[RLSA-2022:6450] ruby:3.0 security, bug fix, and enhancement update
An update is available for rubygem-mysql2, rubygem-pg, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109431)
Security Fix(es):
ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)
ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)
Ruby: Double free in Regexp compilation (CVE-2022-28738)
Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- ruby 3.0: User-installed rubygems plugins are not being loaded Rocky Linux8
- ID
- RLSA-2022:6450
- Severity
- moderate
- URL
- https://errata.rockylinux.org/RLSA-2022:6450
- Published
-
2022-09-13T07:36:53
(2 years ago) - Modified
-
2023-02-02T13:46:41
(19 months ago) - Rights
- Copyright 2023 Rocky Enterprise Software Foundation
- Other Advisories
-
- ALAS-2022-1638
- ALAS2-2022-1853
- ALAS2-2023-2345
- ALAS2-2024-2486
- ALPINE:CVE-2021-41817
- ALPINE:CVE-2021-41819
- ALPINE:CVE-2022-28738
- ALPINE:CVE-2022-28739
- ALSA-2022:0543
- ALSA-2022:5779
- ALSA-2022:6447
- ALSA-2022:6450
- ALSA-2022:6585
- ALSA-2023:7025
- DSA-5066-1
- DSA-5067-1
- ELSA-2022-0543
- ELSA-2022-5338
- ELSA-2022-5779
- ELSA-2022-6447
- ELSA-2022-6450
- ELSA-2022-6585
- ELSA-2023-12064
- ELSA-2023-7025
- FEDORA-2022-82a9edac27
- FEDORA-2022-8cf0124add
- FEDORA-2022-a7ca6ee0cf
- FREEBSD:06ED6A49-BAD4-11EC-9CFE-0800270512F4
- FREEBSD:4548EC97-4D38-11EC-A539-0800270512F4
- FREEBSD:6916EA94-4628-11EC-BBE2-0800270512F4
- FREEBSD:F22144D7-BAD1-11EC-9CFE-0800270512F4
- GLSA-202401-27
- MS:CVE-2021-41817
- MS:CVE-2021-41819
- MS:CVE-2022-28739
- RHSA-2022:0543
- RHSA-2022:5338
- RHSA-2022:5779
- RHSA-2022:6447
- RHSA-2022:6450
- RHSA-2022:6585
- RHSA-2023:7025
- RLSA-2022:0543
- RLSA-2022:5338
- RLSA-2022:5779
- RLSA-2022:6447
- RLSA-2022:6585
- RUBYSEC:CGI-2021-41819
- RUBYSEC:DATE-2021-41817
- SSA:2022-103-01
- SUSE-SU-2022:1512-1
- SUSE-SU-2022:3292-1
- SUSE-SU-2023:4176-1
- USN-5235-1
- USN-5462-1
- USN-5462-2
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2021-41817 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817 | |
CVE | CVE-2021-41819 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819 | |
CVE | CVE-2022-28738 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28738 | |
CVE | CVE-2022-28739 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739 | |
Bugzilla | 2025104 | https://bugzilla.redhat.com/show_bug.cgi?id=2025104 | |
Bugzilla | 2026757 | https://bugzilla.redhat.com/show_bug.cgi?id=2026757 | |
Bugzilla | 2075685 | https://bugzilla.redhat.com/show_bug.cgi?id=2075685 | |
Bugzilla | 2075687 | https://bugzilla.redhat.com/show_bug.cgi?id=2075687 | |
Bugzilla | 2109431 | https://bugzilla.redhat.com/show_bug.cgi?id=2109431 | |
Bugzilla | 2110981 | https://bugzilla.redhat.com/show_bug.cgi?id=2110981 | |
Self | RLSA-2022:6450 | https://errata.rockylinux.org/RLSA-2022:6450 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/rockylinux/rubygems?arch=noarch&distro=rockylinux-8.6 | rockylinux | rubygems | < 3.2.33-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/rubygems-devel?arch=noarch&distro=rockylinux-8.6 | rockylinux | rubygems-devel | < 3.2.33-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-typeprof?arch=noarch&distro=rockylinux-8.6 | rockylinux | rubygem-typeprof | < 0.15.2-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-test-unit?arch=noarch&distro=rockylinux-8.6 | rockylinux | rubygem-test-unit | < 3.3.7-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-rss?arch=noarch&distro=rockylinux-8.6 | rockylinux | rubygem-rss | < 0.2.9-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-rexml?arch=noarch&distro=rockylinux-8.6 | rockylinux | rubygem-rexml | < 3.2.5-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-rdoc?arch=noarch&distro=rockylinux-8.6 | rockylinux | rubygem-rdoc | < 6.3.3-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-rbs?arch=noarch&distro=rockylinux-8.6 | rockylinux | rubygem-rbs | < 1.4.0-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-rake?arch=noarch&distro=rockylinux-8.6 | rockylinux | rubygem-rake | < 13.0.3-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-psych?arch=x86_64&distro=rockylinux-8.6 | rockylinux | rubygem-psych | < 3.3.2-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-psych?arch=aarch64&distro=rockylinux-8.6 | rockylinux | rubygem-psych | < 3.3.2-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-power_assert?arch=noarch&distro=rockylinux-8.6 | rockylinux | rubygem-power_assert | < 1.2.0-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-pg?arch=x86_64&distro=rockylinux-8.5 | rockylinux | rubygem-pg | < 1.2.3-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-pg?arch=aarch64&distro=rockylinux-8.5 | rockylinux | rubygem-pg | < 1.2.3-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-pg-doc?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-pg-doc | < 1.2.3-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-mysql2?arch=x86_64&distro=rockylinux-8.5 | rockylinux | rubygem-mysql2 | < 0.5.3-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-mysql2?arch=aarch64&distro=rockylinux-8.5 | rockylinux | rubygem-mysql2 | < 0.5.3-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-mysql2-doc?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-mysql2-doc | < 0.5.3-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-minitest?arch=noarch&distro=rockylinux-8.6 | rockylinux | rubygem-minitest | < 5.14.2-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-json?arch=x86_64&distro=rockylinux-8.6 | rockylinux | rubygem-json | < 2.5.1-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-json?arch=aarch64&distro=rockylinux-8.6 | rockylinux | rubygem-json | < 2.5.1-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-irb?arch=noarch&distro=rockylinux-8.6 | rockylinux | rubygem-irb | < 1.3.5-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-io-console?arch=x86_64&distro=rockylinux-8.6 | rockylinux | rubygem-io-console | < 0.5.7-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-io-console?arch=aarch64&distro=rockylinux-8.6 | rockylinux | rubygem-io-console | < 0.5.7-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-bundler?arch=noarch&distro=rockylinux-8.6 | rockylinux | rubygem-bundler | < 2.2.33-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-bigdecimal?arch=x86_64&distro=rockylinux-8.6 | rockylinux | rubygem-bigdecimal | < 3.0.0-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | x86_64 | |
Affected | pkg:rpm/rockylinux/rubygem-bigdecimal?arch=aarch64&distro=rockylinux-8.6 | rockylinux | rubygem-bigdecimal | < 3.0.0-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | aarch64 | |
Affected | pkg:rpm/rockylinux/rubygem-abrt?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-abrt | < 0.4.0-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/rubygem-abrt-doc?arch=noarch&distro=rockylinux-8.5 | rockylinux | rubygem-abrt-doc | < 0.4.0-1.module+el8.5.0+668+665814fa | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/ruby?arch=x86_64&distro=rockylinux-8.6 | rockylinux | ruby | < 3.0.4-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | x86_64 | |
Affected | pkg:rpm/rockylinux/ruby?arch=aarch64&distro=rockylinux-8.6 | rockylinux | ruby | < 3.0.4-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | aarch64 | |
Affected | pkg:rpm/rockylinux/ruby-libs?arch=x86_64&distro=rockylinux-8.6 | rockylinux | ruby-libs | < 3.0.4-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | x86_64 | |
Affected | pkg:rpm/rockylinux/ruby-libs?arch=aarch64&distro=rockylinux-8.6 | rockylinux | ruby-libs | < 3.0.4-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | aarch64 | |
Affected | pkg:rpm/rockylinux/ruby-doc?arch=noarch&distro=rockylinux-8.6 | rockylinux | ruby-doc | < 3.0.4-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch | |
Affected | pkg:rpm/rockylinux/ruby-devel?arch=x86_64&distro=rockylinux-8.6 | rockylinux | ruby-devel | < 3.0.4-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | x86_64 | |
Affected | pkg:rpm/rockylinux/ruby-devel?arch=aarch64&distro=rockylinux-8.6 | rockylinux | ruby-devel | < 3.0.4-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | aarch64 | |
Affected | pkg:rpm/rockylinux/ruby-default-gems?arch=noarch&distro=rockylinux-8.6 | rockylinux | ruby-default-gems | < 3.0.4-141.module+el8.6.0+1002+a7dba0ac | rockylinux-8.6 | noarch |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |