Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:6447

Опубликовано: 13 сент. 2022
Источник: rocky
Оценка: Moderate

Описание

Moderate: ruby:2.7 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby (2.7.6). (BZ#2109424)

Security Fix(es):

  • ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)

  • ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)

  • Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
rubyx86_64138.module+el8.6.0+1001+b5678180ruby-2.7.6-138.module+el8.6.0+1001+b5678180.x86_64.rpm
ruby-default-gemsnoarch138.module+el8.6.0+1001+b5678180ruby-default-gems-2.7.6-138.module+el8.6.0+1001+b5678180.noarch.rpm
ruby-develx86_64138.module+el8.6.0+1001+b5678180ruby-devel-2.7.6-138.module+el8.6.0+1001+b5678180.x86_64.rpm
ruby-docnoarch138.module+el8.6.0+1001+b5678180ruby-doc-2.7.6-138.module+el8.6.0+1001+b5678180.noarch.rpm
rubygem-abrtnoarch1.module+el8.5.0+668+665814farubygem-abrt-0.4.0-1.module+el8.5.0+668+665814fa.noarch.rpm
rubygem-abrt-docnoarch1.module+el8.5.0+668+665814farubygem-abrt-doc-0.4.0-1.module+el8.5.0+668+665814fa.noarch.rpm
rubygem-bigdecimalx86_64138.module+el8.6.0+1001+b5678180rubygem-bigdecimal-2.0.0-138.module+el8.6.0+1001+b5678180.x86_64.rpm
rubygem-bsonx86_641.module+el8.4.0+594+11b6673arubygem-bson-4.8.1-1.module+el8.4.0+594+11b6673a.x86_64.rpm
rubygem-bson-docnoarch1.module+el8.4.0+594+11b6673arubygem-bson-doc-4.8.1-1.module+el8.4.0+594+11b6673a.noarch.rpm
rubygem-bundlernoarch138.module+el8.6.0+1001+b5678180rubygem-bundler-2.2.24-138.module+el8.6.0+1001+b5678180.noarch.rpm

Показывать по

Связанные CVE

CVE-2021-41817
CVE-2021-41819
CVE-2022-28739

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2022-6447

oracle-oval
почти 3 года назад

ELSA-2022-6447: ruby:2.7 security, bug fix, and enhancement update (MODERATE)

rocky логотип

RLSA-2022:6450

rocky
почти 3 года назад

Moderate: ruby:3.0 security, bug fix, and enhancement update

oracle-oval логотип

ELSA-2022-6450

oracle-oval
почти 3 года назад

ELSA-2022-6450: ruby:3.0 security, bug fix, and enhancement update (MODERATE)

rocky логотип

RLSA-2022:5779

rocky
почти 3 года назад

Moderate: ruby:2.5 security update

oracle-oval логотип

ELSA-2022-5779

oracle-oval
почти 3 года назад

ELSA-2022-5779: ruby:2.5 security update (MODERATE)