First published: Mon May 13 2019(Updated: )
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.<br>The following packages have been upgraded to a later upstream version: rh-ruby25-ruby (2.5.5). (BZ#1700274)<br>Security Fix(es):<br><li> rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324)</li> <li> rubygems: Delete directory using symlink when decompressing tar (CVE-2019-8320)</li> <li> rubygems: Escape sequence injection vulnerability in verbose (CVE-2019-8321)</li> <li> rubygems: Escape sequence injection vulnerability in gem owner (CVE-2019-8322)</li> <li> rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323)</li> <li> rubygems: Escape sequence injection vulnerability in errors (CVE-2019-8325)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/rh-ruby25-ruby | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-ruby | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-ruby-debuginfo | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-ruby-devel | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-ruby-doc | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-ruby-irb | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-ruby-libs | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-rubygem-bigdecimal | <1.3.4-7.el7 | 1.3.4-7.el7 |
redhat/rh-ruby25-rubygem-io-console | <0.4.6-7.el7 | 0.4.6-7.el7 |
redhat/rh-ruby25-rubygem-json | <2.1.0-7.el7 | 2.1.0-7.el7 |
redhat/rh-ruby25-rubygem-minitest | <5.10.3-7.el7 | 5.10.3-7.el7 |
redhat/rh-ruby25-rubygem-net-telnet | <0.1.1-7.el7 | 0.1.1-7.el7 |
redhat/rh-ruby25-rubygem-openssl | <2.1.2-7.el7 | 2.1.2-7.el7 |
redhat/rh-ruby25-rubygem-psych | <3.0.2-7.el7 | 3.0.2-7.el7 |
redhat/rh-ruby25-rubygem-rake | <12.3.0-7.el7 | 12.3.0-7.el7 |
redhat/rh-ruby25-rubygem-rdoc | <6.0.1-7.el7 | 6.0.1-7.el7 |
redhat/rh-ruby25-rubygem-test-unit | <3.2.7-7.el7 | 3.2.7-7.el7 |
redhat/rh-ruby25-rubygem-xmlrpc | <0.3.0-7.el7 | 0.3.0-7.el7 |
redhat/rh-ruby25-rubygems | <2.7.6.2-7.el7 | 2.7.6.2-7.el7 |
redhat/rh-ruby25-rubygems-devel | <2.7.6.2-7.el7 | 2.7.6.2-7.el7 |
redhat/rh-ruby25-ruby-debuginfo | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-ruby-devel | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-ruby-libs | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-rubygem-bigdecimal | <1.3.4-7.el7 | 1.3.4-7.el7 |
redhat/rh-ruby25-rubygem-io-console | <0.4.6-7.el7 | 0.4.6-7.el7 |
redhat/rh-ruby25-rubygem-json | <2.1.0-7.el7 | 2.1.0-7.el7 |
redhat/rh-ruby25-rubygem-openssl | <2.1.2-7.el7 | 2.1.2-7.el7 |
redhat/rh-ruby25-rubygem-psych | <3.0.2-7.el7 | 3.0.2-7.el7 |
redhat/rh-ruby25-ruby | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-ruby-debuginfo | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-ruby-devel | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-ruby-libs | <2.5.5-7.el7 | 2.5.5-7.el7 |
redhat/rh-ruby25-rubygem-bigdecimal | <1.3.4-7.el7 | 1.3.4-7.el7 |
redhat/rh-ruby25-rubygem-io-console | <0.4.6-7.el7 | 0.4.6-7.el7 |
redhat/rh-ruby25-rubygem-json | <2.1.0-7.el7 | 2.1.0-7.el7 |
redhat/rh-ruby25-rubygem-openssl | <2.1.2-7.el7 | 2.1.2-7.el7 |
redhat/rh-ruby25-rubygem-psych | <3.0.2-7.el7 | 3.0.2-7.el7 |
redhat/rh-ruby25-ruby | <2.5.5-7.el7.aa | 2.5.5-7.el7.aa |
redhat/rh-ruby25-ruby-debuginfo | <2.5.5-7.el7.aa | 2.5.5-7.el7.aa |
redhat/rh-ruby25-ruby-devel | <2.5.5-7.el7.aa | 2.5.5-7.el7.aa |
redhat/rh-ruby25-ruby-libs | <2.5.5-7.el7.aa | 2.5.5-7.el7.aa |
redhat/rh-ruby25-rubygem-bigdecimal | <1.3.4-7.el7.aa | 1.3.4-7.el7.aa |
redhat/rh-ruby25-rubygem-io-console | <0.4.6-7.el7.aa | 0.4.6-7.el7.aa |
redhat/rh-ruby25-rubygem-json | <2.1.0-7.el7.aa | 2.1.0-7.el7.aa |
redhat/rh-ruby25-rubygem-openssl | <2.1.2-7.el7.aa | 2.1.2-7.el7.aa |
redhat/rh-ruby25-rubygem-psych | <3.0.2-7.el7.aa | 3.0.2-7.el7.aa |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.