Описание
Moderate: ruby:2.5 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: ruby (2.5.9). (BZ#1952626)
Security Fix(es):
-
ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)
-
ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201)
-
ruby: Code injection via command argument of Shell#test / Shell#[] (CVE-2019-16255)
-
rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)
-
ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)
-
ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
-
ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)
-
ruby: HTTP response splitting in WEBrick (CVE-2019-16254)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 8
Ссылки на источники
Исправления
- Red Hat - 1773728
- Red Hat - 1789407
- Red Hat - 1789556
- Red Hat - 1793683
- Red Hat - 1827500
- Red Hat - 1833291
- Red Hat - 1883623
- Red Hat - 1947526
- Red Hat - 1952626
- Red Hat - 1955010
