[ELSA-2019-2028] ruby security update
Severity
Moderate
Affected Packages
15
CVEs
14
[2.0.0.648-36]
- Introduce 'Gem::UserInteraction#verbose' method as precondition to fix
CVE-2019-8321.
* rubygems-2.3.0-refactor-checking-really_verbose.patch
- Fix escape sequence injection vulnerability in verbose.
- Fix escape sequence injection vulnerability in gem owner.
Resolves: CVE-2019-8322
- Fix escape sequence injection vulnerability in API response handling.
Resolves: CVE-2019-8323
- Prohibit arbitrary code execution when installing a malicious gem.
Resolves: CVE-2019-8324
- Fix escape sequence injection vulnerability in errors.
Resolves: CVE-2019-8325
* ruby-2.4.6-Applied-security-patches-for-RubyGems.patch
- ID
- ELSA-2019-2028
- Severity
- moderate
- URL
- https://linux.oracle.com/errata/ELSA-2019-2028.html
- Published
-
2019-08-13T00:00:00
(5 years ago) - Modified
-
2019-08-13T00:00:00
(5 years ago) - Rights
- Copyright 2019 Oracle, Inc.
- Other Advisories
-
- ALAS-2018-1113
- ALAS-2018-983
- ALAS-2020-1416
- ALAS2-2018-983
- ALAS2-2019-1276
- ALPINE:CVE-2017-17742
- ALPINE:CVE-2018-16396
- ALPINE:CVE-2018-6914
- ALPINE:CVE-2018-8777
- ALPINE:CVE-2018-8778
- ALPINE:CVE-2018-8779
- ALPINE:CVE-2018-8780
- DSA-4219-1
- DSA-4259-1
- DSA-4332-1
- FEDORA-2018-190ecd2ef8
- FEDORA-2018-1fffa787e7
- FEDORA-2018-319b9d0f68
- FEDORA-2018-40ed78700c
- FEDORA-2018-6070bcf454
- FEDORA-2018-7be77249d4
- FEDORA-2018-a459acd54b
- FEDORA-2018-dd8162c004
- FREEBSD:AFC60484-0652-440E-B01A-5EF814747F06
- FREEBSD:EB69BCF2-18EF-4AA2-BB0C-83B263364089
- MAVEN:GHSA-74PV-V9GH-H25P
- MAVEN:GHSA-87QX-G5WG-MWMJ
- MAVEN:GHSA-8QXG-MFF5-J3WC
- MAVEN:GHSA-GV86-43RV-79M2
- MAVEN:GHSA-GX69-6CP4-HXRJ
- MAVEN:GHSA-MC6J-H948-V2P6
- MAVEN:GHSA-QJ2W-MW2R-PV39
- openSUSE-SU-2019:1771-1
- RHSA-2019:2028
- RUBYSEC:RUBYGEMS-UPDATE-2018-1000073
- RUBYSEC:RUBYGEMS-UPDATE-2018-1000074
- RUBYSEC:RUBYGEMS-UPDATE-2018-1000075
- RUBYSEC:RUBYGEMS-UPDATE-2018-1000076
- RUBYSEC:RUBYGEMS-UPDATE-2018-1000077
- RUBYSEC:RUBYGEMS-UPDATE-2018-1000078
- RUBYSEC:RUBYGEMS-UPDATE-2018-1000079
- RUBYSEC:TMPDIR-2021-28966
- SSA:2018-088-01
- SUSE-SU-2019:1804-1
- SUSE-SU-2020:1570-1
- USN-3621-1
- USN-3621-2
- USN-3626-1
- USN-3685-1
- USN-3808-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/rubygems?distro=oraclelinux-7 | oraclelinux | rubygems | < 2.0.14.1-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/rubygems-devel?distro=oraclelinux-7 | oraclelinux | rubygems-devel | < 2.0.14.1-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/rubygem-rdoc?distro=oraclelinux-7 | oraclelinux | rubygem-rdoc | < 4.0.0-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/rubygem-rake?distro=oraclelinux-7 | oraclelinux | rubygem-rake | < 0.9.6-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/rubygem-psych?distro=oraclelinux-7 | oraclelinux | rubygem-psych | < 2.0.0-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/rubygem-minitest?distro=oraclelinux-7 | oraclelinux | rubygem-minitest | < 4.3.2-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/rubygem-json?distro=oraclelinux-7 | oraclelinux | rubygem-json | < 1.7.7-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/rubygem-io-console?distro=oraclelinux-7 | oraclelinux | rubygem-io-console | < 0.4.2-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/rubygem-bigdecimal?distro=oraclelinux-7 | oraclelinux | rubygem-bigdecimal | < 1.2.0-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/ruby?distro=oraclelinux-7 | oraclelinux | ruby | < 2.0.0.648-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/ruby-tcltk?distro=oraclelinux-7 | oraclelinux | ruby-tcltk | < 2.0.0.648-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/ruby-libs?distro=oraclelinux-7 | oraclelinux | ruby-libs | < 2.0.0.648-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/ruby-irb?distro=oraclelinux-7 | oraclelinux | ruby-irb | < 2.0.0.648-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/ruby-doc?distro=oraclelinux-7 | oraclelinux | ruby-doc | < 2.0.0.648-36.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/ruby-devel?distro=oraclelinux-7 | oraclelinux | ruby-devel | < 2.0.0.648-36.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |