[ELSA-2022-5779] ruby:2.5 security update
Severity
Moderate
Affected Packages
32
CVEs
2
ruby
[2.5.9-110]
- Fix FTBFS due to an incompatible load directive.
- Fix a fiddle import test on an optimized glibc on Power 9.
- Fix by adding length limit option for methods that parses date strings.
Resolves: CVE-2021-41817
- CGI::Cookie.parse no longer decodes cookie names to prevent spoofing security
prefixes in cookie names.
Resolves: CVE-2021-41819
- ID
- ELSA-2022-5779
- Severity
- moderate
- URL
- https://linux.oracle.com/errata/ELSA-2022-5779.html
- Published
-
2022-08-03T00:00:00
(2 years ago) - Modified
-
2022-08-03T00:00:00
(2 years ago) - Rights
- Copyright 2022 Oracle, Inc.
- Other Advisories
-
-
ALAS2-2023-2345
-
ALAS2-2024-2486
-
ALPINE:CVE-2021-41817
-
ALPINE:CVE-2021-41819
-
ALSA-2022:0543
-
ALSA-2022:5779
-
ALSA-2022:6447
-
ALSA-2022:6450
-
DSA-5066-1
-
DSA-5067-1
-
ELSA-2022-0543
-
ELSA-2022-6447
-
ELSA-2022-6450
-
FEDORA-2022-82a9edac27
-
FEDORA-2022-8cf0124add
-
FREEBSD:4548EC97-4D38-11EC-A539-0800270512F4
-
FREEBSD:6916EA94-4628-11EC-BBE2-0800270512F4
-
GLSA-202401-27
-
MS:CVE-2021-41817
-
MS:CVE-2021-41819
-
RHSA-2022:0543
-
RHSA-2022:5779
-
RHSA-2022:6447
-
RHSA-2022:6450
-
RLSA-2022:0543
-
RLSA-2022:5779
-
RLSA-2022:6447
-
RLSA-2022:6450
-
RUBYSEC:CGI-2021-41819
-
RUBYSEC:DATE-2021-41817
-
SUSE-SU-2022:1512-1
-
SUSE-SU-2022:3292-1
-
SUSE-SU-2023:4176-1
-
USN-5235-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2022-5779 |
|
|
| CVE | CVE-2021-41817 |
|
|
| CVE | CVE-2021-41819 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/rubygems?distro=oraclelinux-8.6 | oraclelinux |
 rubygems
|
< 2.7.6.3-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygems-devel?distro=oraclelinux-8.6 | oraclelinux |
rubygems-devel
|
< 2.7.6.3-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-xmlrpc?distro=oraclelinux-8.6 | oraclelinux |
rubygem-xmlrpc
|
< 0.3.0-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-test-unit?distro=oraclelinux-8.6 | oraclelinux |
rubygem-test-unit
|
< 3.2.7-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-rdoc?distro=oraclelinux-8.6 | oraclelinux |
rubygem-rdoc
|
< 6.0.1.1-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-rake?distro=oraclelinux-8.6 | oraclelinux |
rubygem-rake
|
< 12.3.3-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-psych?distro=oraclelinux-8.6 | oraclelinux |
rubygem-psych
|
< 3.0.2-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-power_assert?distro=oraclelinux-8.6 | oraclelinux |
rubygem-power_assert
|
< 1.1.1-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-pg?distro=oraclelinux-8.3 | oraclelinux |
rubygem-pg
|
< 1.0.0-2.module+el8.3.0+7756+e45777e9 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-pg-doc?distro=oraclelinux-8.3 | oraclelinux |
rubygem-pg-doc
|
< 1.0.0-2.module+el8.3.0+7756+e45777e9 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-openssl?distro=oraclelinux-8.6 | oraclelinux |
rubygem-openssl
|
< 2.1.2-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-net-telnet?distro=oraclelinux-8.6 | oraclelinux |
rubygem-net-telnet
|
< 0.1.1-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-mysql2?distro=oraclelinux-8.3 | oraclelinux |
rubygem-mysql2
|
< 0.4.10-4.module+el8.3.0+7756+e45777e9 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-mysql2-doc?distro=oraclelinux-8.3 | oraclelinux |
rubygem-mysql2-doc
|
< 0.4.10-4.module+el8.3.0+7756+e45777e9 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-mongo?distro=oraclelinux-8.3 | oraclelinux |
rubygem-mongo
|
< 2.5.1-2.module+el8.3.0+7756+e45777e9 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-mongo-doc?distro=oraclelinux-8.3 | oraclelinux |
rubygem-mongo-doc
|
< 2.5.1-2.module+el8.3.0+7756+e45777e9 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-minitest?distro=oraclelinux-8.6 | oraclelinux |
rubygem-minitest
|
< 5.10.3-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-json?distro=oraclelinux-8.6 | oraclelinux |
rubygem-json
|
< 2.1.0-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-io-console?distro=oraclelinux-8.6 | oraclelinux |
rubygem-io-console
|
< 0.4.6-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-did_you_mean?distro=oraclelinux-8.6 | oraclelinux |
rubygem-did_you_mean
|
< 1.2.0-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-bundler?distro=oraclelinux-8.6 | oraclelinux |
rubygem-bundler
|
< 1.16.1-4.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-bundler-doc?distro=oraclelinux-8.6 | oraclelinux |
rubygem-bundler-doc
|
< 1.16.1-4.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-bson?distro=oraclelinux-8.3 | oraclelinux |
rubygem-bson
|
< 4.3.0-2.module+el8.3.0+7756+e45777e9 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-bson-doc?distro=oraclelinux-8.3 | oraclelinux |
rubygem-bson-doc
|
< 4.3.0-2.module+el8.3.0+7756+e45777e9 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-bigdecimal?distro=oraclelinux-8.6 | oraclelinux |
rubygem-bigdecimal
|
< 1.3.4-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-abrt?distro=oraclelinux-8.3 | oraclelinux |
rubygem-abrt
|
< 0.3.0-4.module+el8.3.0+7756+e45777e9 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/rubygem-abrt-doc?distro=oraclelinux-8.3 | oraclelinux |
rubygem-abrt-doc
|
< 0.3.0-4.module+el8.3.0+7756+e45777e9 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/ruby?distro=oraclelinux-8.6 | oraclelinux |
ruby
|
< 2.5.9-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/ruby-libs?distro=oraclelinux-8.6 | oraclelinux |
ruby-libs
|
< 2.5.9-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/ruby-irb?distro=oraclelinux-8.6 | oraclelinux |
ruby-irb
|
< 2.5.9-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/ruby-doc?distro=oraclelinux-8.6 | oraclelinux |
ruby-doc
|
< 2.5.9-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 | ||
| Affected | pkg:rpm/oraclelinux/ruby-devel?distro=oraclelinux-8.6 | oraclelinux |
ruby-devel
|
< 2.5.9-110.module+el8.6.0+20712+84e27c2d | oraclelinux-8.6 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |