ELSA-2019-2028 -- Oracle rubyID: oval:org.secpod.oval:def:1504304 | Date: (C)2021-01-10 (M)2024-01-29 |
Class: PATCH | Family: unix |
[2.0.0.648-36] - Introduce "Gem::UserInteraction#verbose" method as precondition to fix CVE-2019-8321. * rubygems-2.3.0-refactor-checking-really_verbose.patch - Fix escape sequence injection vulnerability in verbose. - Fix escape sequence injection vulnerability in gem owner. Resolves: CVE-2019-8322 - Fix escape sequence injection vulnerability in API response handling. Resolves: CVE-2019-8323 - Prohibit arbitrary code execution when installing a malicious gem. Resolves: CVE-2019-8324 - Fix escape sequence injection vulnerability in errors. Resolves: CVE-2019-8325 * ruby-2.4.6-Applied-security-patches-for-RubyGems.patch