What is the severity of RHSA-2018:0584?

The severity of RHSA-2018:0584 is classified as important due to the potential impact on affected systems.

How do I fix RHSA-2018:0584?

To fix RHSA-2018:0584, upgrade the affected Ruby packages to version 2.4.3-90.el7 or later.

Which software versions are affected by RHSA-2018:0584?

RHSA-2018:0584 affects various packages within the rh-ruby24-ruby suite on both el6 and el7 systems.

Is RHSA-2018:0584 specific to a certain architecture?

Yes, RHSA-2018:0584 affects both x86_64 and noarch architectures depending on the specific package.

What should I do if I cannot upgrade my system for RHSA-2018:0584?

If upgrading is not possible for RHSA-2018:0584, consider implementing additional security measures to mitigate the risk.

Vulnerability/
RHSA-2018:0584

CWE

26/3/2018

RHSA-2018:0584: Important: rh-ruby24-ruby security, bug fix, and enhancement update

First published: Mon Mar 26 2018(Updated: )

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.<br>The following packages have been upgraded to a later upstream version: rh-ruby24-ruby (2.4.3). (BZ#1549651)<br>Security Fix(es):<br><li> ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405)</li> <li> ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution (CVE-2017-17790)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/rh-ruby24-ruby	<2.4.3-90.el7	2.4.3-90.el7
redhat/rh-ruby24-ruby	<2.4.3-90.el7	2.4.3-90.el7
redhat/rh-ruby24-ruby-debuginfo	<2.4.3-90.el7	2.4.3-90.el7
redhat/rh-ruby24-ruby-devel	<2.4.3-90.el7	2.4.3-90.el7
redhat/rh-ruby24-ruby-doc	<2.4.3-90.el7	2.4.3-90.el7
redhat/rh-ruby24-ruby-irb	<2.4.3-90.el7	2.4.3-90.el7
redhat/rh-ruby24-ruby-libs	<2.4.3-90.el7	2.4.3-90.el7
redhat/rh-ruby24-rubygem-bigdecimal	<1.3.0-90.el7	1.3.0-90.el7
redhat/rh-ruby24-rubygem-io-console	<0.4.6-90.el7	0.4.6-90.el7
redhat/rh-ruby24-rubygem-json	<2.0.4-90.el7	2.0.4-90.el7
redhat/rh-ruby24-rubygem-minitest	<5.10.1-90.el7	5.10.1-90.el7
redhat/rh-ruby24-rubygem-net-telnet	<0.1.1-90.el7	0.1.1-90.el7
redhat/rh-ruby24-rubygem-openssl	<2.0.5-90.el7	2.0.5-90.el7
redhat/rh-ruby24-rubygem-psych	<2.2.2-90.el7	2.2.2-90.el7
redhat/rh-ruby24-rubygem-rake	<12.0.0-90.el7	12.0.0-90.el7
redhat/rh-ruby24-rubygem-rdoc	<5.0.0-90.el7	5.0.0-90.el7
redhat/rh-ruby24-rubygem-test-unit	<3.2.3-90.el7	3.2.3-90.el7
redhat/rh-ruby24-rubygem-xmlrpc	<0.2.1-90.el7	0.2.1-90.el7
redhat/rh-ruby24-rubygems	<2.6.14-90.el7	2.6.14-90.el7
redhat/rh-ruby24-rubygems-devel	<2.6.14-90.el7	2.6.14-90.el7
redhat/rh-ruby24-ruby	<2.4.3-90.el6	2.4.3-90.el6
redhat/rh-ruby24-ruby	<2.4.3-90.el6	2.4.3-90.el6
redhat/rh-ruby24-ruby-debuginfo	<2.4.3-90.el6	2.4.3-90.el6
redhat/rh-ruby24-ruby-devel	<2.4.3-90.el6	2.4.3-90.el6
redhat/rh-ruby24-ruby-doc	<2.4.3-90.el6	2.4.3-90.el6
redhat/rh-ruby24-ruby-irb	<2.4.3-90.el6	2.4.3-90.el6
redhat/rh-ruby24-ruby-libs	<2.4.3-90.el6	2.4.3-90.el6
redhat/rh-ruby24-rubygem-bigdecimal	<1.3.0-90.el6	1.3.0-90.el6
redhat/rh-ruby24-rubygem-io-console	<0.4.6-90.el6	0.4.6-90.el6
redhat/rh-ruby24-rubygem-json	<2.0.4-90.el6	2.0.4-90.el6
redhat/rh-ruby24-rubygem-minitest	<5.10.1-90.el6	5.10.1-90.el6
redhat/rh-ruby24-rubygem-net-telnet	<0.1.1-90.el6	0.1.1-90.el6
redhat/rh-ruby24-rubygem-openssl	<2.0.5-90.el6	2.0.5-90.el6
redhat/rh-ruby24-rubygem-psych	<2.2.2-90.el6	2.2.2-90.el6
redhat/rh-ruby24-rubygem-rake	<12.0.0-90.el6	12.0.0-90.el6
redhat/rh-ruby24-rubygem-rdoc	<5.0.0-90.el6	5.0.0-90.el6
redhat/rh-ruby24-rubygem-test-unit	<3.2.3-90.el6	3.2.3-90.el6
redhat/rh-ruby24-rubygem-xmlrpc	<0.2.1-90.el6	0.2.1-90.el6
redhat/rh-ruby24-rubygems	<2.6.14-90.el6	2.6.14-90.el6
redhat/rh-ruby24-rubygems-devel	<2.6.14-90.el6	2.6.14-90.el6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2018:0584?
The severity of RHSA-2018:0584 is classified as important due to the potential impact on affected systems.
How do I fix RHSA-2018:0584?
To fix RHSA-2018:0584, upgrade the affected Ruby packages to version 2.4.3-90.el7 or later.
Which software versions are affected by RHSA-2018:0584?
RHSA-2018:0584 affects various packages within the rh-ruby24-ruby suite on both el6 and el7 systems.
Is RHSA-2018:0584 specific to a certain architecture?
Yes, RHSA-2018:0584 affects both x86_64 and noarch architectures depending on the specific package.
What should I do if I cannot upgrade my system for RHSA-2018:0584?
If upgrading is not possible for RHSA-2018:0584, consider implementing additional security measures to mitigate the risk.

agent/severity
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2018:0584
agent/software-canonical-lookup
agent/remedy
agent/title
agent/references
agent/weakness
agent/description
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat