[RLSA-2021:2587] ruby:2.5 security, bug fix, and enhancement update
An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: ruby (2.5.9). (BZ#1952626)
Security Fix(es):
ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)
ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201)
ruby: Code injection via command argument of Shell#test / Shell#
rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)
ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)
ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)
ruby: HTTP response splitting in WEBrick (CVE-2019-16254)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- ID
- RLSA-2021:2587
- Severity
- moderate
- URL
- https://errata.rockylinux.org/RLSA-2021:2587
- Published
-
2021-06-29T13:58:20
(3 years ago) - Modified
-
2023-02-02T13:25:18
(19 months ago) - Rights
- Copyright 2024 Rocky Enterprise Software Foundation
- Other Advisories
-
- ALAS-2020-1416
- ALAS-2020-1422
- ALAS-2020-1423
- ALAS-2020-1426
- ALAS-2020-1451
- ALAS-2021-1468
- ALAS-2021-1501
- ALAS2-2021-1641
- ALAS2-2024-2486
- ALPINE:CVE-2019-15845
- ALPINE:CVE-2019-16201
- ALPINE:CVE-2019-16254
- ALPINE:CVE-2019-16255
- ALPINE:CVE-2020-10663
- ALPINE:CVE-2020-10933
- ALPINE:CVE-2020-25613
- ALPINE:CVE-2021-28965
- ALSA-2021:2584
- ALSA-2021:2587
- ALSA-2021:2588
- ASA-201910-2
- ASA-202104-1
- DSA-4586-1
- DSA-4587-1
- DSA-4721-1
- DSA-5066-1
- ELSA-2020-5724
- ELSA-2021-2584
- ELSA-2021-2587
- ELSA-2021-2588
- FEDORA-2020-02ca18c2a0
- FEDORA-2020-26df92331a
- FEDORA-2020-a95706b117
- FEDORA-2020-d171bf636d
- FEDORA-2020-fe2a7d7390
- FEDORA-2021-0ea39d8eb3
- FEDORA-2021-6385a09efc
- FEDORA-2021-7b8b65bc7a
- FREEBSD:40194E1C-6D89-11EA-8082-80EE73419AF3
- FREEBSD:DEC7E4B6-961A-11EB-9C34-080027F515EA
- FREEBSD:F7FCB75C-E537-11E9-863E-B9B7AF01BA9E
- FREEBSD:FB6E53AE-9DF6-11EB-BA8C-001B217B3468
- GLSA-202003-06
- GLSA-202401-27
- MS:CVE-2019-15845
- MS:CVE-2019-16201
- MS:CVE-2019-16254
- MS:CVE-2019-16255
- MS:CVE-2020-10933
- MS:CVE-2020-25613
- MS:CVE-2021-28965
- openSUSE-SU-2020:0395-1
- openSUSE-SU-2020:0586-1
- openSUSE-SU-2021:0471-1
- openSUSE-SU-2021:0607-1
- RHSA-2020:2462
- RHSA-2021:2584
- RHSA-2021:2587
- RHSA-2021:2588
- RLSA-2021:2584
- RLSA-2021:2588
- RUBYSEC:JSON-2020-10663
- RUBYSEC:PUMA-2020-5247
- RUBYSEC:REXML-2021-28965
- RUBYSEC:WEBRICK-2020-25613
- SUSE-SU-2020:0737-1
- SUSE-SU-2020:0995-1
- SUSE-SU-2020:1570-1
- SUSE-SU-2020:1901-1
- SUSE-SU-2021:0933-1
- SUSE-SU-2021:1280-1
- SUSE-SU-2021:3837-1
- USN-4201-1
- USN-4882-1
- USN-4922-1
- USN-4922-2
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/rockylinux/rubygem-pg?arch=x86_64&distro=rockylinux-8.4 | rockylinux | rubygem-pg | < 1.0.0-2.module+el8.4.0+592+03ff458a | rockylinux-8.4 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-pg?arch=aarch64&distro=rockylinux-8.4 | rockylinux | rubygem-pg | < 1.0.0-2.module+el8.4.0+592+03ff458a | rockylinux-8.4 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-pg-doc?arch=noarch&distro=rockylinux-8.4 | rockylinux | rubygem-pg-doc | < 1.0.0-2.module+el8.4.0+592+03ff458a | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-mysql2?arch=x86_64&distro=rockylinux-8.5 | rockylinux | rubygem-mysql2 | < 0.4.10-4.module+el8.5.0+739+43897a5e | rockylinux-8.5 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-mysql2?arch=aarch64&distro=rockylinux-8.5 | rockylinux | rubygem-mysql2 | < 0.4.10-4.module+el8.5.0+739+43897a5e | rockylinux-8.5 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-mysql2-doc?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-mysql2-doc | < 0.4.10-4.module+el8.5.0+739+43897a5e | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-mongo?arch=noarch&distro=rockylinux-8.4 | rockylinux | rubygem-mongo | < 2.5.1-2.module+el8.4.0+592+03ff458a | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-mongo-doc?arch=noarch&distro=rockylinux-8.4 | rockylinux | rubygem-mongo-doc | < 2.5.1-2.module+el8.4.0+592+03ff458a | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-bson?arch=x86_64&distro=rockylinux-8.4 | rockylinux | rubygem-bson | < 4.3.0-2.module+el8.4.0+592+03ff458a | rockylinux-8.4 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-bson?arch=aarch64&distro=rockylinux-8.4 | rockylinux | rubygem-bson | < 4.3.0-2.module+el8.4.0+592+03ff458a | rockylinux-8.4 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-bson-doc?arch=noarch&distro=rockylinux-8.4 | rockylinux | rubygem-bson-doc | < 4.3.0-2.module+el8.4.0+592+03ff458a | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-abrt?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-abrt | < 0.3.0-4.module+el8.5.0+738+032c9c02 | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-abrt-doc?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-abrt-doc | < 0.3.0-4.module+el8.5.0+738+032c9c02 | rockylinux-8.5 | noarch |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |