ALSA-2021:2588

[ALSA-2021:2588] Moderate: ruby:2.6 security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2023-09-15

Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby (2.6.7). (BZ#1952627)

Security Fix(es):

* rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code (CVE-2019-3881)

* ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)

* ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201)

* ruby: Code injection via command argument of Shell#test / Shell#[] (CVE-2019-16255)

* rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)

* ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)

* ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)

* ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)

* ruby: HTTP response splitting in WEBrick (CVE-2019-16254)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Resolv::DNS: ruby:2.6/ruby: timeouts if multiple IPv6 name servers are given and address contains leading zero [almalinux-8] (BZ#1954968)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	rubygem-bson-4.5.0-1.module_el8.5.0+2623+08a8ba32.aarch64.rpm	46038216ee2a70f86721d1326e641ac61973b0ca0c3735cae8302f1ee8754659
aarch64	rubygem-pg-1.1.4-1.module_el8.5.0+2623+08a8ba32.aarch64.rpm	bb25c46f97e39acd6603d7b6ec0ef7cca8b67c4c39652254cb1eab584300497e
aarch64	rubygem-mysql2-0.5.2-1.module_el8.5.0+2623+08a8ba32.aarch64.rpm	ed66f8a584bad694bfb6620ee9f8e3c47dc20d25973566970f90434b7310b199
noarch	rubygem-abrt-doc-0.3.0-4.module_el8.5.0+259+8cec6917.noarch.rpm	085e4c052f70e2dd1f91aa3776bdd0e33ded15a62b2a29308b537683a52e1d4e
noarch	rubygem-abrt-doc-0.3.0-4.module_el8.5.0+2623+08a8ba32.noarch.rpm	170bbe9133041c6959d3996e7531a30d32100cb72360a22689121f13394eb5e3
noarch	rubygem-mongo-2.8.0-1.module_el8.5.0+250+ba22dbf7.noarch.rpm	433dd9fda76a345b4eb486de474ffca16e0037f799004008bad4fa1b7dfc332c
noarch	rubygem-mysql2-doc-0.5.2-1.module_el8.5.0+250+ba22dbf7.noarch.rpm	78657f218d48e43b2a5f2d6499aa1d50279e8ff5b36baa240bfc4c24f3c2f797
noarch	rubygem-bson-doc-4.5.0-1.module_el8.5.0+250+ba22dbf7.noarch.rpm	81d2584ca8ad210b9c4e56437140a1bace0c36bef86fe2651b619fbde469ebd8
noarch	rubygem-mongo-2.8.0-1.module_el8.5.0+2623+08a8ba32.noarch.rpm	9d49b3317759fd5df4e32b1b80406ed2514ba74c05d43095d3959732219c3b4a
noarch	rubygem-mongo-doc-2.8.0-1.module_el8.5.0+250+ba22dbf7.noarch.rpm	a2e36c09895830c67445dcc3c7688b2dd856e598e1975948f8a93a940f1bd729
noarch	rubygem-abrt-0.3.0-4.module_el8.5.0+259+8cec6917.noarch.rpm	a8892a14c019a57d227b1f8d1784c123a59c9cea936069869f1a9e714640a68d
noarch	rubygem-pg-doc-1.1.4-1.module_el8.5.0+2623+08a8ba32.noarch.rpm	bda3a25e4281b2ce99d2ecc0e8ad3db88ad3e6a52d6e63747cf24fc6704873d9
noarch	rubygem-mysql2-doc-0.5.2-1.module_el8.5.0+2623+08a8ba32.noarch.rpm	ccceba910635f667b0f6eb1de6693ae636aa3c2e1c8f70f0ba2302d3a04042a7
noarch	rubygem-pg-doc-1.1.4-1.module_el8.5.0+250+ba22dbf7.noarch.rpm	d0b07adad2015780bc46a5015b3a26d4cd94f98c023fa932a80aca34c663da56
noarch	rubygem-abrt-0.3.0-4.module_el8.5.0+2623+08a8ba32.noarch.rpm	e2f75dad83962fbcf5fed5d19cec8da6e0526039475f81f395e239aad0aea460
noarch	rubygem-bson-doc-4.5.0-1.module_el8.5.0+2623+08a8ba32.noarch.rpm	fc2d9da1582f72acf5422d14d9650399c79a1f78407ff343046e683bbfb6ff82
noarch	rubygem-mongo-doc-2.8.0-1.module_el8.5.0+2623+08a8ba32.noarch.rpm	fd4ce6a2358fea0d79d483e22d32541ce1c8c3cd0f8d7118ea07b44d21680cbf
ppc64le	rubygem-mysql2-0.5.2-1.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	55d3adecab07d905c426b31beb3c655e73d532edffb5346d7f0f5625d27a34f1
ppc64le	rubygem-pg-1.1.4-1.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	6841f462b2f531d5ba69e4dcef020bb0f677ee8ec5ef27b0d1f723af9dcf3375
ppc64le	rubygem-bson-4.5.0-1.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	ad193c7ff1e4ad625e8f351bfcf6f7310b71893ee7ae449a7a6a4546c388cdff
x86_64	rubygem-bson-4.5.0-1.module_el8.5.0+2623+08a8ba32.x86_64.rpm	03d843fb30170ab3dd177f6cbe3f53db3fd30c50b0db7cb69a5696727c509543
x86_64	rubygem-pg-1.1.4-1.module_el8.5.0+2623+08a8ba32.x86_64.rpm	6dc2da0917275a91c99240b6ffb7fbfa93071e4a68e9ded476ed4a3ae4ca1274
x86_64	rubygem-mysql2-0.5.2-1.module_el8.5.0+2623+08a8ba32.x86_64.rpm	706abca8ccfb91d12ed7b8cb17e86f66ca5a0f8ac0e06c28ea8448ad80c8f442

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.