logo
DATABASE RESOURCES PRICING ABOUT US

Medium: ruby24

Description

**Issue Overview:** An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613) **Affected Packages:** ruby24 **Issue Correction:** Run _yum update ruby24_ to update your system. **New Packages:** i686:     rubygem24-net-telnet-0.1.1-2.13.amzn1.i686     ruby24-devel-2.4.10-2.13.amzn1.i686     rubygem24-psych-2.2.2-2.13.amzn1.i686     ruby24-debuginfo-2.4.10-2.13.amzn1.i686     ruby24-libs-2.4.10-2.13.amzn1.i686     rubygem24-xmlrpc-0.2.1-2.13.amzn1.i686     ruby24-2.4.10-2.13.amzn1.i686     rubygem24-json-2.0.4-2.13.amzn1.i686     rubygem24-bigdecimal-1.3.2-2.13.amzn1.i686     rubygem24-io-console-0.4.6-2.13.amzn1.i686 noarch:     ruby24-doc-2.4.10-2.13.amzn1.noarch     rubygems24-2.6.14.4-2.13.amzn1.noarch     rubygem24-rdoc-5.0.1-2.13.amzn1.noarch     rubygem24-power_assert-0.4.1-2.13.amzn1.noarch     rubygem24-minitest5-5.10.1-2.13.amzn1.noarch     rubygems24-devel-2.6.14.4-2.13.amzn1.noarch     ruby24-irb-2.4.10-2.13.amzn1.noarch     rubygem24-did_you_mean-1.1.0-2.13.amzn1.noarch     rubygem24-test-unit-3.2.3-2.13.amzn1.noarch src:     ruby24-2.4.10-2.13.amzn1.src x86_64:     ruby24-devel-2.4.10-2.13.amzn1.x86_64     rubygem24-json-2.0.4-2.13.amzn1.x86_64     rubygem24-io-console-0.4.6-2.13.amzn1.x86_64     rubygem24-xmlrpc-0.2.1-2.13.amzn1.x86_64     rubygem24-bigdecimal-1.3.2-2.13.amzn1.x86_64     ruby24-debuginfo-2.4.10-2.13.amzn1.x86_64     rubygem24-net-telnet-0.1.1-2.13.amzn1.x86_64     rubygem24-psych-2.2.2-2.13.amzn1.x86_64     ruby24-libs-2.4.10-2.13.amzn1.x86_64     ruby24-2.4.10-2.13.amzn1.x86_64


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 1 rubygem24-net-telnet 0.1.1-2.13.amzn1
Amazon Linux 1 ruby24-devel 2.4.10-2.13.amzn1
Amazon Linux 1 rubygem24-psych 2.2.2-2.13.amzn1
Amazon Linux 1 ruby24-debuginfo 2.4.10-2.13.amzn1
Amazon Linux 1 ruby24-libs 2.4.10-2.13.amzn1
Amazon Linux 1 rubygem24-xmlrpc 0.2.1-2.13.amzn1
Amazon Linux 1 ruby24 2.4.10-2.13.amzn1
Amazon Linux 1 rubygem24-json 2.0.4-2.13.amzn1
Amazon Linux 1 rubygem24-bigdecimal 1.3.2-2.13.amzn1
Amazon Linux 1 rubygem24-io-console 0.4.6-2.13.amzn1
Amazon Linux 1 ruby24-doc 2.4.10-2.13.amzn1
Amazon Linux 1 rubygems24 2.6.14.4-2.13.amzn1
Amazon Linux 1 rubygem24-rdoc 5.0.1-2.13.amzn1
Amazon Linux 1 rubygem24-power_assert 0.4.1-2.13.amzn1
Amazon Linux 1 rubygem24-minitest5 5.10.1-2.13.amzn1
Amazon Linux 1 rubygems24-devel 2.6.14.4-2.13.amzn1
Amazon Linux 1 ruby24-irb 2.4.10-2.13.amzn1
Amazon Linux 1 rubygem24-did_you_mean 1.1.0-2.13.amzn1
Amazon Linux 1 rubygem24-test-unit 3.2.3-2.13.amzn1
Amazon Linux 1 ruby24 2.4.10-2.13.amzn1
Amazon Linux 1 ruby24-devel 2.4.10-2.13.amzn1
Amazon Linux 1 rubygem24-json 2.0.4-2.13.amzn1
Amazon Linux 1 rubygem24-io-console 0.4.6-2.13.amzn1
Amazon Linux 1 rubygem24-xmlrpc 0.2.1-2.13.amzn1
Amazon Linux 1 rubygem24-bigdecimal 1.3.2-2.13.amzn1
Amazon Linux 1 ruby24-debuginfo 2.4.10-2.13.amzn1
Amazon Linux 1 rubygem24-net-telnet 0.1.1-2.13.amzn1
Amazon Linux 1 rubygem24-psych 2.2.2-2.13.amzn1
Amazon Linux 1 ruby24-libs 2.4.10-2.13.amzn1
Amazon Linux 1 ruby24 2.4.10-2.13.amzn1

Related