ALSA-2022:0543

[ALSA-2022:0543] Important: ruby:2.6 security update

Type:

security

Severity:

important

Release date:

2022-02-17

Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

* rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327)

* rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799)

* ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810)

* ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)

* ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)

* ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	rubygem-io-console-0.4.7-108.module_el8.5.0+2623+08a8ba32.aarch64.rpm	096b9ad696ea52b884556ffaf8a68fcfa82ee7795cad4f4c82d006480ff5bb26
aarch64	ruby-libs-2.6.9-108.module_el8.5.0+2623+08a8ba32.aarch64.rpm	0c1ab9c73ff5e8366a4df63823b3ed4a3b850132478e4e0f66b38099fb1458a3
aarch64	ruby-devel-2.6.9-108.module_el8.5.0+2623+08a8ba32.aarch64.rpm	15a99f5e86b23ce673a7395a9582e1e04dcf03f118037cb6cae31f15037d8051
aarch64	rubygem-openssl-2.1.2-108.module_el8.5.0+2623+08a8ba32.aarch64.rpm	2aed2643876a91197aedd1071162161230d1d556a903d841e34e6f6d43c043b1
aarch64	rubygem-json-2.1.0-108.module_el8.5.0+2623+08a8ba32.aarch64.rpm	40e8ef937c660c11a296f2245b3711110cade40dfd3b166ee1126b7171780dd8
aarch64	rubygem-bson-4.5.0-1.module_el8.5.0+2623+08a8ba32.aarch64.rpm	46038216ee2a70f86721d1326e641ac61973b0ca0c3735cae8302f1ee8754659
aarch64	rubygem-psych-3.1.0-108.module_el8.5.0+2623+08a8ba32.aarch64.rpm	98ccc073f663ee830a1edf3a70cfbb4eee36937e8385efcf41a805f889cac241
aarch64	rubygem-pg-1.1.4-1.module_el8.5.0+2623+08a8ba32.aarch64.rpm	bb25c46f97e39acd6603d7b6ec0ef7cca8b67c4c39652254cb1eab584300497e
aarch64	ruby-2.6.9-108.module_el8.5.0+2623+08a8ba32.aarch64.rpm	e12964e7a26e4bf2ff70d234fa231f11c91d86e6e50d4103d9641a73951655b2
aarch64	rubygem-mysql2-0.5.2-1.module_el8.5.0+2623+08a8ba32.aarch64.rpm	ed66f8a584bad694bfb6620ee9f8e3c47dc20d25973566970f90434b7310b199
aarch64	rubygem-bigdecimal-1.4.1-108.module_el8.5.0+2623+08a8ba32.aarch64.rpm	fa4812c103078b1194cf7dba1aaa2a49bf945c78b765e9d4cb5b533b032c3bb9
i686	rubygem-bigdecimal-1.4.1-108.module_el8.5.0+2623+08a8ba32.i686.rpm	093283edf6ff9ca96d11d49a0f1b601a65524c5ef3a849979bb0d310596457b3
i686	ruby-devel-2.6.9-108.module_el8.5.0+2623+08a8ba32.i686.rpm	0bbacf00adaf5b79271e1a541d753485f6b4cb2cc64fa07dca68422009068876
i686	rubygem-io-console-0.4.7-108.module_el8.5.0+2623+08a8ba32.i686.rpm	63c89b643ab7a43f8b3ba52984af3aead15b34cb9ca178019825b35c225991fb
i686	rubygem-json-2.1.0-108.module_el8.5.0+2623+08a8ba32.i686.rpm	8779dff736ead776263b00a59cca43d44f339303418aac6548f29253da794057
i686	ruby-2.6.9-108.module_el8.5.0+2623+08a8ba32.i686.rpm	a609a46cb8e7fdcb337ec091e8b571466ae86edc3afa06459616dac750128db7
i686	rubygem-openssl-2.1.2-108.module_el8.5.0+2623+08a8ba32.i686.rpm	d16b66e350eb6afec08630679f894835858ac8b0f97d457012edbad925bae675
i686	rubygem-psych-3.1.0-108.module_el8.5.0+2623+08a8ba32.i686.rpm	d3955c69d7863dd2b12d45fb847e14ed093c9bab24594d59262c4852c3cb42e7
