Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-2028

Опубликовано: 13 авг. 2019
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2019-2028: ruby security update (MODERATE)

[2.0.0.648-36]

  • Introduce 'Gem::UserInteraction#verbose' method as precondition to fix CVE-2019-8321.
    • rubygems-2.3.0-refactor-checking-really_verbose.patch
  • Fix escape sequence injection vulnerability in verbose.
  • Fix escape sequence injection vulnerability in gem owner. Resolves: CVE-2019-8322
  • Fix escape sequence injection vulnerability in API response handling. Resolves: CVE-2019-8323
  • Prohibit arbitrary code execution when installing a malicious gem. Resolves: CVE-2019-8324
  • Fix escape sequence injection vulnerability in errors. Resolves: CVE-2019-8325
    • ruby-2.4.6-Applied-security-patches-for-RubyGems.patch

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

ruby

2.0.0.648-36.el7

ruby-devel

2.0.0.648-36.el7

ruby-doc

2.0.0.648-36.el7

ruby-irb

2.0.0.648-36.el7

ruby-libs

2.0.0.648-36.el7

ruby-tcltk

2.0.0.648-36.el7

rubygem-bigdecimal

1.2.0-36.el7

rubygem-io-console

0.4.2-36.el7

rubygem-json

1.7.7-36.el7

rubygem-minitest

4.3.2-36.el7

rubygem-psych

2.0.0-36.el7

rubygem-rake

0.9.6-36.el7

rubygem-rdoc

4.0.0-36.el7

rubygems

2.0.14.1-36.el7

rubygems-devel

2.0.14.1-36.el7

Oracle Linux x86_64

ruby

2.0.0.648-36.el7

ruby-devel

2.0.0.648-36.el7

ruby-doc

2.0.0.648-36.el7

ruby-irb

2.0.0.648-36.el7

ruby-libs

2.0.0.648-36.el7

ruby-tcltk

2.0.0.648-36.el7

rubygem-bigdecimal

1.2.0-36.el7

rubygem-io-console

0.4.2-36.el7

rubygem-json

1.7.7-36.el7

rubygem-minitest

4.3.2-36.el7

rubygem-psych

2.0.0-36.el7

rubygem-rake

0.9.6-36.el7

rubygem-rdoc

4.0.0-36.el7

rubygems

2.0.14.1-36.el7

rubygems-devel

2.0.14.1-36.el7

Связанные CVE

CVE-2017-17742
CVE-2018-1000077
CVE-2018-6914
CVE-2018-1000073
CVE-2018-1000074
CVE-2018-1000076
CVE-2018-8778
CVE-2018-8780
CVE-2018-16396
CVE-2018-1000079
CVE-2018-8777
CVE-2018-1000078
CVE-2018-8779
CVE-2018-1000075

Ссылки на источники

Связанные уязвимости

suse-cvrf логотип

openSUSE-SU-2019:1771-1

suse-cvrf
больше 6 лет назад

Security update for ruby-bundled-gems-rpmhelper, ruby2.5

suse-cvrf логотип

SUSE-SU-2019:1804-1

suse-cvrf
больше 6 лет назад

Security update for ruby-bundled-gems-rpmhelper, ruby2.5

suse-cvrf логотип

SUSE-SU-2020:1570-1

suse-cvrf
больше 5 лет назад

Security update for ruby2.1

ubuntu логотип

CVE-2017-17742

CVSS3: 5.3
ubuntu
почти 8 лет назад

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.

redhat логотип

CVE-2017-17742

CVSS3: 4.7
redhat
почти 8 лет назад

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.