[RLSA-2022:0543] ruby:2.6 security update
An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327)
rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799)
ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810)
ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)
ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)
ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- ID
- RLSA-2022:0543
- Severity
- important
- URL
- https://errata.rockylinux.org/RLSA-2022:0543
- Published
-
2022-02-16T08:26:13
(2 years ago) - Modified
-
2023-02-02T13:35:15
(19 months ago) - Rights
- Copyright 2024 Rocky Enterprise Software Foundation
- Other Advisories
-
- ALAS-2021-1505
- ALAS-2021-1506
- ALAS2-2021-1641
- ALAS2-2023-2345
- ALAS2-2024-2486
- ALAS2-2024-2534
- ALAS2-2024-2570
- ALPINE:CVE-2021-31799
- ALPINE:CVE-2021-31810
- ALPINE:CVE-2021-32066
- ALPINE:CVE-2021-41817
- ALPINE:CVE-2021-41819
- ALSA-2021:3020
- ALSA-2022:0543
- ALSA-2022:0545
- ALSA-2022:0672
- ALSA-2022:5779
- ALSA-2022:6447
- ALSA-2022:6450
- ASA-202106-14
- ASA-202107-18
- ASA-202107-23
- ASA-202107-24
- DSA-5066-1
- DSA-5067-1
- ELSA-2021-3020
- ELSA-2022-0543
- ELSA-2022-0545
- ELSA-2022-0672
- ELSA-2022-5779
- ELSA-2022-6447
- ELSA-2022-6450
- FEDORA-2021-36cdab1f8d
- FEDORA-2022-82a9edac27
- FEDORA-2022-8cf0124add
- FREEBSD:4548EC97-4D38-11EC-A539-0800270512F4
- FREEBSD:57027417-AB7F-11EB-9596-080027F515EA
- FREEBSD:6916EA94-4628-11EC-BBE2-0800270512F4
- FREEBSD:7ED5779C-E4C7-11EB-91D7-08002728F74C
- GLSA-202401-05
- GLSA-202401-27
- GLSA-202408-22
- MS:CVE-2021-41817
- MS:CVE-2021-41819
- openSUSE-SU-2021:1535-1
- openSUSE-SU-2021:3838-1
- RHSA-2021:3020
- RHSA-2022:0543
- RHSA-2022:0545
- RHSA-2022:0672
- RHSA-2022:5779
- RHSA-2022:6447
- RHSA-2022:6450
- RLSA-2021:3020
- RLSA-2022:0545
- RLSA-2022:0672
- RLSA-2022:5779
- RLSA-2022:6447
- RLSA-2022:6450
- RUBYSEC:BUNDLER-2020-36327
- RUBYSEC:CGI-2021-41819
- RUBYSEC:DATE-2021-41817
- RUBYSEC:RDOC-2021-31799
- SUSE-SU-2021:3837-1
- SUSE-SU-2021:3838-1
- SUSE-SU-2022:1512-1
- SUSE-SU-2022:3292-1
- SUSE-SU-2023:4176-1
- USN-5020-1
- USN-5235-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2020-36327 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36327 | |
CVE | CVE-2021-31799 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799 | |
CVE | CVE-2021-31810 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810 | |
CVE | CVE-2021-32066 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066 | |
CVE | CVE-2021-41817 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817 | |
CVE | CVE-2021-41819 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819 | |
Bugzilla | 1958999 | https://bugzilla.redhat.com/show_bug.cgi?id=1958999 | |
Bugzilla | 1980126 | https://bugzilla.redhat.com/show_bug.cgi?id=1980126 | |
Bugzilla | 1980128 | https://bugzilla.redhat.com/show_bug.cgi?id=1980128 | |
Bugzilla | 1980132 | https://bugzilla.redhat.com/show_bug.cgi?id=1980132 | |
Bugzilla | 2025104 | https://bugzilla.redhat.com/show_bug.cgi?id=2025104 | |
Bugzilla | 2026757 | https://bugzilla.redhat.com/show_bug.cgi?id=2026757 | |
Self | RLSA-2022:0543 | https://errata.rockylinux.org/RLSA-2022:0543 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/rockylinux/rubygem-pg?arch=x86_64&distro=rockylinux-8.5 | rockylinux | rubygem-pg | < 1.1.4-1.module+el8.5.0+738+032c9c02 | rockylinux-8.5 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-pg?arch=aarch64&distro=rockylinux-8.5 | rockylinux | rubygem-pg | < 1.1.4-1.module+el8.5.0+738+032c9c02 | rockylinux-8.5 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-pg-doc?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-pg-doc | < 1.1.4-1.module+el8.5.0+738+032c9c02 | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-mysql2?arch=x86_64&distro=rockylinux-8.5 | rockylinux | rubygem-mysql2 | < 0.5.2-1.module+el8.5.0+738+032c9c02 | rockylinux-8.5 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-mysql2?arch=aarch64&distro=rockylinux-8.5 | rockylinux | rubygem-mysql2 | < 0.5.2-1.module+el8.5.0+738+032c9c02 | rockylinux-8.5 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-mysql2-doc?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-mysql2-doc | < 0.5.2-1.module+el8.5.0+738+032c9c02 | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-mongo?arch=noarch&distro=rockylinux-8.4 | rockylinux | rubygem-mongo | < 2.8.0-1.module+el8.4.0+593+8d7f9f0c | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-mongo-doc?arch=noarch&distro=rockylinux-8.4 | rockylinux | rubygem-mongo-doc | < 2.8.0-1.module+el8.4.0+593+8d7f9f0c | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-bson?arch=x86_64&distro=rockylinux-8.4 | rockylinux | rubygem-bson | < 4.5.0-1.module+el8.4.0+593+8d7f9f0c | rockylinux-8.4 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-bson?arch=aarch64&distro=rockylinux-8.4 | rockylinux | rubygem-bson | < 4.5.0-1.module+el8.4.0+593+8d7f9f0c | rockylinux-8.4 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-bson-doc?arch=noarch&distro=rockylinux-8.4 | rockylinux | rubygem-bson-doc | < 4.5.0-1.module+el8.4.0+593+8d7f9f0c | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-abrt?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-abrt | < 0.3.0-4.module+el8.5.0+738+032c9c02 | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-abrt-doc?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-abrt-doc | < 0.3.0-4.module+el8.5.0+738+032c9c02 | rockylinux-8.5 | noarch |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |