Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-1972

Опубликовано: 05 авг. 2019
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2019-1972: ruby:2.5 security update (IMPORTANT)

ruby [2.5.3-104]

  • Prohibit arbitrary code execution when installing a malicious gem. Resolves: CVE-2019-8324

rubygem-mongo [2.5.1-2]

  • Disable tests to fix FTBFS by dropped MongoDB module. Resolves: rhbz#1710863

rubygem-pg [1.0.0-2]

  • Assign a random testing port.

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module ruby:2.5 is enabled

ruby

2.5.3-104.module+el8.0.0+5238+4f9ac61b

ruby-devel

2.5.3-104.module+el8.0.0+5238+4f9ac61b

ruby-doc

2.5.3-104.module+el8.0.0+5238+4f9ac61b

ruby-irb

2.5.3-104.module+el8.0.0+5238+4f9ac61b

ruby-libs

2.5.3-104.module+el8.0.0+5238+4f9ac61b

rubygem-abrt

0.3.0-4.module+el8.0.0+5238+4f9ac61b

rubygem-abrt-doc

0.3.0-4.module+el8.0.0+5238+4f9ac61b

rubygem-bigdecimal

1.3.4-104.module+el8.0.0+5238+4f9ac61b

rubygem-bson

4.3.0-2.module+el8.0.0+5238+4f9ac61b

rubygem-bson-doc

4.3.0-2.module+el8.0.0+5238+4f9ac61b

rubygem-bundler

1.16.1-3.module+el8.0.0+5238+4f9ac61b

rubygem-bundler-doc

1.16.1-3.module+el8.0.0+5238+4f9ac61b

rubygem-did_you_mean

1.2.0-104.module+el8.0.0+5238+4f9ac61b

rubygem-io-console

0.4.6-104.module+el8.0.0+5238+4f9ac61b

rubygem-json

2.1.0-104.module+el8.0.0+5238+4f9ac61b

rubygem-minitest

5.10.3-104.module+el8.0.0+5238+4f9ac61b

rubygem-mongo

2.5.1-2.module+el8.0.0+5238+4f9ac61b

rubygem-mongo-doc

2.5.1-2.module+el8.0.0+5238+4f9ac61b

rubygem-mysql2

0.4.10-4.module+el8.0.0+5238+4f9ac61b

rubygem-mysql2-doc

0.4.10-4.module+el8.0.0+5238+4f9ac61b

rubygem-net-telnet

0.1.1-104.module+el8.0.0+5238+4f9ac61b

rubygem-openssl

2.1.2-104.module+el8.0.0+5238+4f9ac61b

rubygem-pg

1.0.0-2.module+el8.0.0+5238+4f9ac61b

rubygem-pg-doc

1.0.0-2.module+el8.0.0+5238+4f9ac61b

rubygem-power_assert

1.1.1-104.module+el8.0.0+5238+4f9ac61b

rubygem-psych

3.0.2-104.module+el8.0.0+5238+4f9ac61b

rubygem-rake

12.3.0-104.module+el8.0.0+5238+4f9ac61b

rubygem-rdoc

6.0.1-104.module+el8.0.0+5238+4f9ac61b

rubygem-test-unit

3.2.7-104.module+el8.0.0+5238+4f9ac61b

rubygem-xmlrpc

0.3.0-104.module+el8.0.0+5238+4f9ac61b

rubygems

2.7.6-104.module+el8.0.0+5238+4f9ac61b

rubygems-devel

2.7.6-104.module+el8.0.0+5238+4f9ac61b

Oracle Linux x86_64

Module ruby:2.5 is enabled

ruby

2.5.3-104.module+el8.0.0+5238+4f9ac61b

ruby-devel

2.5.3-104.module+el8.0.0+5238+4f9ac61b

ruby-doc

2.5.3-104.module+el8.0.0+5238+4f9ac61b

ruby-irb

2.5.3-104.module+el8.0.0+5238+4f9ac61b

ruby-libs

2.5.3-104.module+el8.0.0+5238+4f9ac61b

rubygem-abrt

0.3.0-4.module+el8.0.0+5238+4f9ac61b

rubygem-abrt-doc

0.3.0-4.module+el8.0.0+5238+4f9ac61b

rubygem-bigdecimal

1.3.4-104.module+el8.0.0+5238+4f9ac61b

rubygem-bson

4.3.0-2.module+el8.0.0+5238+4f9ac61b

rubygem-bson-doc

4.3.0-2.module+el8.0.0+5238+4f9ac61b

rubygem-bundler

1.16.1-3.module+el8.0.0+5238+4f9ac61b

rubygem-bundler-doc

1.16.1-3.module+el8.0.0+5238+4f9ac61b

rubygem-did_you_mean

1.2.0-104.module+el8.0.0+5238+4f9ac61b

rubygem-io-console

0.4.6-104.module+el8.0.0+5238+4f9ac61b

rubygem-json

2.1.0-104.module+el8.0.0+5238+4f9ac61b

rubygem-minitest

5.10.3-104.module+el8.0.0+5238+4f9ac61b

rubygem-mongo

2.5.1-2.module+el8.0.0+5238+4f9ac61b

rubygem-mongo-doc

2.5.1-2.module+el8.0.0+5238+4f9ac61b

rubygem-mysql2

0.4.10-4.module+el8.0.0+5238+4f9ac61b

rubygem-mysql2-doc

0.4.10-4.module+el8.0.0+5238+4f9ac61b

rubygem-net-telnet

0.1.1-104.module+el8.0.0+5238+4f9ac61b

rubygem-openssl

2.1.2-104.module+el8.0.0+5238+4f9ac61b

rubygem-pg

1.0.0-2.module+el8.0.0+5238+4f9ac61b

rubygem-pg-doc

1.0.0-2.module+el8.0.0+5238+4f9ac61b

rubygem-power_assert

1.1.1-104.module+el8.0.0+5238+4f9ac61b

rubygem-psych

3.0.2-104.module+el8.0.0+5238+4f9ac61b

rubygem-rake

12.3.0-104.module+el8.0.0+5238+4f9ac61b

rubygem-rdoc

6.0.1-104.module+el8.0.0+5238+4f9ac61b

rubygem-test-unit

3.2.7-104.module+el8.0.0+5238+4f9ac61b

rubygem-xmlrpc

0.3.0-104.module+el8.0.0+5238+4f9ac61b

rubygems

2.7.6-104.module+el8.0.0+5238+4f9ac61b

rubygems-devel

2.7.6-104.module+el8.0.0+5238+4f9ac61b

Связанные CVE

CVE-2019-8324

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2019-8324

CVSS3: 8.8
ubuntu
около 6 лет назад

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.

redhat логотип

CVE-2019-8324

CVSS3: 7.2
redhat
больше 6 лет назад

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.

nvd логотип

CVE-2019-8324

CVSS3: 8.8
nvd
около 6 лет назад

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.

debian логотип

CVE-2019-8324

CVSS3: 8.8
debian
около 6 лет назад

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A cra ...

rocky логотип

RLSA-2019:1972

rocky
почти 6 лет назад

Important: ruby:2.5 security update