[ELSA-2019-2028] ruby security update
Severity
Moderate
Affected Packages
15
CVEs
14
[2.0.0.648-36]
- Introduce 'Gem::UserInteraction#verbose' method as precondition to fix
CVE-2019-8321.
* rubygems-2.3.0-refactor-checking-really_verbose.patch
- Fix escape sequence injection vulnerability in verbose.
- Fix escape sequence injection vulnerability in gem owner.
Resolves: CVE-2019-8322
- Fix escape sequence injection vulnerability in API response handling.
Resolves: CVE-2019-8323
- Prohibit arbitrary code execution when installing a malicious gem.
Resolves: CVE-2019-8324
- Fix escape sequence injection vulnerability in errors.
Resolves: CVE-2019-8325
* ruby-2.4.6-Applied-security-patches-for-RubyGems.patch
- ID
- ELSA-2019-2028
- Severity
- moderate
- URL
- https://linux.oracle.com/errata/ELSA-2019-2028.html
- Published
-
2019-08-13T00:00:00
(5 years ago) - Modified
-
2019-08-13T00:00:00
(5 years ago) - Rights
- Copyright 2019 Oracle, Inc.
- Other Advisories
-
-
ALAS-2018-1113
-
ALAS-2018-983
-
ALAS-2020-1416
-
ALAS2-2018-983
-
ALAS2-2019-1276
-
ALPINE:CVE-2017-17742
-
ALPINE:CVE-2018-16396
-
ALPINE:CVE-2018-6914
-
ALPINE:CVE-2018-8777
-
ALPINE:CVE-2018-8778
-
ALPINE:CVE-2018-8779
-
ALPINE:CVE-2018-8780
-
DSA-4219-1
-
DSA-4259-1
-
DSA-4332-1
-
FEDORA-2018-190ecd2ef8
-
FEDORA-2018-1fffa787e7
-
FEDORA-2018-319b9d0f68
-
FEDORA-2018-40ed78700c
-
FEDORA-2018-6070bcf454
-
FEDORA-2018-7be77249d4
-
FEDORA-2018-a459acd54b
-
FEDORA-2018-dd8162c004
-
FREEBSD:AFC60484-0652-440E-B01A-5EF814747F06
-
FREEBSD:EB69BCF2-18EF-4AA2-BB0C-83B263364089
-
MAVEN:GHSA-74PV-V9GH-H25P
-
MAVEN:GHSA-87QX-G5WG-MWMJ
-
MAVEN:GHSA-8QXG-MFF5-J3WC
-
MAVEN:GHSA-GV86-43RV-79M2
-
MAVEN:GHSA-GX69-6CP4-HXRJ
-
MAVEN:GHSA-MC6J-H948-V2P6
-
MAVEN:GHSA-QJ2W-MW2R-PV39
-
openSUSE-SU-2019:1771-1
-
RHSA-2019:2028
-
RUBYSEC:RUBYGEMS-UPDATE-2018-1000073
-
RUBYSEC:RUBYGEMS-UPDATE-2018-1000074
-
RUBYSEC:RUBYGEMS-UPDATE-2018-1000075
-
RUBYSEC:RUBYGEMS-UPDATE-2018-1000076
-
RUBYSEC:RUBYGEMS-UPDATE-2018-1000077
-
RUBYSEC:RUBYGEMS-UPDATE-2018-1000078
-
RUBYSEC:RUBYGEMS-UPDATE-2018-1000079
-
RUBYSEC:TMPDIR-2021-28966
-
SSA:2018-088-01
-
SUSE-SU-2019:1804-1
-
SUSE-SU-2020:1570-1
-
USN-3621-1
-
USN-3621-2
-
USN-3626-1
-
USN-3685-1
-
USN-3808-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/rubygems?distro=oraclelinux-7 | oraclelinux |
 rubygems
|
< 2.0.14.1-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/rubygems-devel?distro=oraclelinux-7 | oraclelinux |
rubygems-devel
|
< 2.0.14.1-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-rdoc?distro=oraclelinux-7 | oraclelinux |
rubygem-rdoc
|
< 4.0.0-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-rake?distro=oraclelinux-7 | oraclelinux |
rubygem-rake
|
< 0.9.6-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-psych?distro=oraclelinux-7 | oraclelinux |
rubygem-psych
|
< 2.0.0-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-minitest?distro=oraclelinux-7 | oraclelinux |
rubygem-minitest
|
< 4.3.2-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-json?distro=oraclelinux-7 | oraclelinux |
rubygem-json
|
< 1.7.7-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-io-console?distro=oraclelinux-7 | oraclelinux |
rubygem-io-console
|
< 0.4.2-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-bigdecimal?distro=oraclelinux-7 | oraclelinux |
rubygem-bigdecimal
|
< 1.2.0-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/ruby?distro=oraclelinux-7 | oraclelinux |
ruby
|
< 2.0.0.648-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/ruby-tcltk?distro=oraclelinux-7 | oraclelinux |
ruby-tcltk
|
< 2.0.0.648-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/ruby-libs?distro=oraclelinux-7 | oraclelinux |
ruby-libs
|
< 2.0.0.648-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/ruby-irb?distro=oraclelinux-7 | oraclelinux |
ruby-irb
|
< 2.0.0.648-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/ruby-doc?distro=oraclelinux-7 | oraclelinux |
ruby-doc
|
< 2.0.0.648-36.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/ruby-devel?distro=oraclelinux-7 | oraclelinux |
ruby-devel
|
< 2.0.0.648-36.el7 | oraclelinux-7 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |