[ELSA-2018-0378] ruby security update
[2.0.0.648-33]
- Fix always passing WEBrick test.
[2.0.0.648-32]
- Add Psych.safe_load
* ruby-2.1.0-there-should-be-only-one-exception.patch
* ruby-2.1.0-Adding-Psych.safe_load.patch
Related: CVE-2017-0903
- Disable Tokyo TZ tests broken by recen tzdata update.
* ruby-2.5.0-Disable-Tokyo-TZ-tests.patch
Related: CVE-2017-0903
[2.0.0.648-31]
- Fix unsafe object deserialization in RubyGems (CVE-2017-0903).
* ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization
-vulnerability.patch
Resolves: CVE-2017-0903
- Fix an ANSI escape sequence vulnerability (CVE-2017-0899).
Resolves: CVE-2017-0899
- Fix a DOS vulernerability in the query command (CVE-2017-0900).
Resolves: CVE-2017-0900
- Fix a vulnerability in the gem installer that allowed a malicious gem
to overwrite arbitrary files (CVE-2017-0901).
Resolves: CVE-2017-0901
- Fix a DNS request hijacking vulnerability (CVE-2017-0902).
* ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch
Resolves: CVE-2017-0902
- Fix buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898).
* ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch
Resolves: CVE-2017-0898
- Escape sequence injection vulnerability in the Basic
authentication of WEBrick (CVE-2017-10784).
* ruby-2.2.8-sanitize-any-type-of-logs.patch
Resolves: CVE-2017-10784
- Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064).
* ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch
Resolves: CVE-2017-14064
- Command injection vulnerability in Net::FTP (CVE-2017-17405).
* ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch
Resolves: CVE-2017-17405
- Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033).
* ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch
Resolves: CVE-2017-14033
- Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code
execution(CVE-2017-17790).
* ruby-2.5.0-Fixed-command-Injection.patch
Resolves: CVE-2017-17790
- ID
- ELSA-2018-0378
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2018-0378.html
- Published
-
2018-02-28T00:00:00
(6 years ago) - Modified
-
2018-02-28T00:00:00
(6 years ago) - Rights
- Copyright 2018 Oracle, Inc.
- Other Advisories
-
- ALAS-2017-906
- ALAS-2017-915
- ALAS-2018-978
- ALAS-2018-983
- ALAS2-2018-983
- ALPINE:CVE-2017-0898
- ALPINE:CVE-2017-0899
- ALPINE:CVE-2017-0900
- ALPINE:CVE-2017-0901
- ALPINE:CVE-2017-0902
- ALPINE:CVE-2017-10784
- ALPINE:CVE-2017-14033
- ALPINE:CVE-2017-14064
- ALPINE:CVE-2017-17405
- DSA-3966-1
- DSA-4031-1
- DSA-4259-1
- FEDORA-2017-20214ad330
- FEDORA-2017-4166994614
- FEDORA-2017-6e6f4f95e6
- FEDORA-2017-81cf93b7c2
- FEDORA-2017-e136d63c99
- FEDORA-2018-0db545e976
- FEDORA-2018-1fffa787e7
- FEDORA-2018-40ed78700c
- FEDORA-2018-75e780a7c2
- FREEBSD:2C8BD00D-ADA2-11E7-82AF-8DBFF7D75206
- FREEBSD:95B01379-9D52-11E7-A25C-471BAFC3262F
- FREEBSD:DD644964-E10E-11E7-8097-0800271D4B9C
- GLSA-201710-01
- GLSA-201710-18
- GLSA-201802-05
- RHSA-2018:0378
- RUBYSEC:OPENSSL-2017-14033
- RUBYSEC:RUBYGEMS-UPDATE-2017-0899
- RUBYSEC:RUBYGEMS-UPDATE-2017-0900
- RUBYSEC:RUBYGEMS-UPDATE-2017-0901
- RUBYSEC:RUBYGEMS-UPDATE-2017-0902
- RUBYSEC:RUBYGEMS-UPDATE-2017-0903
- RUBYSEC:WEBRICK-2017-10784
- SSA:2017-261-03
- SSA:2017-353-01
- SUSE-SU-2020:1570-1
- USN-3439-1
- USN-3515-1
- USN-3528-1
- USN-3553-1
- USN-3685-1
- USN-3685-2
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2018-0378 | http://linux.oracle.com/errata/ELSA-2018-0378.html | |
CVE | CVE-2017-0898 | http://linux.oracle.com/cve/CVE-2017-0898.html | |
CVE | CVE-2017-0899 | http://linux.oracle.com/cve/CVE-2017-0899.html | |
CVE | CVE-2017-10784 | http://linux.oracle.com/cve/CVE-2017-10784.html | |
CVE | CVE-2017-0900 | http://linux.oracle.com/cve/CVE-2017-0900.html | |
CVE | CVE-2017-0901 | http://linux.oracle.com/cve/CVE-2017-0901.html | |
CVE | CVE-2017-0902 | http://linux.oracle.com/cve/CVE-2017-0902.html | |
CVE | CVE-2017-0903 | http://linux.oracle.com/cve/CVE-2017-0903.html | |
CVE | CVE-2017-14033 | http://linux.oracle.com/cve/CVE-2017-14033.html | |
CVE | CVE-2017-14064 | http://linux.oracle.com/cve/CVE-2017-14064.html | |
CVE | CVE-2017-17405 | http://linux.oracle.com/cve/CVE-2017-17405.html | |
CVE | CVE-2017-17790 | http://linux.oracle.com/cve/CVE-2017-17790.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/rubygems?distro=oraclelinux-7.4 | oraclelinux | rubygems | < 2.0.14.1-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/rubygems-devel?distro=oraclelinux-7.4 | oraclelinux | rubygems-devel | < 2.0.14.1-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-rdoc?distro=oraclelinux-7.4 | oraclelinux | rubygem-rdoc | < 4.0.0-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-rake?distro=oraclelinux-7.4 | oraclelinux | rubygem-rake | < 0.9.6-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-psych?distro=oraclelinux-7.4 | oraclelinux | rubygem-psych | < 2.0.0-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-minitest?distro=oraclelinux-7.4 | oraclelinux | rubygem-minitest | < 4.3.2-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-json?distro=oraclelinux-7.4 | oraclelinux | rubygem-json | < 1.7.7-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-io-console?distro=oraclelinux-7.4 | oraclelinux | rubygem-io-console | < 0.4.2-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/rubygem-bigdecimal?distro=oraclelinux-7.4 | oraclelinux | rubygem-bigdecimal | < 1.2.0-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/ruby?distro=oraclelinux-7.4 | oraclelinux | ruby | < 2.0.0.648-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/ruby-tcltk?distro=oraclelinux-7.4 | oraclelinux | ruby-tcltk | < 2.0.0.648-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/ruby-libs?distro=oraclelinux-7.4 | oraclelinux | ruby-libs | < 2.0.0.648-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/ruby-irb?distro=oraclelinux-7.4 | oraclelinux | ruby-irb | < 2.0.0.648-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/ruby-doc?distro=oraclelinux-7.4 | oraclelinux | ruby-doc | < 2.0.0.648-33.el7_4 | oraclelinux-7.4 | ||
Affected | pkg:rpm/oraclelinux/ruby-devel?distro=oraclelinux-7.4 | oraclelinux | ruby-devel | < 2.0.0.648-33.el7_4 | oraclelinux-7.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |