[RHSA-2021:3020] ruby:2.7 security update
Severity
Important
Affected Packages
72
CVEs
4
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327)
rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799)
ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810)
ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- ID
- RHSA-2021:3020
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2021:3020
- Published
-
2021-08-05T00:00:00
(3 years ago) - Modified
-
2021-08-05T00:00:00
(3 years ago) - Rights
- Copyright 2021 Red Hat, Inc.
- Other Advisories
-
- ALAS-2021-1505
- ALAS-2021-1506
- ALAS2-2021-1641
- ALAS2-2024-2534
- ALAS2-2024-2570
- ALPINE:CVE-2021-31799
- ALPINE:CVE-2021-31810
- ALPINE:CVE-2021-32066
- ALSA-2021:3020
- ALSA-2022:0543
- ALSA-2022:0545
- ALSA-2022:0672
- ASA-202106-14
- ASA-202107-18
- ASA-202107-23
- ASA-202107-24
- DSA-5066-1
- ELSA-2021-3020
- ELSA-2022-0543
- ELSA-2022-0545
- ELSA-2022-0672
- FEDORA-2021-36cdab1f8d
- FREEBSD:57027417-AB7F-11EB-9596-080027F515EA
- FREEBSD:7ED5779C-E4C7-11EB-91D7-08002728F74C
- GLSA-202401-05
- GLSA-202401-27
- GLSA-202408-22
- openSUSE-SU-2021:1535-1
- openSUSE-SU-2021:3838-1
- RHSA-2022:0543
- RHSA-2022:0545
- RHSA-2022:0672
- RLSA-2021:3020
- RLSA-2022:0543
- RLSA-2022:0545
- RLSA-2022:0672
- RUBYSEC:BUNDLER-2020-36327
- RUBYSEC:RDOC-2021-31799
- SUSE-SU-2021:3837-1
- SUSE-SU-2021:3838-1
- SUSE-SU-2022:1512-1
- USN-5020-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1958999 | https://bugzilla.redhat.com/1958999 | |
Bugzilla | 1980126 | https://bugzilla.redhat.com/1980126 | |
Bugzilla | 1980128 | https://bugzilla.redhat.com/1980128 | |
Bugzilla | 1980132 | https://bugzilla.redhat.com/1980132 | |
RHSA | RHSA-2021:3020 | https://access.redhat.com/errata/RHSA-2021:3020 | |
CVE | CVE-2020-36327 | https://access.redhat.com/security/cve/CVE-2020-36327 | |
CVE | CVE-2021-31799 | https://access.redhat.com/security/cve/CVE-2021-31799 | |
CVE | CVE-2021-31810 | https://access.redhat.com/security/cve/CVE-2021-31810 | |
CVE | CVE-2021-32066 | https://access.redhat.com/security/cve/CVE-2021-32066 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/rubygems?distro=redhat-8.4 | redhat | rubygems | < 3.1.6-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/rubygems-devel?distro=redhat-8.4 | redhat | rubygems-devel | < 3.1.6-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/rubygem-xmlrpc?distro=redhat-8.4 | redhat | rubygem-xmlrpc | < 0.3.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/rubygem-test-unit?distro=redhat-8.4 | redhat | rubygem-test-unit | < 3.3.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/rubygem-rdoc?distro=redhat-8.4 | redhat | rubygem-rdoc | < 6.2.1.1-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/rubygem-rake?distro=redhat-8.4 | redhat | rubygem-rake | < 13.0.1-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/rubygem-psych?arch=x86_64&distro=redhat-8.4 | redhat | rubygem-psych | < 3.1.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | x86_64 | |
Affected | pkg:rpm/redhat/rubygem-psych?arch=s390x&distro=redhat-8.4 | redhat | rubygem-psych | < 3.1.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | s390x | |
Affected | pkg:rpm/redhat/rubygem-psych?arch=ppc64le&distro=redhat-8.4 | redhat | rubygem-psych | < 3.1.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ppc64le | |
Affected | pkg:rpm/redhat/rubygem-psych?arch=i686&distro=redhat-8.4 | redhat | rubygem-psych | < 3.1.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | i686 | |
Affected | pkg:rpm/redhat/rubygem-psych?arch=aarch64&distro=redhat-8.4 | redhat | rubygem-psych | < 3.1.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | aarch64 | |
Affected | pkg:rpm/redhat/rubygem-power_assert?distro=redhat-8.4 | redhat | rubygem-power_assert | < 1.1.7-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/rubygem-pg?arch=x86_64&distro=redhat-8.3 | redhat | rubygem-pg | < 1.2.3-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | x86_64 | |
Affected | pkg:rpm/redhat/rubygem-pg?arch=s390x&distro=redhat-8.3 | redhat | rubygem-pg | < 1.2.3-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | s390x | |
Affected | pkg:rpm/redhat/rubygem-pg?arch=ppc64le&distro=redhat-8.3 | redhat | rubygem-pg | < 1.2.3-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | ppc64le | |
Affected | pkg:rpm/redhat/rubygem-pg?arch=aarch64&distro=redhat-8.3 | redhat | rubygem-pg | < 1.2.3-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | aarch64 | |
