Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2019:1972

Опубликовано: 30 июл. 2019
Источник: rocky
Оценка: Important

Описание

Important: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

  • rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
rubygem-abrtnoarch4.module+el8.5.0+738+032c9c02rubygem-abrt-0.3.0-4.module+el8.5.0+738+032c9c02.noarch.rpm
rubygem-abrt-docnoarch4.module+el8.5.0+738+032c9c02rubygem-abrt-doc-0.3.0-4.module+el8.5.0+738+032c9c02.noarch.rpm
rubygem-bsonx86_642.module+el8.4.0+592+03ff458arubygem-bson-4.3.0-2.module+el8.4.0+592+03ff458a.x86_64.rpm
rubygem-bson-docnoarch2.module+el8.4.0+592+03ff458arubygem-bson-doc-4.3.0-2.module+el8.4.0+592+03ff458a.noarch.rpm
rubygem-mongonoarch2.module+el8.4.0+592+03ff458arubygem-mongo-2.5.1-2.module+el8.4.0+592+03ff458a.noarch.rpm
rubygem-mongo-docnoarch2.module+el8.4.0+592+03ff458arubygem-mongo-doc-2.5.1-2.module+el8.4.0+592+03ff458a.noarch.rpm
rubygem-mysql2x86_644.module+el8.5.0+739+43897a5erubygem-mysql2-0.4.10-4.module+el8.5.0+739+43897a5e.x86_64.rpm
rubygem-mysql2-docnoarch4.module+el8.5.0+739+43897a5erubygem-mysql2-doc-0.4.10-4.module+el8.5.0+739+43897a5e.noarch.rpm
rubygem-pgx86_642.module+el8.4.0+592+03ff458arubygem-pg-1.0.0-2.module+el8.4.0+592+03ff458a.x86_64.rpm
rubygem-pg-docnoarch2.module+el8.4.0+592+03ff458arubygem-pg-doc-1.0.0-2.module+el8.4.0+592+03ff458a.noarch.rpm

Показывать по

Связанные CVE

CVE-2019-8324

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2019-8324

CVSS3: 8.8
ubuntu
около 6 лет назад

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.

redhat логотип

CVE-2019-8324

CVSS3: 7.2
redhat
больше 6 лет назад

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.

nvd логотип

CVE-2019-8324

CVSS3: 8.8
nvd
около 6 лет назад

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.

debian логотип

CVE-2019-8324

CVSS3: 8.8
debian
около 6 лет назад

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A cra ...

github логотип

GHSA-76wm-422q-92mq

CVSS3: 8.8
github
почти 6 лет назад

Code injection in RubyGems