Описание
ELSA-2021-2588: ruby:2.6 security, bug fix, and enhancement update (MODERATE)
ruby [2.6.7-107]
- Upgrade to Ruby 2.6.7. Resolves: rhbz#1952627
- Resolv::DNS: timeouts if multiple IPv6 name servers are given an address containing leading zero Resolves: rhbz#1954968
- Fix: Rubygem-bundler: Don't use insecure tmp directory as home allows for execution of malicious code. Resolves: rhbz#1954969
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module ruby:2.6 is enabled
ruby
2.6.7-107.module+el8.4.0+20235+1e5b8be3
ruby-devel
2.6.7-107.module+el8.4.0+20235+1e5b8be3
ruby-doc
2.6.7-107.module+el8.4.0+20235+1e5b8be3
ruby-libs
2.6.7-107.module+el8.4.0+20235+1e5b8be3
rubygem-abrt
0.3.0-4.module+el8.1.0+5406+ce01f9b9
rubygem-abrt-doc
0.3.0-4.module+el8.1.0+5406+ce01f9b9
rubygem-bigdecimal
1.4.1-107.module+el8.4.0+20235+1e5b8be3
rubygem-bson
4.5.0-1.module+el8.4.0+20235+1e5b8be3
rubygem-bson-doc
4.5.0-1.module+el8.4.0+20235+1e5b8be3
rubygem-bundler
1.17.2-107.module+el8.4.0+20235+1e5b8be3
rubygem-did_you_mean
1.3.0-107.module+el8.4.0+20235+1e5b8be3
rubygem-io-console
0.4.7-107.module+el8.4.0+20235+1e5b8be3
rubygem-irb
1.0.0-107.module+el8.4.0+20235+1e5b8be3
rubygem-json
2.1.0-107.module+el8.4.0+20235+1e5b8be3
rubygem-minitest
5.11.3-107.module+el8.4.0+20235+1e5b8be3
rubygem-mongo
2.8.0-1.module+el8.1.0+5406+ce01f9b9
rubygem-mongo-doc
2.8.0-1.module+el8.1.0+5406+ce01f9b9
rubygem-mysql2
0.5.2-1.module+el8.4.0+20235+1e5b8be3
rubygem-mysql2-doc
0.5.2-1.module+el8.4.0+20235+1e5b8be3
rubygem-net-telnet
0.2.0-107.module+el8.4.0+20235+1e5b8be3
rubygem-openssl
2.1.2-107.module+el8.4.0+20235+1e5b8be3
rubygem-pg
1.1.4-1.module+el8.4.0+20235+1e5b8be3
rubygem-pg-doc
1.1.4-1.module+el8.4.0+20235+1e5b8be3
rubygem-power_assert
1.1.3-107.module+el8.4.0+20235+1e5b8be3
rubygem-psych
3.1.0-107.module+el8.4.0+20235+1e5b8be3
rubygem-rake
12.3.3-107.module+el8.4.0+20235+1e5b8be3
rubygem-rdoc
6.1.2-107.module+el8.4.0+20235+1e5b8be3
rubygem-test-unit
3.2.9-107.module+el8.4.0+20235+1e5b8be3
rubygem-xmlrpc
0.3.0-107.module+el8.4.0+20235+1e5b8be3
rubygems
3.0.3.1-107.module+el8.4.0+20235+1e5b8be3
rubygems-devel
3.0.3.1-107.module+el8.4.0+20235+1e5b8be3
Oracle Linux x86_64
Module ruby:2.6 is enabled
ruby
2.6.7-107.module+el8.4.0+20235+1e5b8be3
ruby-devel
2.6.7-107.module+el8.4.0+20235+1e5b8be3
ruby-doc
2.6.7-107.module+el8.4.0+20235+1e5b8be3
ruby-libs
2.6.7-107.module+el8.4.0+20235+1e5b8be3
rubygem-abrt
0.3.0-4.module+el8.1.0+5406+ce01f9b9
rubygem-abrt-doc
0.3.0-4.module+el8.1.0+5406+ce01f9b9
rubygem-bigdecimal
1.4.1-107.module+el8.4.0+20235+1e5b8be3
rubygem-bson
4.5.0-1.module+el8.4.0+20235+1e5b8be3
rubygem-bson-doc
4.5.0-1.module+el8.4.0+20235+1e5b8be3
rubygem-bundler
1.17.2-107.module+el8.4.0+20235+1e5b8be3
rubygem-did_you_mean
1.3.0-107.module+el8.4.0+20235+1e5b8be3
rubygem-io-console
0.4.7-107.module+el8.4.0+20235+1e5b8be3
rubygem-irb
1.0.0-107.module+el8.4.0+20235+1e5b8be3
rubygem-json
2.1.0-107.module+el8.4.0+20235+1e5b8be3
rubygem-minitest
5.11.3-107.module+el8.4.0+20235+1e5b8be3
rubygem-mongo
2.8.0-1.module+el8.1.0+5406+ce01f9b9
rubygem-mongo-doc
2.8.0-1.module+el8.1.0+5406+ce01f9b9
rubygem-mysql2
0.5.2-1.module+el8.4.0+20235+1e5b8be3
rubygem-mysql2-doc
0.5.2-1.module+el8.4.0+20235+1e5b8be3
rubygem-net-telnet
0.2.0-107.module+el8.4.0+20235+1e5b8be3
rubygem-openssl
2.1.2-107.module+el8.4.0+20235+1e5b8be3
rubygem-pg
1.1.4-1.module+el8.4.0+20235+1e5b8be3
rubygem-pg-doc
1.1.4-1.module+el8.4.0+20235+1e5b8be3
rubygem-power_assert
1.1.3-107.module+el8.4.0+20235+1e5b8be3
rubygem-psych
3.1.0-107.module+el8.4.0+20235+1e5b8be3
rubygem-rake
12.3.3-107.module+el8.4.0+20235+1e5b8be3
rubygem-rdoc
6.1.2-107.module+el8.4.0+20235+1e5b8be3
rubygem-test-unit
3.2.9-107.module+el8.4.0+20235+1e5b8be3
rubygem-xmlrpc
0.3.0-107.module+el8.4.0+20235+1e5b8be3
rubygems
3.0.3.1-107.module+el8.4.0+20235+1e5b8be3
rubygems-devel
3.0.3.1-107.module+el8.4.0+20235+1e5b8be3
Ссылки на источники
Связанные уязвимости
ELSA-2021-2587: ruby:2.5 security, bug fix, and enhancement update (MODERATE)
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.