Affected | pkg:rpm/redhat/rubygem-pg-doc?distro=redhat-8.3 | redhat | rubygem-pg-doc | < 1.2.3-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | ||
Affected | pkg:rpm/redhat/rubygem-openssl?arch=x86_64&distro=redhat-8.4 | redhat | rubygem-openssl | < 2.1.2-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | x86_64 | |
Affected | pkg:rpm/redhat/rubygem-openssl?arch=s390x&distro=redhat-8.4 | redhat | rubygem-openssl | < 2.1.2-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | s390x | |
Affected | pkg:rpm/redhat/rubygem-openssl?arch=ppc64le&distro=redhat-8.4 | redhat | rubygem-openssl | < 2.1.2-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ppc64le | |
Affected | pkg:rpm/redhat/rubygem-openssl?arch=i686&distro=redhat-8.4 | redhat | rubygem-openssl | < 2.1.2-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | i686 | |
Affected | pkg:rpm/redhat/rubygem-openssl?arch=aarch64&distro=redhat-8.4 | redhat | rubygem-openssl | < 2.1.2-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | aarch64 | |
Affected | pkg:rpm/redhat/rubygem-net-telnet?distro=redhat-8.4 | redhat | rubygem-net-telnet | < 0.2.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/rubygem-mysql2?arch=x86_64&distro=redhat-8.3 | redhat | rubygem-mysql2 | < 0.5.3-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | x86_64 | |
Affected | pkg:rpm/redhat/rubygem-mysql2?arch=s390x&distro=redhat-8.3 | redhat | rubygem-mysql2 | < 0.5.3-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | s390x | |
Affected | pkg:rpm/redhat/rubygem-mysql2?arch=ppc64le&distro=redhat-8.3 | redhat | rubygem-mysql2 | < 0.5.3-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | ppc64le | |
Affected | pkg:rpm/redhat/rubygem-mysql2?arch=aarch64&distro=redhat-8.3 | redhat | rubygem-mysql2 | < 0.5.3-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | aarch64 | |
Affected | pkg:rpm/redhat/rubygem-mysql2-doc?distro=redhat-8.3 | redhat | rubygem-mysql2-doc | < 0.5.3-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | ||
Affected | pkg:rpm/redhat/rubygem-mongo?distro=redhat-8.3 | redhat | rubygem-mongo | < 2.11.3-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | ||
Affected | pkg:rpm/redhat/rubygem-mongo-doc?distro=redhat-8.3 | redhat | rubygem-mongo-doc | < 2.11.3-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | ||
Affected | pkg:rpm/redhat/rubygem-minitest?distro=redhat-8.4 | redhat | rubygem-minitest | < 5.13.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/rubygem-json?arch=x86_64&distro=redhat-8.4 | redhat | rubygem-json | < 2.3.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | x86_64 | |
Affected | pkg:rpm/redhat/rubygem-json?arch=s390x&distro=redhat-8.4 | redhat | rubygem-json | < 2.3.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | s390x | |
Affected | pkg:rpm/redhat/rubygem-json?arch=ppc64le&distro=redhat-8.4 | redhat | rubygem-json | < 2.3.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ppc64le | |
Affected | pkg:rpm/redhat/rubygem-json?arch=i686&distro=redhat-8.4 | redhat | rubygem-json | < 2.3.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | i686 | |
Affected | pkg:rpm/redhat/rubygem-json?arch=aarch64&distro=redhat-8.4 | redhat | rubygem-json | < 2.3.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | aarch64 | |
Affected | pkg:rpm/redhat/rubygem-irb?distro=redhat-8.4 | redhat | rubygem-irb | < 1.2.6-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/rubygem-io-console?arch=x86_64&distro=redhat-8.4 | redhat | rubygem-io-console | < 0.5.6-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | x86_64 | |
Affected | pkg:rpm/redhat/rubygem-io-console?arch=s390x&distro=redhat-8.4 | redhat | rubygem-io-console | < 0.5.6-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | s390x | |
Affected | pkg:rpm/redhat/rubygem-io-console?arch=ppc64le&distro=redhat-8.4 | redhat | rubygem-io-console | < 0.5.6-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ppc64le | |
Affected | pkg:rpm/redhat/rubygem-io-console?arch=i686&distro=redhat-8.4 | redhat | rubygem-io-console | < 0.5.6-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | i686 | |
Affected | pkg:rpm/redhat/rubygem-io-console?arch=aarch64&distro=redhat-8.4 | redhat | rubygem-io-console | < 0.5.6-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | aarch64 | |
Affected | pkg:rpm/redhat/rubygem-bundler?distro=redhat-8.4 | redhat | rubygem-bundler | < 2.2.24-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/rubygem-bson?arch=x86_64&distro=redhat-8.3 | redhat | rubygem-bson | < 4.8.1-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | x86_64 | |
Affected | pkg:rpm/redhat/rubygem-bson?arch=s390x&distro=redhat-8.3 | redhat | rubygem-bson | < 4.8.1-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | s390x | |
Affected | pkg:rpm/redhat/rubygem-bson?arch=ppc64le&distro=redhat-8.3 | redhat | rubygem-bson | < 4.8.1-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | ppc64le | |
Affected | pkg:rpm/redhat/rubygem-bson?arch=aarch64&distro=redhat-8.3 | redhat | rubygem-bson | < 4.8.1-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | aarch64 | |
Affected | pkg:rpm/redhat/rubygem-bson-doc?distro=redhat-8.3 | redhat | rubygem-bson-doc | < 4.8.1-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | ||
Affected | pkg:rpm/redhat/rubygem-bigdecimal?arch=x86_64&distro=redhat-8.4 | redhat | rubygem-bigdecimal | < 2.0.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | x86_64 | |
Affected | pkg:rpm/redhat/rubygem-bigdecimal?arch=s390x&distro=redhat-8.4 | redhat | rubygem-bigdecimal | < 2.0.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | s390x | |
Affected | pkg:rpm/redhat/rubygem-bigdecimal?arch=ppc64le&distro=redhat-8.4 | redhat | rubygem-bigdecimal | < 2.0.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ppc64le | |
Affected | pkg:rpm/redhat/rubygem-bigdecimal?arch=i686&distro=redhat-8.4 | redhat | rubygem-bigdecimal | < 2.0.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | i686 | |
Affected | pkg:rpm/redhat/rubygem-bigdecimal?arch=aarch64&distro=redhat-8.4 | redhat | rubygem-bigdecimal | < 2.0.0-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | aarch64 | |
Affected | pkg:rpm/redhat/rubygem-abrt?distro=redhat-8.3 | redhat | rubygem-abrt | < 0.4.0-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | ||
Affected | pkg:rpm/redhat/rubygem-abrt-doc?distro=redhat-8.3 | redhat | rubygem-abrt-doc | < 0.4.0-1.module+el8.3.0+7192+4e3a532a | redhat-8.3 | ||
Affected | pkg:rpm/redhat/ruby?arch=x86_64&distro=redhat-8.4 | redhat | ruby | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | x86_64 | |
Affected | pkg:rpm/redhat/ruby?arch=s390x&distro=redhat-8.4 | redhat | ruby | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | s390x | |
Affected | pkg:rpm/redhat/ruby?arch=ppc64le&distro=redhat-8.4 | redhat | ruby | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ppc64le | |
Affected | pkg:rpm/redhat/ruby?arch=i686&distro=redhat-8.4 | redhat | ruby | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | i686 | |
Affected | pkg:rpm/redhat/ruby?arch=aarch64&distro=redhat-8.4 | redhat | ruby | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | aarch64 | |
Affected | pkg:rpm/redhat/ruby-libs?arch=x86_64&distro=redhat-8.4 | redhat | ruby-libs | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | x86_64 | |
Affected | pkg:rpm/redhat/ruby-libs?arch=s390x&distro=redhat-8.4 | redhat | ruby-libs | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | s390x | |
Affected | pkg:rpm/redhat/ruby-libs?arch=ppc64le&distro=redhat-8.4 | redhat | ruby-libs | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ppc64le | |
Affected | pkg:rpm/redhat/ruby-libs?arch=i686&distro=redhat-8.4 | redhat | ruby-libs | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | i686 | |
Affected | pkg:rpm/redhat/ruby-libs?arch=aarch64&distro=redhat-8.4 | redhat | ruby-libs | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | aarch64 | |
Affected | pkg:rpm/redhat/ruby-doc?distro=redhat-8.4 | redhat | ruby-doc | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/ruby-devel?arch=x86_64&distro=redhat-8.4 | redhat | ruby-devel | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | x86_64 | |
Affected | pkg:rpm/redhat/ruby-devel?arch=s390x&distro=redhat-8.4 | redhat | ruby-devel | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | s390x | |
Affected | pkg:rpm/redhat/ruby-devel?arch=ppc64le&distro=redhat-8.4 | redhat | ruby-devel | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | ppc64le | |
Affected | pkg:rpm/redhat/ruby-devel?arch=i686&distro=redhat-8.4 | redhat | ruby-devel | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | i686 | |
Affected | pkg:rpm/redhat/ruby-devel?arch=aarch64&distro=redhat-8.4 | redhat | ruby-devel | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 | aarch64 | |
Affected | pkg:rpm/redhat/ruby-default-gems?distro=redhat-8.4 | redhat | ruby-default-gems | < 2.7.4-137.module+el8.4.0+12025+f744ca41 | redhat-8.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |