.com/show_bug.cgi?id=1487589 |
Bugzilla | 1487588 | Bug #1487588 - CVE-2017-0900 rubygems: No size limit in summary length of gem spec | https://bugzilla.redhat.com/show_bug.cgi?id=1487588 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/rubygems?distro=fedora-27 | fedora | rubygems | < 2.6.13.100.fc27 | fedora-27 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |