[RLSA-2021:2584] ruby:2.7 security, bug fix, and enhancement update
An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: ruby (2.7.3). (BZ#1951999)
Security Fix(es):
ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Resolv::DNS: ruby:2.7/ruby: timeouts if multiple IPv6 name servers are given and address contains leading zero Rocky Linux-8
- ID
- RLSA-2021:2584
- Severity
- moderate
- URL
- https://errata.rockylinux.org/RLSA-2021:2584
- Published
-
2021-06-29T13:57:50
(3 years ago) - Modified
-
2023-02-02T13:25:09
(19 months ago) - Rights
- Copyright 2024 Rocky Enterprise Software Foundation
- Other Advisories
-
- ALAS-2020-1451
- ALAS-2021-1468
- ALAS-2021-1501
- ALAS2-2021-1641
- ALPINE:CVE-2020-25613
- ALPINE:CVE-2021-28965
- ALSA-2021:2584
- ALSA-2021:2587
- ALSA-2021:2588
- ASA-202104-1
- DSA-5066-1
- ELSA-2021-2584
- ELSA-2021-2587
- ELSA-2021-2588
- FEDORA-2020-02ca18c2a0
- FEDORA-2020-fe2a7d7390
- FEDORA-2021-0ea39d8eb3
- FEDORA-2021-6385a09efc
- FEDORA-2021-7b8b65bc7a
- FREEBSD:DEC7E4B6-961A-11EB-9C34-080027F515EA
- FREEBSD:FB6E53AE-9DF6-11EB-BA8C-001B217B3468
- GLSA-202401-27
- MS:CVE-2020-25613
- MS:CVE-2021-28965
- openSUSE-SU-2021:0471-1
- openSUSE-SU-2021:0607-1
- RHSA-2021:2584
- RHSA-2021:2587
- RHSA-2021:2588
- RLSA-2021:2587
- RLSA-2021:2588
- RUBYSEC:REXML-2021-28965
- RUBYSEC:WEBRICK-2020-25613
- SUSE-SU-2021:0933-1
- SUSE-SU-2021:1280-1
- SUSE-SU-2021:3837-1
- USN-4882-1
- USN-4922-1
- USN-4922-2
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2020-25613 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25613 | |
CVE | CVE-2021-28965 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965 | |
Bugzilla | 1883623 | https://bugzilla.redhat.com/show_bug.cgi?id=1883623 | |
Bugzilla | 1947526 | https://bugzilla.redhat.com/show_bug.cgi?id=1947526 | |
Bugzilla | 1951999 | https://bugzilla.redhat.com/show_bug.cgi?id=1951999 | |
Bugzilla | 1952000 | https://bugzilla.redhat.com/show_bug.cgi?id=1952000 | |
Self | RLSA-2021:2584 | https://errata.rockylinux.org/RLSA-2021:2584 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/rockylinux/rubygem-pg?arch=x86_64&distro=rockylinux-8.5 | rockylinux | rubygem-pg | < 1.2.3-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-pg?arch=aarch64&distro=rockylinux-8.5 | rockylinux | rubygem-pg | < 1.2.3-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-pg-doc?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-pg-doc | < 1.2.3-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-mysql2?arch=x86_64&distro=rockylinux-8.5 | rockylinux | rubygem-mysql2 | < 0.5.3-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-mysql2?arch=aarch64&distro=rockylinux-8.5 | rockylinux | rubygem-mysql2 | < 0.5.3-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-mysql2-doc?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-mysql2-doc | < 0.5.3-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-mongo?arch=noarch&distro=rockylinux-8.4 | rockylinux | rubygem-mongo | < 2.11.3-1.module+el8.4.0+594+11b6673a | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-mongo-doc?arch=noarch&distro=rockylinux-8.4 | rockylinux | rubygem-mongo-doc | < 2.11.3-1.module+el8.4.0+594+11b6673a | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-bson?arch=x86_64&distro=rockylinux-8.4 | rockylinux | rubygem-bson | < 4.8.1-1.module+el8.4.0+594+11b6673a | rockylinux-8.4 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-bson?arch=aarch64&distro=rockylinux-8.4 | rockylinux | rubygem-bson | < 4.8.1-1.module+el8.4.0+594+11b6673a | rockylinux-8.4 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-bson-doc?arch=noarch&distro=rockylinux-8.4 | rockylinux | rubygem-bson-doc | < 4.8.1-1.module+el8.4.0+594+11b6673a | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-abrt?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-abrt | < 0.4.0-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-abrt-doc?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-abrt-doc | < 0.4.0-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | noarch |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |