Описание
ELSA-2019-1235: ruby security update (IMPORTANT)
[2.0.0.648-35]
- Introduce method as precondition to fix
CVE-2019-8321.
- rubygems-2.3.0-refactor-checking-really_verbose.patch
- Fix escape sequence injection vulnerability in verbose.
- Fix escape sequence injection vulnerability in gem owner.
- Fix escape sequence injection vulnerability in API response handling.
- Prohibit arbitrary code execution when installing a malicious gem.
- Fix escape sequence injection vulnerability in errors.
- ruby-2.4.6-Applied-security-patches-for-RubyGems.patch Resolves: rhbz#1699283
[2.0.0.648-35]
- Refresh expired certificates.
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
ruby
2.0.0.648-35.el7_6
ruby-devel
2.0.0.648-35.el7_6
ruby-doc
2.0.0.648-35.el7_6
ruby-irb
2.0.0.648-35.el7_6
ruby-libs
2.0.0.648-35.el7_6
ruby-tcltk
2.0.0.648-35.el7_6
rubygem-bigdecimal
1.2.0-35.el7_6
rubygem-io-console
0.4.2-35.el7_6
rubygem-json
1.7.7-35.el7_6
rubygem-minitest
4.3.2-35.el7_6
rubygem-psych
2.0.0-35.el7_6
rubygem-rake
0.9.6-35.el7_6
rubygem-rdoc
4.0.0-35.el7_6
rubygems
2.0.14.1-35.el7_6
rubygems-devel
2.0.14.1-35.el7_6
Oracle Linux x86_64
ruby
2.0.0.648-35.el7_6
ruby-devel
2.0.0.648-35.el7_6
ruby-doc
2.0.0.648-35.el7_6
ruby-irb
2.0.0.648-35.el7_6
ruby-libs
2.0.0.648-35.el7_6
ruby-tcltk
2.0.0.648-35.el7_6
rubygem-bigdecimal
1.2.0-35.el7_6
rubygem-io-console
0.4.2-35.el7_6
rubygem-json
1.7.7-35.el7_6
rubygem-minitest
4.3.2-35.el7_6
rubygem-psych
2.0.0-35.el7_6
rubygem-rake
0.9.6-35.el7_6
rubygem-rdoc
4.0.0-35.el7_6
rubygems
2.0.14.1-35.el7_6
rubygems-devel
2.0.14.1-35.el7_6
Связанные CVE
Связанные уязвимости
Security update for ruby-bundled-gems-rpmhelper, ruby2.5
Security update for ruby-bundled-gems-rpmhelper, ruby2.5
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.