i686	ruby-libs-2.6.9-108.module_el8.5.0+2623+08a8ba32.i686.rpm	f2c23cd845198d2fc55a82e9a44fc68556faead45aa39b1aa68fcf94882fb88e
noarch	rubygem-abrt-doc-0.3.0-4.module_el8.5.0+259+8cec6917.noarch.rpm	085e4c052f70e2dd1f91aa3776bdd0e33ded15a62b2a29308b537683a52e1d4e
noarch	rubygem-abrt-doc-0.3.0-4.module_el8.5.0+2623+08a8ba32.noarch.rpm	170bbe9133041c6959d3996e7531a30d32100cb72360a22689121f13394eb5e3
noarch	rubygem-did_you_mean-1.3.0-108.module_el8.5.0+2623+08a8ba32.noarch.rpm	21bc2fb742a15fe5ff9513ee8661e5268553c97b4e52468c5a1df20e0375af1a
noarch	rubygems-3.0.3.1-108.module_el8.5.0+250+ba22dbf7.noarch.rpm	314aa2f44e0db4f34255f205ffa6fdd094a49275c56537cea8f8a6d299c744c9
noarch	rubygem-test-unit-3.2.9-108.module_el8.5.0+2623+08a8ba32.noarch.rpm	374e96c4cb8c10def34489f895053d3105cd760f3a6f5a200556525c52cba9a5
noarch	rubygem-net-telnet-0.2.0-108.module_el8.5.0+2623+08a8ba32.noarch.rpm	410ba12384a0964cea8c53b4b01102ce7e9b101b351a6b46d690ab96feb9045f
noarch	rubygem-mongo-2.8.0-1.module_el8.5.0+250+ba22dbf7.noarch.rpm	433dd9fda76a345b4eb486de474ffca16e0037f799004008bad4fa1b7dfc332c
noarch	rubygem-rake-12.3.3-108.module_el8.5.0+2623+08a8ba32.noarch.rpm	47b1afe56140910953da10b7ac8d02893e923fa4df0a7ec0a03976e196927205
noarch	rubygem-irb-1.0.0-108.module_el8.5.0+2623+08a8ba32.noarch.rpm	51154d2768a339810bdecf22f0164f65538e68abd3f56d6c11d08ead439775bf
noarch	rubygem-bundler-1.17.2-108.module_el8.5.0+2623+08a8ba32.noarch.rpm	55c8c421953ae5258b8539552658bc2768a4ff3f6d3bed833e940588fb7e1b29
noarch	rubygems-devel-3.0.3.1-108.module_el8.5.0+2623+08a8ba32.noarch.rpm	5b133577febb354227ddd8481e670e5746f3fb8d1b87a064a2a3194938490e96
noarch	rubygem-net-telnet-0.2.0-108.module_el8.5.0+250+ba22dbf7.noarch.rpm	61a763f3f46105859872b3921d7eb74d12b87f2c77fc6b803246290e079cd165
noarch	rubygem-rdoc-6.1.2.1-108.module_el8.5.0+250+ba22dbf7.noarch.rpm	697f9c7b6f3e8caf536152ccbb2122a3a31c50d6c16834548cc6b38834ffc547
noarch	rubygem-bundler-1.17.2-108.module_el8.5.0+250+ba22dbf7.noarch.rpm	7803fd8fb201b67fa0769a256778a693ba7ab00bce049f21f2ee85c1d2b88973
noarch	rubygem-mysql2-doc-0.5.2-1.module_el8.5.0+250+ba22dbf7.noarch.rpm	78657f218d48e43b2a5f2d6499aa1d50279e8ff5b36baa240bfc4c24f3c2f797
noarch	ruby-doc-2.6.9-108.module_el8.5.0+250+ba22dbf7.noarch.rpm	794b847cb70e7bd7d741787d97e539582fc36e79af8030144bd5ec1963701086
noarch	rubygem-bson-doc-4.5.0-1.module_el8.5.0+250+ba22dbf7.noarch.rpm	81d2584ca8ad210b9c4e56437140a1bace0c36bef86fe2651b619fbde469ebd8
noarch	rubygem-xmlrpc-0.3.0-108.module_el8.5.0+250+ba22dbf7.noarch.rpm	824e1e5b375ee3904097d8deaabcba815da2346a7cf6afd1683329ca8f2396bf
noarch	rubygems-devel-3.0.3.1-108.module_el8.5.0+250+ba22dbf7.noarch.rpm	95078a4f2633f2e24d06557c6dbc8e5e7e6dbab858acd473113136e942c14abd
noarch	rubygem-irb-1.0.0-108.module_el8.5.0+250+ba22dbf7.noarch.rpm	990ef51bd9b4f2bc563e897ddd08026193d1fdfefd63b12048784c5377bd6733
