[RLSA-2021:2584] ruby:2.7 security, bug fix, and enhancement update

Severity Moderate

Affected Packages 13

CVEs 2

An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby (2.7.3). (BZ#1951999)

Security Fix(es):

ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Resolv::DNS: ruby:2.7/ruby: timeouts if multiple IPv6 name servers are given and address contains leading zero Rocky Linux-8

Package	Affected Version
pkg:rpm/rockylinux/rubygem-pg?arch=x86_64&distro=rockylinux-8.5	< 1.2.3-1.module+el8.5.0+668+665814fa
pkg:rpm/rockylinux/rubygem-pg?arch=aarch64&distro=rockylinux-8.5	< 1.2.3-1.module+el8.5.0+668+665814fa
pkg:rpm/rockylinux/rubygem-pg-doc?arch=noarch&distro=rockylinux-8.5	< 1.2.3-1.module+el8.5.0+668+665814fa
pkg:rpm/rockylinux/rubygem-mysql2?arch=x86_64&distro=rockylinux-8.5	< 0.5.3-1.module+el8.5.0+668+665814fa
pkg:rpm/rockylinux/rubygem-mysql2?arch=aarch64&distro=rockylinux-8.5	< 0.5.3-1.module+el8.5.0+668+665814fa
pkg:rpm/rockylinux/rubygem-mysql2-doc?arch=noarch&distro=rockylinux-8.5	< 0.5.3-1.module+el8.5.0+668+665814fa
pkg:rpm/rockylinux/rubygem-mongo?arch=noarch&distro=rockylinux-8.4	< 2.11.3-1.module+el8.4.0+594+11b6673a
pkg:rpm/rockylinux/rubygem-mongo-doc?arch=noarch&distro=rockylinux-8.4	< 2.11.3-1.module+el8.4.0+594+11b6673a
pkg:rpm/rockylinux/rubygem-bson?arch=x86_64&distro=rockylinux-8.4	< 4.8.1-1.module+el8.4.0+594+11b6673a
pkg:rpm/rockylinux/rubygem-bson?arch=aarch64&distro=rockylinux-8.4	< 4.8.1-1.module+el8.4.0+594+11b6673a
pkg:rpm/rockylinux/rubygem-bson-doc?arch=noarch&distro=rockylinux-8.4	< 4.8.1-1.module+el8.4.0+594+11b6673a
pkg:rpm/rockylinux/rubygem-abrt?arch=noarch&distro=rockylinux-8.5	< 0.4.0-1.module+el8.5.0+668+665814fa
pkg:rpm/rockylinux/rubygem-abrt-doc?arch=noarch&distro=rockylinux-8.5	< 0.4.0-1.module+el8.5.0+668+665814fa

ID

RLSA-2021:2584

Severity

moderate

URL

https://errata.rockylinux.org/RLSA-2021:2584

Published

2021-06-29T13:57:50
(3 years ago)

Modified

2023-02-02T13:25:09
(19 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2020-25613	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25613
CVE	CVE-2021-28965	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965
Bugzilla	1883623	https://bugzilla.redhat.com/show_bug.cgi?id=1883623
Bugzilla	1947526	https://bugzilla.redhat.com/show_bug.cgi?id=1947526
Bugzilla	1951999	https://bugzilla.redhat.com/show_bug.cgi?id=1951999
Bugzilla	1952000	https://bugzilla.redhat.com/show_bug.cgi?id=1952000
Self	RLSA-2021:2584	https://errata.rockylinux.org/RLSA-2021:2584

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/rockylinux/rubygem-pg?arch=x86_64&distro=rockylinux-8.5	rockylinux	rubygem-pg	< 1.2.3-1.module+el8.5.0+668+665814fa	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/rubygem-pg?arch=aarch64&distro=rockylinux-8.5	rockylinux	rubygem-pg	< 1.2.3-1.module+el8.5.0+668+665814fa	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/rubygem-pg-doc?arch=noarch&distro=rockylinux-8.5	rockylinux	rubygem-pg-doc	< 1.2.3-1.module+el8.5.0+668+665814fa	rockylinux-8.5	noarch
Affected	pkg:rpm/rockylinux/rubygem-mysql2?arch=x86_64&distro=rockylinux-8.5	rockylinux	rubygem-mysql2	< 0.5.3-1.module+el8.5.0+668+665814fa	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/rubygem-mysql2?arch=aarch64&distro=rockylinux-8.5	rockylinux	rubygem-mysql2	< 0.5.3-1.module+el8.5.0+668+665814fa	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/rubygem-mysql2-doc?arch=noarch&distro=rockylinux-8.5	rockylinux	rubygem-mysql2-doc	< 0.5.3-1.module+el8.5.0+668+665814fa	rockylinux-8.5	noarch
Affected	pkg:rpm/rockylinux/rubygem-mongo?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-mongo	< 2.11.3-1.module+el8.4.0+594+11b6673a	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-mongo-doc?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-mongo-doc	< 2.11.3-1.module+el8.4.0+594+11b6673a	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-bson?arch=x86_64&distro=rockylinux-8.4	rockylinux	rubygem-bson	< 4.8.1-1.module+el8.4.0+594+11b6673a	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/rubygem-bson?arch=aarch64&distro=rockylinux-8.4	rockylinux	rubygem-bson	< 4.8.1-1.module+el8.4.0+594+11b6673a	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/rubygem-bson-doc?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-bson-doc	< 4.8.1-1.module+el8.4.0+594+11b6673a	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-abrt?arch=noarch&distro=rockylinux-8.5	rockylinux	rubygem-abrt	< 0.4.0-1.module+el8.5.0+668+665814fa	rockylinux-8.5	noarch
Affected	pkg:rpm/rockylinux/rubygem-abrt-doc?arch=noarch&distro=rockylinux-8.5	rockylinux	rubygem-abrt-doc	< 0.4.0-1.module+el8.5.0+668+665814fa	rockylinux-8.5	noarch

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date