- Vulnerability/
- RHSA-2019:1150
RHSA-2019:1150: Important: rh-ruby24-ruby security, bug fix, and enhancement update
First published: Mon May 13 2019(Updated: )
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.<br>The following packages have been upgraded to a later upstream version: rh-ruby24-ruby (2.4.6). (BZ#1700275)<br>Security Fix(es):<br><li> rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324)</li> <li> rubygems: Delete directory using symlink when decompressing tar (CVE-2019-8320)</li> <li> rubygems: Escape sequence injection vulnerability in verbose (CVE-2019-8321)</li> <li> rubygems: Escape sequence injection vulnerability in gem owner (CVE-2019-8322)</li> <li> rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323)</li> <li> rubygems: Escape sequence injection vulnerability in errors (CVE-2019-8325)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/rh-ruby24-ruby | <2.4.6-92.el7 | 2.4.6-92.el7 |
| redhat/rh-ruby24-ruby | <2.4.6-92.el7 | 2.4.6-92.el7 |
| redhat/rh-ruby24-ruby-debuginfo | <2.4.6-92.el7 | 2.4.6-92.el7 |
| redhat/rh-ruby24-ruby-devel | <2.4.6-92.el7 | 2.4.6-92.el7 |
| redhat/rh-ruby24-ruby-doc | <2.4.6-92.el7 | 2.4.6-92.el7 |
| redhat/rh-ruby24-ruby-irb | <2.4.6-92.el7 | 2.4.6-92.el7 |
| redhat/rh-ruby24-ruby-libs | <2.4.6-92.el7 | 2.4.6-92.el7 |
| redhat/rh-ruby24-rubygem-bigdecimal | <1.3.2-92.el7 | 1.3.2-92.el7 |
| redhat/rh-ruby24-rubygem-io-console | <0.4.6-92.el7 | 0.4.6-92.el7 |
| redhat/rh-ruby24-rubygem-json | <2.0.4-92.el7 | 2.0.4-92.el7 |
| redhat/rh-ruby24-rubygem-minitest | <5.10.1-92.el7 | 5.10.1-92.el7 |
| redhat/rh-ruby24-rubygem-net-telnet | <0.1.1-92.el7 | 0.1.1-92.el7 |
| redhat/rh-ruby24-rubygem-openssl | <2.0.9-92.el7 | 2.0.9-92.el7 |
| redhat/rh-ruby24-rubygem-psych | <2.2.2-92.el7 | 2.2.2-92.el7 |
| redhat/rh-ruby24-rubygem-rake | <12.0.0-92.el7 | 12.0.0-92.el7 |
| redhat/rh-ruby24-rubygem-rdoc | <5.0.0-92.el7 | 5.0.0-92.el7 |
| redhat/rh-ruby24-rubygem-test-unit | <3.2.3-92.el7 | 3.2.3-92.el7 |
| redhat/rh-ruby24-rubygem-xmlrpc | <0.2.1-92.el7 | 0.2.1-92.el7 |
| redhat/rh-ruby24-rubygems | <2.6.14.4-92.el7 | 2.6.14.4-92.el7 |
| redhat/rh-ruby24-rubygems-devel | <2.6.14.4-92.el7 | 2.6.14.4-92.el7 |
| redhat/rh-ruby24-ruby | <2.4.6-92.el6 | 2.4.6-92.el6 |
| redhat/rh-ruby24-ruby | <2.4.6-92.el6 | 2.4.6-92.el6 |
| redhat/rh-ruby24-ruby-debuginfo | <2.4.6-92.el6 | 2.4.6-92.el6 |
| redhat/rh-ruby24-ruby-devel | <2.4.6-92.el6 | 2.4.6-92.el6 |
| redhat/rh-ruby24-ruby-doc | <2.4.6-92.el6 | 2.4.6-92.el6 |
| redhat/rh-ruby24-ruby-irb | <2.4.6-92.el6 | 2.4.6-92.el6 |
| redhat/rh-ruby24-ruby-libs | <2.4.6-92.el6 | 2.4.6-92.el6 |
| redhat/rh-ruby24-rubygem-bigdecimal | <1.3.2-92.el6 | 1.3.2-92.el6 |
| redhat/rh-ruby24-rubygem-io-console | <0.4.6-92.el6 | 0.4.6-92.el6 |
| redhat/rh-ruby24-rubygem-json | <2.0.4-92.el6 | 2.0.4-92.el6 |
| redhat/rh-ruby24-rubygem-minitest | <5.10.1-92.el6 | 5.10.1-92.el6 |
| redhat/rh-ruby24-rubygem-net-telnet | <0.1.1-92.el6 | 0.1.1-92.el6 |
| redhat/rh-ruby24-rubygem-openssl | <2.0.9-92.el6 | 2.0.9-92.el6 |
| redhat/rh-ruby24-rubygem-psych | <2.2.2-92.el6 | 2.2.2-92.el6 |
| redhat/rh-ruby24-rubygem-rake | <12.0.0-92.el6 | 12.0.0-92.el6 |
| redhat/rh-ruby24-rubygem-rdoc | <5.0.0-92.el6 | 5.0.0-92.el6 |
| redhat/rh-ruby24-rubygem-test-unit | <3.2.3-92.el6 | 3.2.3-92.el6 |
| redhat/rh-ruby24-rubygem-xmlrpc | <0.2.1-92.el6 | 0.2.1-92.el6 |
| redhat/rh-ruby24-rubygems | <2.6.14.4-92.el6 | 2.6.14.4-92.el6 |
| redhat/rh-ruby24-rubygems-devel | <2.6.14.4-92.el6 | 2.6.14.4-92.el6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1692512
- https://bugzilla.redhat.com/show_bug.cgi?id=1692514
- https://bugzilla.redhat.com/show_bug.cgi?id=1692516
- https://bugzilla.redhat.com/show_bug.cgi?id=1692519
- https://bugzilla.redhat.com/show_bug.cgi?id=1692520
- https://bugzilla.redhat.com/show_bug.cgi?id=1692522
- https://bugzilla.redhat.com/show_bug.cgi?id=1700275
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2019:1150 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2019:1150?
The severity of RHSA-2019:1150 is classified as moderate.
How do I fix RHSA-2019:1150?
To fix RHSA-2019:1150, you need to upgrade the affected packages to version 2.4.6-92.el7.
Which software is affected by RHSA-2019:1150?
RHSA-2019:1150 affects the rh-ruby24-ruby and related packages such as rh-ruby24-rubygem-json, rh-ruby24-rubygem-openssl, among others.
Is there any specific action required for RHSA-2019:1150?
Yes, users should ensure that they apply the recommended updates to the affected Ruby packages.
What is the fixed version for RHSA-2019:1150?
The fixed version for RHSA-2019:1150 is 2.4.6-92.el7 for the relevant packages.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2019:1150
- agent/software-canonical-lookup
- package-manager/redhat