noarch	rubygem-mongo-2.8.0-1.module_el8.5.0+2623+08a8ba32.noarch.rpm	9d49b3317759fd5df4e32b1b80406ed2514ba74c05d43095d3959732219c3b4a
noarch	rubygem-mongo-doc-2.8.0-1.module_el8.5.0+250+ba22dbf7.noarch.rpm	a2e36c09895830c67445dcc3c7688b2dd856e598e1975948f8a93a940f1bd729
noarch	rubygems-3.0.3.1-108.module_el8.5.0+2623+08a8ba32.noarch.rpm	a4d27e9aab24ab9750ab62f351a1f0935caa2f9165482121ddadfb1dcf3c35de
noarch	rubygem-abrt-0.3.0-4.module_el8.5.0+259+8cec6917.noarch.rpm	a8892a14c019a57d227b1f8d1784c123a59c9cea936069869f1a9e714640a68d
noarch	rubygem-test-unit-3.2.9-108.module_el8.5.0+250+ba22dbf7.noarch.rpm	b0f0bb102c303d5abdd32f422c513727c283ca433e3e6294286787443ee680b8
noarch	rubygem-pg-doc-1.1.4-1.module_el8.5.0+2623+08a8ba32.noarch.rpm	bda3a25e4281b2ce99d2ecc0e8ad3db88ad3e6a52d6e63747cf24fc6704873d9
noarch	rubygem-did_you_mean-1.3.0-108.module_el8.5.0+250+ba22dbf7.noarch.rpm	bfda729498f07d8da513f348dfa42604cdff13344390c9cdcb4b403dd53d8fd9
noarch	rubygem-power_assert-1.1.3-108.module_el8.5.0+250+ba22dbf7.noarch.rpm	c0f62ca5e6a3c07f2a379ba9e751cd68cc396cb062675ab390a534bfde0f663c
noarch	rubygem-xmlrpc-0.3.0-108.module_el8.5.0+2623+08a8ba32.noarch.rpm	caec7adcfa46d76519cafc6a5b6b0815a038af3a899c68c66f09600e1dcb78b4
noarch	rubygem-mysql2-doc-0.5.2-1.module_el8.5.0+2623+08a8ba32.noarch.rpm	ccceba910635f667b0f6eb1de6693ae636aa3c2e1c8f70f0ba2302d3a04042a7
noarch	rubygem-pg-doc-1.1.4-1.module_el8.5.0+250+ba22dbf7.noarch.rpm	d0b07adad2015780bc46a5015b3a26d4cd94f98c023fa932a80aca34c663da56
noarch	rubygem-rake-12.3.3-108.module_el8.5.0+250+ba22dbf7.noarch.rpm	df8ae74c219d5e67c3206ed81aa5fbc8393c607a7df3a566bd1138d8ab97d485
noarch	rubygem-abrt-0.3.0-4.module_el8.5.0+2623+08a8ba32.noarch.rpm	e2f75dad83962fbcf5fed5d19cec8da6e0526039475f81f395e239aad0aea460
noarch	rubygem-minitest-5.11.3-108.module_el8.5.0+250+ba22dbf7.noarch.rpm	e87920bf78ff942d1cee1f948625085b7464a6f690b89de894a20b926f0ac1b7
noarch	rubygem-rdoc-6.1.2.1-108.module_el8.5.0+2623+08a8ba32.noarch.rpm	f22a10929589fef4d017e33ffbb80ff372e38957293d5aa6e2a17056408a916e
noarch	rubygem-minitest-5.11.3-108.module_el8.5.0+2623+08a8ba32.noarch.rpm	f29d2046f66d9bfeadee6fcd373fe5049b3c22b6e614eab8855c0fcc745ea555
noarch	ruby-doc-2.6.9-108.module_el8.5.0+2623+08a8ba32.noarch.rpm	f2b47c33e2b524a498048699cf9257cb9e857b11f0dbffb76a66a714f132566e
noarch	rubygem-power_assert-1.1.3-108.module_el8.5.0+2623+08a8ba32.noarch.rpm	fb9631c3e89fbdfbb36fdd971a5a5b68b723f917bb83f84e24a88037a3593901
noarch	rubygem-bson-doc-4.5.0-1.module_el8.5.0+2623+08a8ba32.noarch.rpm	fc2d9da1582f72acf5422d14d9650399c79a1f78407ff343046e683bbfb6ff82
noarch	rubygem-mongo-doc-2.8.0-1.module_el8.5.0+2623+08a8ba32.noarch.rpm	fd4ce6a2358fea0d79d483e22d32541ce1c8c3cd0f8d7118ea07b44d21680cbf
ppc64le	rubygem-openssl-2.1.2-108.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	2937892ef967557cefc0940ecee2158a7a6eae0ea68fd8b4e52a0200934a318b
ppc64le	ruby-2.6.9-108.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	43ed53e2d21cadf7868acd452a27d3b352663c731c8d929d5c544b8960aae8ce
