[RHSA-2019:1235] ruby security update
Severity
Important
Affected Packages
50
CVEs
5
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324)
rubygems: Escape sequence injection vulnerability in gem owner (CVE-2019-8322)
rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323)
rubygems: Escape sequence injection vulnerability in errors (CVE-2019-8325)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- ID
- RHSA-2019:1235
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2019:1235
- Published
-
2019-05-15T00:00:00
(5 years ago) - Modified
-
2019-05-15T00:00:00
(5 years ago) - Rights
- Copyright 2019 Red Hat, Inc.
- Other Advisories
-
- ALAS-2019-1255
- ALAS2-2019-1249
- ALBA-2019:3384
- ALPINE:CVE-2019-8321
- ALPINE:CVE-2019-8322
- ALPINE:CVE-2019-8323
- ALPINE:CVE-2019-8324
- ALPINE:CVE-2019-8325
- ALSA-2019:1972
- DSA-4433-1
- ELSA-2019-1235
- ELSA-2019-1972
- FEDORA-2019-a155364f3c
- FEDORA-2019-feac6674b7
- FREEBSD:27B12D04-4722-11E9-8B7C-B5E01141761F
- openSUSE-SU-2019:1771-1
- RHBA-2019:3384
- RHSA-2019:1972
- RLBA-2019:3384
- RLSA-2019:1972
- RUBYSEC:RUBYGEMS-UPDATE-2019-8321
- RUBYSEC:RUBYGEMS-UPDATE-2019-8322
- RUBYSEC:RUBYGEMS-UPDATE-2019-8323
- RUBYSEC:RUBYGEMS-UPDATE-2019-8324
- RUBYSEC:RUBYGEMS-UPDATE-2019-8325
- SUSE-SU-2019:1804-1
- SUSE-SU-2020:1570-1
- USN-3945-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1692514 | https://bugzilla.redhat.com/1692514 | |
Bugzilla | 1692516 | https://bugzilla.redhat.com/1692516 | |
Bugzilla | 1692519 | https://bugzilla.redhat.com/1692519 | |
Bugzilla | 1692520 | https://bugzilla.redhat.com/1692520 | |
Bugzilla | 1692522 | https://bugzilla.redhat.com/1692522 | |
RHSA | RHSA-2019:1235 | https://access.redhat.com/errata/RHSA-2019:1235 | |
CVE | CVE-2019-8321 | https://access.redhat.com/security/cve/CVE-2019-8321 | |
CVE | CVE-2019-8322 | https://access.redhat.com/security/cve/CVE-2019-8322 | |
CVE | CVE-2019-8323 | https://access.redhat.com/security/cve/CVE-2019-8323 | |
CVE | CVE-2019-8324 | https://access.redhat.com/security/cve/CVE-2019-8324 | |
CVE | CVE-2019-8325 | https://access.redhat.com/security/cve/CVE-2019-8325 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/rubygems?distro=redhat-7.6 | redhat | rubygems | < 2.0.14.1-35.el7_6 | redhat-7.6 | ||
Affected | pkg:rpm/redhat/rubygems-devel?distro=redhat-7.6 | redhat | rubygems-devel | < 2.0.14.1-35.el7_6 | redhat-7.6 | ||
Affected | pkg:rpm/redhat/rubygem-rdoc?distro=redhat-7.6 | redhat | rubygem-rdoc | < 4.0.0-35.el7_6 | redhat-7.6 | ||
Affected | pkg:rpm/redhat/rubygem-rake?distro=redhat-7.6 | redhat | rubygem-rake | < 0.9.6-35.el7_6 | redhat-7.6 | ||
Affected | pkg:rpm/redhat/rubygem-psych?arch=x86_64&distro=redhat-7.6 | redhat | rubygem-psych | < 2.0.0-35.el7_6 | redhat-7.6 | x86_64 | |
Affected | pkg:rpm/redhat/rubygem-psych?arch=s390x&distro=redhat-7.6 | redhat | rubygem-psych | < 2.0.0-35.el7_6 | redhat-7.6 | s390x | |
Affected | pkg:rpm/redhat/rubygem-psych?arch=ppc64le&distro=redhat-7.6 | redhat | rubygem-psych | < 2.0.0-35.el7_6 | redhat-7.6 | ppc64le | |
