[ALSA-2021:2588] Moderate: ruby:2.6 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2023-09-15
Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.6.7). (BZ#1952627) Security Fix(es): * rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code (CVE-2019-3881) * ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845) * ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201) * ruby: Code injection via command argument of Shell#test / Shell#[] (CVE-2019-16255) * rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663) * ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933) * ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613) * ruby: XML round-trip vulnerability in REXML (CVE-2021-28965) * ruby: HTTP response splitting in WEBrick (CVE-2019-16254) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Resolv::DNS: ruby:2.6/ruby: timeouts if multiple IPv6 name servers are given and address contains leading zero [almalinux-8] (BZ#1954968)
Updated packages listed below:
Architecture Package Checksum
aarch64 rubygem-bson-4.5.0-1.module_el8.5.0+2623+08a8ba32.aarch64.rpm 46038216ee2a70f86721d1326e641ac61973b0ca0c3735cae8302f1ee8754659
aarch64 rubygem-pg-1.1.4-1.module_el8.5.0+2623+08a8ba32.aarch64.rpm bb25c46f97e39acd6603d7b6ec0ef7cca8b67c4c39652254cb1eab584300497e
aarch64 rubygem-mysql2-0.5.2-1.module_el8.5.0+2623+08a8ba32.aarch64.rpm ed66f8a584bad694bfb6620ee9f8e3c47dc20d25973566970f90434b7310b199
noarch rubygem-abrt-doc-0.3.0-4.module_el8.5.0+259+8cec6917.noarch.rpm 085e4c052f70e2dd1f91aa3776bdd0e33ded15a62b2a29308b537683a52e1d4e
noarch rubygem-abrt-doc-0.3.0-4.module_el8.5.0+2623+08a8ba32.noarch.rpm 170bbe9133041c6959d3996e7531a30d32100cb72360a22689121f13394eb5e3
noarch rubygem-mongo-2.8.0-1.module_el8.5.0+250+ba22dbf7.noarch.rpm 433dd9fda76a345b4eb486de474ffca16e0037f799004008bad4fa1b7dfc332c
noarch rubygem-mysql2-doc-0.5.2-1.module_el8.5.0+250+ba22dbf7.noarch.rpm 78657f218d48e43b2a5f2d6499aa1d50279e8ff5b36baa240bfc4c24f3c2f797
noarch rubygem-bson-doc-4.5.0-1.module_el8.5.0+250+ba22dbf7.noarch.rpm 81d2584ca8ad210b9c4e56437140a1bace0c36bef86fe2651b619fbde469ebd8
noarch rubygem-mongo-2.8.0-1.module_el8.5.0+2623+08a8ba32.noarch.rpm 9d49b3317759fd5df4e32b1b80406ed2514ba74c05d43095d3959732219c3b4a
noarch rubygem-mongo-doc-2.8.0-1.module_el8.5.0+250+ba22dbf7.noarch.rpm a2e36c09895830c67445dcc3c7688b2dd856e598e1975948f8a93a940f1bd729
noarch rubygem-abrt-0.3.0-4.module_el8.5.0+259+8cec6917.noarch.rpm a8892a14c019a57d227b1f8d1784c123a59c9cea936069869f1a9e714640a68d
noarch rubygem-pg-doc-1.1.4-1.module_el8.5.0+2623+08a8ba32.noarch.rpm bda3a25e4281b2ce99d2ecc0e8ad3db88ad3e6a52d6e63747cf24fc6704873d9
noarch rubygem-mysql2-doc-0.5.2-1.module_el8.5.0+2623+08a8ba32.noarch.rpm ccceba910635f667b0f6eb1de6693ae636aa3c2e1c8f70f0ba2302d3a04042a7
noarch rubygem-pg-doc-1.1.4-1.module_el8.5.0+250+ba22dbf7.noarch.rpm d0b07adad2015780bc46a5015b3a26d4cd94f98c023fa932a80aca34c663da56
noarch rubygem-abrt-0.3.0-4.module_el8.5.0+2623+08a8ba32.noarch.rpm e2f75dad83962fbcf5fed5d19cec8da6e0526039475f81f395e239aad0aea460
noarch rubygem-bson-doc-4.5.0-1.module_el8.5.0+2623+08a8ba32.noarch.rpm fc2d9da1582f72acf5422d14d9650399c79a1f78407ff343046e683bbfb6ff82
noarch rubygem-mongo-doc-2.8.0-1.module_el8.5.0+2623+08a8ba32.noarch.rpm fd4ce6a2358fea0d79d483e22d32541ce1c8c3cd0f8d7118ea07b44d21680cbf
ppc64le rubygem-mysql2-0.5.2-1.module_el8.5.0+250+ba22dbf7.ppc64le.rpm 55d3adecab07d905c426b31beb3c655e73d532edffb5346d7f0f5625d27a34f1
ppc64le rubygem-pg-1.1.4-1.module_el8.5.0+250+ba22dbf7.ppc64le.rpm 6841f462b2f531d5ba69e4dcef020bb0f677ee8ec5ef27b0d1f723af9dcf3375
ppc64le rubygem-bson-4.5.0-1.module_el8.5.0+250+ba22dbf7.ppc64le.rpm ad193c7ff1e4ad625e8f351bfcf6f7310b71893ee7ae449a7a6a4546c388cdff
x86_64 rubygem-bson-4.5.0-1.module_el8.5.0+2623+08a8ba32.x86_64.rpm 03d843fb30170ab3dd177f6cbe3f53db3fd30c50b0db7cb69a5696727c509543
x86_64 rubygem-pg-1.1.4-1.module_el8.5.0+2623+08a8ba32.x86_64.rpm 6dc2da0917275a91c99240b6ffb7fbfa93071e4a68e9ded476ed4a3ae4ca1274
x86_64 rubygem-mysql2-0.5.2-1.module_el8.5.0+2623+08a8ba32.x86_64.rpm 706abca8ccfb91d12ed7b8cb17e86f66ca5a0f8ac0e06c28ea8448ad80c8f442
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.