ppc64le	rubygem-mysql2-0.5.2-1.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	55d3adecab07d905c426b31beb3c655e73d532edffb5346d7f0f5625d27a34f1
ppc64le	rubygem-pg-1.1.4-1.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	6841f462b2f531d5ba69e4dcef020bb0f677ee8ec5ef27b0d1f723af9dcf3375
ppc64le	rubygem-json-2.1.0-108.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	802aa8507d4ce9df362636254dcf5547da17646f2d0d24f97384b4de171717f8
ppc64le	rubygem-psych-3.1.0-108.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	9a2709325ebfc3430875dfa06d04c4b98e2d4befa45b615a3c3cd86ae94cf912
ppc64le	ruby-devel-2.6.9-108.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	a7c127907c8c274b4c9d385b9fcab5ac7213b16efd3827adefa804553aaa34b4
ppc64le	rubygem-bson-4.5.0-1.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	ad193c7ff1e4ad625e8f351bfcf6f7310b71893ee7ae449a7a6a4546c388cdff
ppc64le	ruby-libs-2.6.9-108.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	c56b8df0e6b030c3a82ce3d1a83f73bbb720a38b1cc7f509845c11e529cdc368
ppc64le	rubygem-io-console-0.4.7-108.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	d608719a5bf6edf6014f9f6b683ee79979f1df258fc83ce754c1dbce5f5db47a
ppc64le	rubygem-bigdecimal-1.4.1-108.module_el8.5.0+250+ba22dbf7.ppc64le.rpm	f0958435ed80778446654ad5878d48351e65e1a393bb09d48dd84f484b733626
x86_64	rubygem-bson-4.5.0-1.module_el8.5.0+2623+08a8ba32.x86_64.rpm	03d843fb30170ab3dd177f6cbe3f53db3fd30c50b0db7cb69a5696727c509543
x86_64	ruby-devel-2.6.9-108.module_el8.5.0+2623+08a8ba32.x86_64.rpm	258d2ec50f382df3c4bf14f9f3fea179c5ababd62c232b1222331fc07bd79be6
x86_64	rubygem-psych-3.1.0-108.module_el8.5.0+2623+08a8ba32.x86_64.rpm	2c75958c82c6b9d6bbf83dd4ae9b8c62849800e39b7e4003fa3c99d165d3793c
x86_64	rubygem-bigdecimal-1.4.1-108.module_el8.5.0+2623+08a8ba32.x86_64.rpm	693d7f1a75eb535f6053392c16fb991ee3c8eb9e2083545012d92afb57b183e8
x86_64	rubygem-pg-1.1.4-1.module_el8.5.0+2623+08a8ba32.x86_64.rpm	6dc2da0917275a91c99240b6ffb7fbfa93071e4a68e9ded476ed4a3ae4ca1274
x86_64	rubygem-mysql2-0.5.2-1.module_el8.5.0+2623+08a8ba32.x86_64.rpm	706abca8ccfb91d12ed7b8cb17e86f66ca5a0f8ac0e06c28ea8448ad80c8f442
x86_64	rubygem-json-2.1.0-108.module_el8.5.0+2623+08a8ba32.x86_64.rpm	9c5084e88396a94b7b000a3bbcc7cbcbe6299ca2b9a8dcae80a68f524fb22488
x86_64	rubygem-io-console-0.4.7-108.module_el8.5.0+2623+08a8ba32.x86_64.rpm	b5fc706b62b30eef3aaac1d27d19cd3cb65f304a8c243b44aa8011d30475fb60
x86_64	rubygem-openssl-2.1.2-108.module_el8.5.0+2623+08a8ba32.x86_64.rpm	c118f3807c31e5afc3149b35a3e04ef535e083ed5b3d8f19d39fc0e696af55f4
x86_64	ruby-2.6.9-108.module_el8.5.0+2623+08a8ba32.x86_64.rpm	c2e7f36bb1376d7141259604c04ac655a3331436b9862bae488ec2bb62094f2b
x86_64	ruby-libs-2.6.9-108.module_el8.5.0+2623+08a8ba32.x86_64.rpm	edef358c13bf48d68391f920e6744664f3057d87170b42956f646d554703caf5

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.