[ELSA-2018-0378] ruby security update
[2.0.0.648-33]
- Fix always passing WEBrick test.
[2.0.0.648-32]
- Add Psych.safe_load
* ruby-2.1.0-there-should-be-only-one-exception.patch
* ruby-2.1.0-Adding-Psych.safe_load.patch
Related: CVE-2017-0903
- Disable Tokyo TZ tests broken by recen tzdata update.
* ruby-2.5.0-Disable-Tokyo-TZ-tests.patch
Related: CVE-2017-0903
[2.0.0.648-31]
- Fix unsafe object deserialization in RubyGems (CVE-2017-0903).
* ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization
-vulnerability.patch
Resolves: CVE-2017-0903
- Fix an ANSI escape sequence vulnerability (CVE-2017-0899).
Resolves: CVE-2017-0899
- Fix a DOS vulernerability in the query command (CVE-2017-0900).
Resolves: CVE-2017-0900
- Fix a vulnerability in the gem installer that allowed a malicious gem
to overwrite arbitrary files (CVE-2017-0901).
Resolves: CVE-2017-0901
- Fix a DNS request hijacking vulnerability (CVE-2017-0902).
* ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch
Resolves: CVE-2017-0902
- Fix buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898).
* ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch
Resolves: CVE-2017-0898
- Escape sequence injection vulnerability in the Basic
authentication of WEBrick (CVE-2017-10784).
* ruby-2.2.8-sanitize-any-type-of-logs.patch
Resolves: CVE-2017-10784
- Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064).
* ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch
Resolves: CVE-2017-14064
- Command injection vulnerability in Net::FTP (CVE-2017-17405).
* ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch
Resolves: CVE-2017-17405
- Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033).
* ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch
Resolves: CVE-2017-14033
- Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code
execution(CVE-2017-17790).
* ruby-2.5.0-Fixed-command-Injection.patch
Resolves: CVE-2017-17790
- ID
- ELSA-2018-0378
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2018-0378.html
- Published
-
2018-02-28T00:00:00
(6 years ago) - Modified
-
2018-02-28T00:00:00
(6 years ago) - Rights
- Copyright 2018 Oracle, Inc.
- Other Advisories
-
-
ALAS-2017-906
-
ALAS-2017-915
-
ALAS-2018-978
-
ALAS-2018-983
-
ALAS2-2018-983
-
ALPINE:CVE-2017-0898
-
ALPINE:CVE-2017-0899
-
ALPINE:CVE-2017-0900
-
ALPINE:CVE-2017-0901
-
ALPINE:CVE-2017-0902
-
ALPINE:CVE-2017-10784
-
ALPINE:CVE-2017-14033
-
ALPINE:CVE-2017-14064
-
ALPINE:CVE-2017-17405
-
DSA-3966-1
-
DSA-4031-1
-
DSA-4259-1
-
FEDORA-2017-20214ad330
-
FEDORA-2017-4166994614
-
FEDORA-2017-6e6f4f95e6
-
FEDORA-2017-81cf93b7c2
-
FEDORA-2017-e136d63c99
-
FEDORA-2018-0db545e976
-
FEDORA-2018-1fffa787e7
-
FEDORA-2018-40ed78700c
-
FEDORA-2018-75e780a7c2
-
FREEBSD:2C8BD00D-ADA2-11E7-82AF-8DBFF7D75206
-
FREEBSD:95B01379-9D52-11E7-A25C-471BAFC3262F
-
FREEBSD:DD644964-E10E-11E7-8097-0800271D4B9C
-
GLSA-201710-01
-
GLSA-201710-18
-
GLSA-201802-05
-
RHSA-2018:0378
-
RUBYSEC:OPENSSL-2017-14033
-
RUBYSEC:RUBYGEMS-UPDATE-2017-0899
-
RUBYSEC:RUBYGEMS-UPDATE-2017-0900
-
RUBYSEC:RUBYGEMS-UPDATE-2017-0901
-
RUBYSEC:RUBYGEMS-UPDATE-2017-0902
-
RUBYSEC:RUBYGEMS-UPDATE-2017-0903
-
RUBYSEC:WEBRICK-2017-10784
-
SSA:2017-261-03
-
SSA:2017-353-01
-
SUSE-SU-2020:1570-1
-
USN-3439-1
-
USN-3515-1
-
USN-3528-1
-
USN-3553-1
-
USN-3685-1
-
USN-3685-2
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2018-0378 |
|
|
| CVE | CVE-2017-0898 |
|
|
| CVE | CVE-2017-0899 |
|
|
| CVE | CVE-2017-10784 |
|
|
| CVE | CVE-2017-0900 |
|
|
| CVE | CVE-2017-0901 |
|
|
| CVE | CVE-2017-0902 |
|
|
| CVE | CVE-2017-0903 |
|
|
| CVE | CVE-2017-14033 |
|
|
| CVE | CVE-2017-14064 |
|
|
| CVE | CVE-2017-17405 |
|
|
| CVE | CVE-2017-17790 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/rubygems?distro=oraclelinux-7.4 | oraclelinux |
 rubygems
|
< 2.0.14.1-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/rubygems-devel?distro=oraclelinux-7.4 | oraclelinux |
rubygems-devel
|
< 2.0.14.1-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-rdoc?distro=oraclelinux-7.4 | oraclelinux |
rubygem-rdoc
|
< 4.0.0-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-rake?distro=oraclelinux-7.4 | oraclelinux |
rubygem-rake
|
< 0.9.6-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-psych?distro=oraclelinux-7.4 | oraclelinux |
rubygem-psych
|
< 2.0.0-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-minitest?distro=oraclelinux-7.4 | oraclelinux |
rubygem-minitest
|
< 4.3.2-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-json?distro=oraclelinux-7.4 | oraclelinux |
rubygem-json
|
< 1.7.7-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-io-console?distro=oraclelinux-7.4 | oraclelinux |
rubygem-io-console
|
< 0.4.2-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-bigdecimal?distro=oraclelinux-7.4 | oraclelinux |
rubygem-bigdecimal
|
< 1.2.0-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/ruby?distro=oraclelinux-7.4 | oraclelinux |
ruby
|
< 2.0.0.648-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/ruby-tcltk?distro=oraclelinux-7.4 | oraclelinux |
ruby-tcltk
|
< 2.0.0.648-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/ruby-libs?distro=oraclelinux-7.4 | oraclelinux |
ruby-libs
|
< 2.0.0.648-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/ruby-irb?distro=oraclelinux-7.4 | oraclelinux |
ruby-irb
|
< 2.0.0.648-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/ruby-doc?distro=oraclelinux-7.4 | oraclelinux |
ruby-doc
|
< 2.0.0.648-33.el7_4 | oraclelinux-7.4 | ||
| Affected | pkg:rpm/oraclelinux/ruby-devel?distro=oraclelinux-7.4 | oraclelinux |
ruby-devel
|
< 2.0.0.648-33.el7_4 | oraclelinux-7.4 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |