ALSA-2021:2587

[ALSA-2021:2587] Moderate: ruby:2.5 security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2022-02-17

Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby (2.5.9). (BZ#1952626)

Security Fix(es):

* ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)

* ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201)

* ruby: Code injection via command argument of Shell#test / Shell#[] (CVE-2019-16255)

* rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)

* ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)

* ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)

* ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)

* ruby: HTTP response splitting in WEBrick (CVE-2019-16254)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	rubygem-bson-4.3.0-2.module_el8.5.0+2625+ec418553.aarch64.rpm	5974fa8497b83d1a4df2acf3d75301aa07fad828a823aec6a400436f617dc58f
aarch64	rubygem-pg-1.0.0-2.module_el8.5.0+2625+ec418553.aarch64.rpm	b76cc13be890a6906181ad9982fe8b11be4f53e55c642d0251eb2b8f4d838c3f
aarch64	rubygem-mysql2-0.4.10-4.module_el8.5.0+2625+ec418553.aarch64.rpm	df9c22479a5fbb8f2897203f63a3e4427a4fe59460d7e9ed5fe686519e1e51c8
noarch	rubygem-abrt-doc-0.3.0-4.module_el8.5.0+259+8cec6917.noarch.rpm	085e4c052f70e2dd1f91aa3776bdd0e33ded15a62b2a29308b537683a52e1d4e
noarch	rubygem-abrt-doc-0.3.0-4.module_el8.5.0+2623+08a8ba32.noarch.rpm	170bbe9133041c6959d3996e7531a30d32100cb72360a22689121f13394eb5e3
noarch	rubygem-abrt-0.3.0-4.module_el8.5.0+2625+ec418553.noarch.rpm	251a37b9981b1ac6685904e0475b4cd0ae97be504b69cbc002896057cff48bbe
noarch	rubygem-pg-doc-1.0.0-2.module_el8.5.0+2625+ec418553.noarch.rpm	7684213ac8f6b30ffaa2808065dc188c4ebdca462b5156f43fd2df88076d4a94
noarch	rubygem-bson-doc-4.3.0-2.module_el8.5.0+2625+ec418553.noarch.rpm	820dee686065f0a35fb15e687d8595cfc665da43dc8ca2196c9e11fd568f8fb6
noarch	rubygem-abrt-doc-0.3.0-4.module_el8.5.0+2625+ec418553.noarch.rpm	8604fec34b7f851c63344f64e4510c4923f56bf9d3cdf0aba2aae1608f26c804
noarch	rubygem-mongo-2.5.1-2.module_el8.5.0+259+8cec6917.noarch.rpm	91e9a2cedb30ee0e4f76e4325796e9f0f253f983467a910e71538f9e695edfc8
noarch	rubygem-mysql2-doc-0.4.10-4.module_el8.5.0+2625+ec418553.noarch.rpm	a5c437b38dfc84a5e1abd920fbb284c8c83eee2636c46db7be65dabe7580a319
noarch	rubygem-abrt-0.3.0-4.module_el8.5.0+259+8cec6917.noarch.rpm	a8892a14c019a57d227b1f8d1784c123a59c9cea936069869f1a9e714640a68d
noarch	rubygem-mongo-doc-2.5.1-2.module_el8.5.0+2625+ec418553.noarch.rpm	c506b397bd566dcb4d539202156f734660a33a62d3a515a6a1cd6b116e8f1608
noarch	rubygem-mongo-doc-2.5.1-2.module_el8.5.0+259+8cec6917.noarch.rpm	c5e7dfbf124bcbc3dc2c45accb46703ccedbd23df73d4dc0c61bac065d0b4092
noarch	rubygem-pg-doc-1.0.0-2.module_el8.5.0+259+8cec6917.noarch.rpm	d012f883606994267f5a4643984d6c9898842d62a320b521e81b13b061101317
noarch	rubygem-abrt-0.3.0-4.module_el8.5.0+2623+08a8ba32.noarch.rpm	e2f75dad83962fbcf5fed5d19cec8da6e0526039475f81f395e239aad0aea460
noarch	rubygem-bson-doc-4.3.0-2.module_el8.5.0+259+8cec6917.noarch.rpm	edd0c81ca037801eee79ebb60b5c22ada9757fcb8a5434c24fbcf79adbd1567d
noarch	rubygem-mysql2-doc-0.4.10-4.module_el8.5.0+259+8cec6917.noarch.rpm	f698d987853af092cc267add91763a779924d76d96029204c15f3052ef2a0ff3
noarch	rubygem-mongo-2.5.1-2.module_el8.5.0+2625+ec418553.noarch.rpm	fd8a90dea5a7c07c95bf2e7ac7337dba4ebe6a1ce35899e2b8c46c6d51b0bbc3
ppc64le	rubygem-pg-1.0.0-2.module_el8.5.0+259+8cec6917.ppc64le.rpm	41472bd23112bee428fd9abc821f3ae7009c37984ee001e3c3307f97df2cc34e
ppc64le	rubygem-bson-4.3.0-2.module_el8.5.0+259+8cec6917.ppc64le.rpm	a5e4457e2736c2e55169c63d83c1c69429c57c426851036811976c1ccafb28af
ppc64le	rubygem-mysql2-0.4.10-4.module_el8.5.0+259+8cec6917.ppc64le.rpm	aa75a18f3d930eff9a18793d83ef37e5a4ee20d38020be57b8ce69c175f1eac8
x86_64	rubygem-pg-1.0.0-2.module_el8.5.0+2625+ec418553.x86_64.rpm	2476cd71faf291d949829de9fb61b9923886ba75aff75e3df9dd2e7117fe70c3
x86_64	rubygem-bson-4.3.0-2.module_el8.5.0+2625+ec418553.x86_64.rpm	701b12df65f3a6b04c5a716c2d13fa048539842fff558d5ca2a5517735c0ad17
x86_64	rubygem-mysql2-0.4.10-4.module_el8.5.0+2625+ec418553.x86_64.rpm	b2ebe847eeadbc351ac9bd080addfc65a5c7d8181cd5b6178b37febc62237648

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.