Affected | pkg:rpm/redhat/rubygem-psych?arch=ppc64&distro=redhat-7.6 | redhat | rubygem-psych | < 2.0.0-35.el7_6 | redhat-7.6 | ppc64 | |
Affected | pkg:rpm/redhat/rubygem-psych?arch=aarch64&distro=redhat-7.6 | redhat | rubygem-psych | < 2.0.0-35.el7_6 | redhat-7.6 | aarch64 | |
Affected | pkg:rpm/redhat/rubygem-minitest?distro=redhat-7.6 | redhat | rubygem-minitest | < 4.3.2-35.el7_6 | redhat-7.6 | ||
Affected | pkg:rpm/redhat/rubygem-json?arch=x86_64&distro=redhat-7.6 | redhat | rubygem-json | < 1.7.7-35.el7_6 | redhat-7.6 | x86_64 | |
Affected | pkg:rpm/redhat/rubygem-json?arch=s390x&distro=redhat-7.6 | redhat | rubygem-json | < 1.7.7-35.el7_6 | redhat-7.6 | s390x | |
Affected | pkg:rpm/redhat/rubygem-json?arch=ppc64le&distro=redhat-7.6 | redhat | rubygem-json | < 1.7.7-35.el7_6 | redhat-7.6 | ppc64le | |
Affected | pkg:rpm/redhat/rubygem-json?arch=ppc64&distro=redhat-7.6 | redhat | rubygem-json | < 1.7.7-35.el7_6 | redhat-7.6 | ppc64 | |
Affected | pkg:rpm/redhat/rubygem-json?arch=aarch64&distro=redhat-7.6 | redhat | rubygem-json | < 1.7.7-35.el7_6 | redhat-7.6 | aarch64 | |
Affected | pkg:rpm/redhat/rubygem-io-console?arch=x86_64&distro=redhat-7.6 | redhat | rubygem-io-console | < 0.4.2-35.el7_6 | redhat-7.6 | x86_64 | |
Affected | pkg:rpm/redhat/rubygem-io-console?arch=s390x&distro=redhat-7.6 | redhat | rubygem-io-console | < 0.4.2-35.el7_6 | redhat-7.6 | s390x | |
Affected | pkg:rpm/redhat/rubygem-io-console?arch=ppc64le&distro=redhat-7.6 | redhat | rubygem-io-console | < 0.4.2-35.el7_6 | redhat-7.6 | ppc64le | |
Affected | pkg:rpm/redhat/rubygem-io-console?arch=ppc64&distro=redhat-7.6 | redhat | rubygem-io-console | < 0.4.2-35.el7_6 | redhat-7.6 | ppc64 | |
Affected | pkg:rpm/redhat/rubygem-io-console?arch=aarch64&distro=redhat-7.6 | redhat | rubygem-io-console | < 0.4.2-35.el7_6 | redhat-7.6 | aarch64 | |
Affected | pkg:rpm/redhat/rubygem-bigdecimal?arch=x86_64&distro=redhat-7.6 | redhat | rubygem-bigdecimal | < 1.2.0-35.el7_6 | redhat-7.6 | x86_64 | |
Affected | pkg:rpm/redhat/rubygem-bigdecimal?arch=s390x&distro=redhat-7.6 | redhat | rubygem-bigdecimal | < 1.2.0-35.el7_6 | redhat-7.6 | s390x | |
Affected | pkg:rpm/redhat/rubygem-bigdecimal?arch=ppc64le&distro=redhat-7.6 | redhat | rubygem-bigdecimal | < 1.2.0-35.el7_6 | redhat-7.6 | ppc64le | |
Affected | pkg:rpm/redhat/rubygem-bigdecimal?arch=ppc64&distro=redhat-7.6 | redhat | rubygem-bigdecimal | < 1.2.0-35.el7_6 | redhat-7.6 | ppc64 | |
Affected | pkg:rpm/redhat/rubygem-bigdecimal?arch=aarch64&distro=redhat-7.6 | redhat | rubygem-bigdecimal | < 1.2.0-35.el7_6 | redhat-7.6 | aarch64 | |
Affected | pkg:rpm/redhat/ruby?arch=x86_64&distro=redhat-7.6 | redhat | ruby | < 2.0.0.648-35.el7_6 | redhat-7.6 | x86_64 | |
Affected | pkg:rpm/redhat/ruby?arch=s390x&distro=redhat-7.6 | redhat | ruby | < 2.0.0.648-35.el7_6 | redhat-7.6 | s390x | |
Affected | pkg:rpm/redhat/ruby?arch=ppc64le&distro=redhat-7.6 | redhat | ruby | < 2.0.0.648-35.el7_6 | redhat-7.6 | ppc64le | |
Affected | pkg:rpm/redhat/ruby?arch=ppc64&distro=redhat-7.6 | redhat | ruby | < 2.0.0.648-35.el7_6 | redhat-7.6 | ppc64 | |
Affected | pkg:rpm/redhat/ruby?arch=aarch64&distro=redhat-7.6 | redhat | ruby | < 2.0.0.648-35.el7_6 | redhat-7.6 | aarch64 | |
Affected | pkg:rpm/redhat/ruby-tcltk?arch=x86_64&distro=redhat-7.6 | redhat | ruby-tcltk | < 2.0.0.648-35.el7_6 | redhat-7.6 | x86_64 | |
Affected | pkg:rpm/redhat/ruby-tcltk?arch=s390x&distro=redhat-7.6 | redhat | ruby-tcltk | < 2.0.0.648-35.el7_6 | redhat-7.6 | s390x | |
Affected | pkg:rpm/redhat/ruby-tcltk?arch=ppc64le&distro=redhat-7.6 | redhat | ruby-tcltk | < 2.0.0.648-35.el7_6 | redhat-7.6 | ppc64le | |
Affected | pkg:rpm/redhat/ruby-tcltk?arch=ppc64&distro=redhat-7.6 | redhat | ruby-tcltk | < 2.0.0.648-35.el7_6 | redhat-7.6 | ppc64 | |
Affected | pkg:rpm/redhat/ruby-tcltk?arch=aarch64&distro=redhat-7.6 | redhat | ruby-tcltk | < 2.0.0.648-35.el7_6 | redhat-7.6 | aarch64 | |
Affected | pkg:rpm/redhat/ruby-libs?arch=x86_64&distro=redhat-7.6 | redhat | ruby-libs | < 2.0.0.648-35.el7_6 | redhat-7.6 | x86_64 | |
Affected | pkg:rpm/redhat/ruby-libs?arch=s390x&distro=redhat-7.6 | redhat | ruby-libs | < 2.0.0.648-35.el7_6 | redhat-7.6 | s390x | |
Affected | pkg:rpm/redhat/ruby-libs?arch=s390&distro=redhat-7.6 | redhat | ruby-libs | < 2.0.0.648-35.el7_6 | redhat-7.6 | s390 | |
Affected | pkg:rpm/redhat/ruby-libs?arch=ppc64le&distro=redhat-7.6 | redhat | ruby-libs | < 2.0.0.648-35.el7_6 | redhat-7.6 | ppc64le | |
Affected | pkg:rpm/redhat/ruby-libs?arch=ppc64&distro=redhat-7.6 | redhat | ruby-libs | < 2.0.0.648-35.el7_6 | redhat-7.6 | ppc64 | |
Affected | pkg:rpm/redhat/ruby-libs?arch=ppc&distro=redhat-7.6 | redhat | ruby-libs | < 2.0.0.648-35.el7_6 | redhat-7.6 | ppc | |
Affected | pkg:rpm/redhat/ruby-libs?arch=i686&distro=redhat-7.6 | redhat | ruby-libs | < 2.0.0.648-35.el7_6 | redhat-7.6 | i686 | |
Affected | pkg:rpm/redhat/ruby-libs?arch=aarch64&distro=redhat-7.6 | redhat | ruby-libs | < 2.0.0.648-35.el7_6 | redhat-7.6 | aarch64 | |
Affected | pkg:rpm/redhat/ruby-irb?distro=redhat-7.6 | redhat | ruby-irb | < 2.0.0.648-35.el7_6 | redhat-7.6 | ||
Affected | pkg:rpm/redhat/ruby-doc?distro=redhat-7.6 | redhat | ruby-doc | < 2.0.0.648-35.el7_6 | redhat-7.6 | ||
Affected | pkg:rpm/redhat/ruby-devel?arch=x86_64&distro=redhat-7.6 | redhat | ruby-devel | < 2.0.0.648-35.el7_6 | redhat-7.6 | x86_64 | |
Affected | pkg:rpm/redhat/ruby-devel?arch=s390x&distro=redhat-7.6 | redhat | ruby-devel | < 2.0.0.648-35.el7_6 | redhat-7.6 | s390x | |
Affected | pkg:rpm/redhat/ruby-devel?arch=ppc64le&distro=redhat-7.6 | redhat | ruby-devel | < 2.0.0.648-35.el7_6 | redhat-7.6 | ppc64le | |
Affected | pkg:rpm/redhat/ruby-devel?arch=ppc64&distro=redhat-7.6 | redhat | ruby-devel | < 2.0.0.648-35.el7_6 | redhat-7.6 | ppc64 | |
Affected | pkg:rpm/redhat/ruby-devel?arch=aarch64&distro=redhat-7.6 | redhat | ruby-devel | < 2.0.0.648-35.el7_6 | redhat-7.6 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |