[RLSA-2021:2587] ruby:2.5 security, bug fix, and enhancement update

Severity Moderate

Affected Packages 13

CVEs 8

An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby (2.5.9). (BZ#1952626)

Security Fix(es):

ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)
ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201)
ruby: Code injection via command argument of Shell#test / Shell#
rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)
ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)
ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)
ruby: HTTP response splitting in WEBrick (CVE-2019-16254)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/rockylinux/rubygem-pg?arch=x86_64&distro=rockylinux-8.4	< 1.0.0-2.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-pg?arch=aarch64&distro=rockylinux-8.4	< 1.0.0-2.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-pg-doc?arch=noarch&distro=rockylinux-8.4	< 1.0.0-2.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-mysql2?arch=x86_64&distro=rockylinux-8.5	< 0.4.10-4.module+el8.5.0+739+43897a5e
pkg:rpm/rockylinux/rubygem-mysql2?arch=aarch64&distro=rockylinux-8.5	< 0.4.10-4.module+el8.5.0+739+43897a5e
pkg:rpm/rockylinux/rubygem-mysql2-doc?arch=noarch&distro=rockylinux-8.5	< 0.4.10-4.module+el8.5.0+739+43897a5e
pkg:rpm/rockylinux/rubygem-mongo?arch=noarch&distro=rockylinux-8.4	< 2.5.1-2.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-mongo-doc?arch=noarch&distro=rockylinux-8.4	< 2.5.1-2.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-bson?arch=x86_64&distro=rockylinux-8.4	< 4.3.0-2.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-bson?arch=aarch64&distro=rockylinux-8.4	< 4.3.0-2.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-bson-doc?arch=noarch&distro=rockylinux-8.4	< 4.3.0-2.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-abrt?arch=noarch&distro=rockylinux-8.5	< 0.3.0-4.module+el8.5.0+738+032c9c02
pkg:rpm/rockylinux/rubygem-abrt-doc?arch=noarch&distro=rockylinux-8.5	< 0.3.0-4.module+el8.5.0+738+032c9c02

ID

RLSA-2021:2587

Severity

moderate

URL

https://errata.rockylinux.org/RLSA-2021:2587

Published

2021-06-29T13:58:20
(3 years ago)

Modified

2023-02-02T13:25:18
(19 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2019-15845	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845
CVE	CVE-2019-16201	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201
CVE	CVE-2019-16254	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254
CVE	CVE-2019-16255	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255
CVE	CVE-2020-10663	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663
CVE	CVE-2020-10933	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933
CVE	CVE-2020-25613	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25613
CVE	CVE-2021-28965	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965
Bugzilla	1773728	https://bugzilla.redhat.com/show_bug.cgi?id=1773728
Bugzilla	1789407	https://bugzilla.redhat.com/show_bug.cgi?id=1789407
Bugzilla	1789556	https://bugzilla.redhat.com/show_bug.cgi?id=1789556
Bugzilla	1793683	https://bugzilla.redhat.com/show_bug.cgi?id=1793683
Bugzilla	1827500	https://bugzilla.redhat.com/show_bug.cgi?id=1827500
Bugzilla	1833291	https://bugzilla.redhat.com/show_bug.cgi?id=1833291
Bugzilla	1883623	https://bugzilla.redhat.com/show_bug.cgi?id=1883623
Bugzilla	1947526	https://bugzilla.redhat.com/show_bug.cgi?id=1947526
Bugzilla	1952626	https://bugzilla.redhat.com/show_bug.cgi?id=1952626
Bugzilla	1955010	https://bugzilla.redhat.com/show_bug.cgi?id=1955010
Self	RLSA-2021:2587	https://errata.rockylinux.org/RLSA-2021:2587

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/rockylinux/rubygem-pg?arch=x86_64&distro=rockylinux-8.4	rockylinux	rubygem-pg	< 1.0.0-2.module+el8.4.0+592+03ff458a	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/rubygem-pg?arch=aarch64&distro=rockylinux-8.4	rockylinux	rubygem-pg	< 1.0.0-2.module+el8.4.0+592+03ff458a	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/rubygem-pg-doc?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-pg-doc	< 1.0.0-2.module+el8.4.0+592+03ff458a	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-mysql2?arch=x86_64&distro=rockylinux-8.5	rockylinux	rubygem-mysql2	< 0.4.10-4.module+el8.5.0+739+43897a5e	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/rubygem-mysql2?arch=aarch64&distro=rockylinux-8.5	rockylinux	rubygem-mysql2	< 0.4.10-4.module+el8.5.0+739+43897a5e	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/rubygem-mysql2-doc?arch=noarch&distro=rockylinux-8.5	rockylinux	rubygem-mysql2-doc	< 0.4.10-4.module+el8.5.0+739+43897a5e	rockylinux-8.5	noarch
Affected	pkg:rpm/rockylinux/rubygem-mongo?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-mongo	< 2.5.1-2.module+el8.4.0+592+03ff458a	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-mongo-doc?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-mongo-doc	< 2.5.1-2.module+el8.4.0+592+03ff458a	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-bson?arch=x86_64&distro=rockylinux-8.4	rockylinux	rubygem-bson	< 4.3.0-2.module+el8.4.0+592+03ff458a	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/rubygem-bson?arch=aarch64&distro=rockylinux-8.4	rockylinux	rubygem-bson	< 4.3.0-2.module+el8.4.0+592+03ff458a	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/rubygem-bson-doc?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-bson-doc	< 4.3.0-2.module+el8.4.0+592+03ff458a	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-abrt?arch=noarch&distro=rockylinux-8.5	rockylinux	rubygem-abrt	< 0.3.0-4.module+el8.5.0+738+032c9c02	rockylinux-8.5	noarch
Affected	pkg:rpm/rockylinux/rubygem-abrt-doc?arch=noarch&distro=rockylinux-8.5	rockylinux	rubygem-abrt-doc	< 0.3.0-4.module+el8.5.0+738+032c9c02	rockylinux-8.5	noarch

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date