[RLSA-2021:2588] ruby:2.6 security, bug fix, and enhancement update

Severity Moderate

Affected Packages 23

CVEs 9

An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby (2.6.7). (BZ#1952627)

Security Fix(es):

rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code (CVE-2019-3881)
ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)
ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201)
ruby: Code injection via command argument of Shell#test / Shell#
rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)
ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)
ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)
ruby: HTTP response splitting in WEBrick (CVE-2019-16254)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Resolv::DNS: ruby:2.6/ruby: timeouts if multiple IPv6 name servers are given and address contains leading zero Rocky Linux-8

Package	Affected Version
pkg:rpm/rockylinux/rubygem-pg?arch=x86_64&distro=rockylinux-8.5	< 1.1.4-1.module+el8.5.0+738+032c9c02
pkg:rpm/rockylinux/rubygem-pg?arch=x86_64&distro=rockylinux-8.4	< 1.0.0-2.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-pg?arch=aarch64&distro=rockylinux-8.5	< 1.1.4-1.module+el8.5.0+738+032c9c02
pkg:rpm/rockylinux/rubygem-pg?arch=aarch64&distro=rockylinux-8.4	< 1.0.0-2.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-pg-doc?arch=noarch&distro=rockylinux-8.5	< 1.1.4-1.module+el8.5.0+738+032c9c02
pkg:rpm/rockylinux/rubygem-pg-doc?arch=noarch&distro=rockylinux-8.4	< 1.0.0-2.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-mysql2?arch=x86_64&distro=rockylinux-8.5	< 0.5.2-1.module+el8.5.0+738+032c9c02
pkg:rpm/rockylinux/rubygem-mysql2?arch=x86_64&distro=rockylinux-8.4	< 0.4.10-4.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-mysql2?arch=aarch64&distro=rockylinux-8.5	< 0.5.2-1.module+el8.5.0+738+032c9c02
pkg:rpm/rockylinux/rubygem-mysql2?arch=aarch64&distro=rockylinux-8.4	< 0.4.10-4.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-mysql2-doc?arch=noarch&distro=rockylinux-8.5	< 0.5.2-1.module+el8.5.0+738+032c9c02
pkg:rpm/rockylinux/rubygem-mysql2-doc?arch=noarch&distro=rockylinux-8.4	< 0.4.10-4.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-mongo?arch=noarch&distro=rockylinux-8.4	< 2.8.0-1.module+el8.4.0+593+8d7f9f0c
pkg:rpm/rockylinux/rubygem-mongo-doc?arch=noarch&distro=rockylinux-8.4	< 2.8.0-1.module+el8.4.0+593+8d7f9f0c
pkg:rpm/rockylinux/rubygem-bundler?arch=noarch&distro=rockylinux-8.4	< 1.16.1-3.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-bundler-doc?arch=noarch&distro=rockylinux-8.4	< 1.16.1-3.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-bson?arch=x86_64&distro=rockylinux-8.4	< 4.5.0-1.module+el8.4.0+593+8d7f9f0c
pkg:rpm/rockylinux/rubygem-bson?arch=aarch64&distro=rockylinux-8.4	< 4.5.0-1.module+el8.4.0+593+8d7f9f0c
pkg:rpm/rockylinux/rubygem-bson-doc?arch=noarch&distro=rockylinux-8.4	< 4.5.0-1.module+el8.4.0+593+8d7f9f0c
pkg:rpm/rockylinux/rubygem-abrt?arch=noarch&distro=rockylinux-8.5	< 0.3.0-4.module+el8.5.0+738+032c9c02
pkg:rpm/rockylinux/rubygem-abrt?arch=noarch&distro=rockylinux-8.4	< 0.3.0-4.module+el8.4.0+592+03ff458a
pkg:rpm/rockylinux/rubygem-abrt-doc?arch=noarch&distro=rockylinux-8.5	< 0.3.0-4.module+el8.5.0+738+032c9c02
pkg:rpm/rockylinux/rubygem-abrt-doc?arch=noarch&distro=rockylinux-8.4	< 0.3.0-4.module+el8.4.0+592+03ff458a

ID

RLSA-2021:2588

Severity

moderate

URL

https://errata.rockylinux.org/RLSA-2021:2588

Published

2021-06-29T13:58:40
(3 years ago)

Modified

2023-02-02T13:25:24
(19 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2019-15845	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845
CVE	CVE-2019-16201	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201
CVE	CVE-2019-16254	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254
CVE	CVE-2019-16255	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255
CVE	CVE-2019-3881	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3881
CVE	CVE-2020-10663	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663
CVE	CVE-2020-10933	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933
CVE	CVE-2020-25613	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25613
CVE	CVE-2021-28965	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965
Bugzilla	1651826	https://bugzilla.redhat.com/show_bug.cgi?id=1651826
Bugzilla	1773728	https://bugzilla.redhat.com/show_bug.cgi?id=1773728
Bugzilla	1789407	https://bugzilla.redhat.com/show_bug.cgi?id=1789407
Bugzilla	1789556	https://bugzilla.redhat.com/show_bug.cgi?id=1789556
Bugzilla	1793683	https://bugzilla.redhat.com/show_bug.cgi?id=1793683
Bugzilla	1827500	https://bugzilla.redhat.com/show_bug.cgi?id=1827500
Bugzilla	1833291	https://bugzilla.redhat.com/show_bug.cgi?id=1833291
Bugzilla	1883623	https://bugzilla.redhat.com/show_bug.cgi?id=1883623
Bugzilla	1947526	https://bugzilla.redhat.com/show_bug.cgi?id=1947526
Bugzilla	1952627	https://bugzilla.redhat.com/show_bug.cgi?id=1952627
Bugzilla	1954968	https://bugzilla.redhat.com/show_bug.cgi?id=1954968
Self	RLSA-2021:2588	https://errata.rockylinux.org/RLSA-2021:2588

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/rockylinux/rubygem-pg?arch=x86_64&distro=rockylinux-8.5	rockylinux	rubygem-pg	< 1.1.4-1.module+el8.5.0+738+032c9c02	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/rubygem-pg?arch=x86_64&distro=rockylinux-8.4	rockylinux	rubygem-pg	< 1.0.0-2.module+el8.4.0+592+03ff458a	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/rubygem-pg?arch=aarch64&distro=rockylinux-8.5	rockylinux	rubygem-pg	< 1.1.4-1.module+el8.5.0+738+032c9c02	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/rubygem-pg?arch=aarch64&distro=rockylinux-8.4	rockylinux	rubygem-pg	< 1.0.0-2.module+el8.4.0+592+03ff458a	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/rubygem-pg-doc?arch=noarch&distro=rockylinux-8.5	rockylinux	rubygem-pg-doc	< 1.1.4-1.module+el8.5.0+738+032c9c02	rockylinux-8.5	noarch
Affected	pkg:rpm/rockylinux/rubygem-pg-doc?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-pg-doc	< 1.0.0-2.module+el8.4.0+592+03ff458a	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-mysql2?arch=x86_64&distro=rockylinux-8.5	rockylinux	rubygem-mysql2	< 0.5.2-1.module+el8.5.0+738+032c9c02	rockylinux-8.5	x86_64
Affected	pkg:rpm/rockylinux/rubygem-mysql2?arch=x86_64&distro=rockylinux-8.4	rockylinux	rubygem-mysql2	< 0.4.10-4.module+el8.4.0+592+03ff458a	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/rubygem-mysql2?arch=aarch64&distro=rockylinux-8.5	rockylinux	rubygem-mysql2	< 0.5.2-1.module+el8.5.0+738+032c9c02	rockylinux-8.5	aarch64
Affected	pkg:rpm/rockylinux/rubygem-mysql2?arch=aarch64&distro=rockylinux-8.4	rockylinux	rubygem-mysql2	< 0.4.10-4.module+el8.4.0+592+03ff458a	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/rubygem-mysql2-doc?arch=noarch&distro=rockylinux-8.5	rockylinux	rubygem-mysql2-doc	< 0.5.2-1.module+el8.5.0+738+032c9c02	rockylinux-8.5	noarch
Affected	pkg:rpm/rockylinux/rubygem-mysql2-doc?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-mysql2-doc	< 0.4.10-4.module+el8.4.0+592+03ff458a	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-mongo?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-mongo	< 2.8.0-1.module+el8.4.0+593+8d7f9f0c	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-mongo-doc?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-mongo-doc	< 2.8.0-1.module+el8.4.0+593+8d7f9f0c	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-bundler?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-bundler	< 1.16.1-3.module+el8.4.0+592+03ff458a	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-bundler-doc?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-bundler-doc	< 1.16.1-3.module+el8.4.0+592+03ff458a	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-bson?arch=x86_64&distro=rockylinux-8.4	rockylinux	rubygem-bson	< 4.5.0-1.module+el8.4.0+593+8d7f9f0c	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/rubygem-bson?arch=aarch64&distro=rockylinux-8.4	rockylinux	rubygem-bson	< 4.5.0-1.module+el8.4.0+593+8d7f9f0c	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/rubygem-bson-doc?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-bson-doc	< 4.5.0-1.module+el8.4.0+593+8d7f9f0c	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-abrt?arch=noarch&distro=rockylinux-8.5	rockylinux	rubygem-abrt	< 0.3.0-4.module+el8.5.0+738+032c9c02	rockylinux-8.5	noarch
Affected	pkg:rpm/rockylinux/rubygem-abrt?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-abrt	< 0.3.0-4.module+el8.4.0+592+03ff458a	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/rubygem-abrt-doc?arch=noarch&distro=rockylinux-8.5	rockylinux	rubygem-abrt-doc	< 0.3.0-4.module+el8.5.0+738+032c9c02	rockylinux-8.5	noarch
Affected	pkg:rpm/rockylinux/rubygem-abrt-doc?arch=noarch&distro=rockylinux-8.4	rockylinux	rubygem-abrt-doc	< 0.3.0-4.module+el8.4.0+592+03ff458a	rockylinux-8.4	noarch

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date