RHSA-2018:0585-01 -- Redhat rh-ruby23-rubyID: oval:org.secpod.oval:def:505102 | Date: (C)2021-01-29 (M)2024-01-29 |
Class: PATCH | Family: unix |
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby23-ruby , rh-ruby23-rubygems , rh-ruby23-rubygem-json , rh-ruby23-rubygem-minitest , rh-ruby23-rubygem-psych . Security Fix: * ruby: Command injection vulnerability in Net::FTP * ruby: Buffer underrun vulnerability in Kernel.sprintf * rubygems: Arbitrary file overwrite due to incorrect validation of specification name * rubygems: DNS hijacking vulnerability * rubygems: Unsafe object deserialization through YAML formatted gem specifications * ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick * ruby: Buffer underrun in OpenSSL ASN1 decode * rubygems: Escape sequence in the summary field of gemspec * rubygems: No size limit in summary length of gem spec * ruby: Arbitrary heap exposure during a JSON.generate call * ruby: Command injection in lib/resolv.rb:lazy_initialize allows arbitrary code execution For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 7 |
Red Hat Enterprise Linux 6 |