The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2587 advisory.
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. (CVE-2019-15845)
WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. (CVE-2019-16254)
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application- dependent. (CVE-2020-10663)
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. (CVE-2021-28965)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2021:2587.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(157806);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/09");
script_cve_id(
"CVE-2019-15845",
"CVE-2019-16201",
"CVE-2019-16254",
"CVE-2019-16255",
"CVE-2020-10663",
"CVE-2020-10933",
"CVE-2020-25613",
"CVE-2021-28965"
);
script_xref(name:"RLSA", value:"2021:2587");
script_name(english:"Rocky Linux 8 : ruby:2.5 (RLSA-2021:2587)");
script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2021:2587 advisory.
- Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within
File.fnmatch functions. (CVE-2019-15845)
- WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a
regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server
that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)
- Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a
program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to
insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this
issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not
address an isolated CR or an isolated LF. (CVE-2019-16254)
- Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first
argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An
attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)
- The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through
2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not
rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead
to creation of a malicious object within the interpreter, with adverse effects that are application-
dependent. (CVE-2020-10663)
- An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls
BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit
the requested size, but no data is copied. Thus, the buffer string provides the previous value of the
heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)
- An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a
simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An
attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header
check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)
- The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not
properly address XML round-trip issues. An incorrect document can be produced after parsing and
serializing. (CVE-2021-28965)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2021:2587");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1773728");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1789407");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1789556");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1793683");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1827500");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1833291");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1883623");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1947526");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1952626");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1955010");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16255");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/26");
script_set_attribute(attribute:"patch_publication_date", value:"2021/07/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:ruby");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:ruby-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:ruby-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:ruby-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:ruby-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:ruby-irb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:ruby-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:ruby-libs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-abrt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-abrt-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-bigdecimal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-bigdecimal-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-bson");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-bson-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-bson-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-bson-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-bundler");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-bundler-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-did_you_mean");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-io-console");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-io-console-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-json-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-minitest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-mongo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-mongo-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-mysql2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-mysql2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-mysql2-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-mysql2-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-net-telnet");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-openssl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-pg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-pg-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-pg-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-pg-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-power_assert");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-psych");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-psych-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-rake");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-rdoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-test-unit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygem-xmlrpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygems");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rubygems-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Rocky Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);
if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);
var module_ver = get_kb_item('Host/RockyLinux/appstream/ruby');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module ruby:2.5');
if ('2.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module ruby:' + module_ver);
var appstreams = {
'ruby:2.5': [
{'reference':'ruby-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-debuginfo-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-debuginfo-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-debuginfo-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-debugsource-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-debugsource-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-debugsource-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-doc-2.5.9-107.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-irb-2.5.9-107.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-debuginfo-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-debuginfo-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-debuginfo-2.5.9-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-abrt-0.3.0-4.module+el8.3.0+167+5c390590', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-abrt-0.3.0-4.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-abrt-0.3.0-4.module+el8.5.0+738+032c9c02', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-abrt-doc-0.3.0-4.module+el8.3.0+167+5c390590', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-abrt-doc-0.3.0-4.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-abrt-doc-0.3.0-4.module+el8.5.0+738+032c9c02', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bigdecimal-1.3.4-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bigdecimal-1.3.4-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bigdecimal-1.3.4-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bigdecimal-debuginfo-1.3.4-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bigdecimal-debuginfo-1.3.4-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bigdecimal-debuginfo-1.3.4-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-4.3.0-2.module+el8.3.0+167+5c390590', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-4.3.0-2.module+el8.3.0+167+5c390590', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-debuginfo-4.3.0-2.module+el8.3.0+167+5c390590', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-debuginfo-4.3.0-2.module+el8.3.0+167+5c390590', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-debuginfo-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-debuginfo-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-debugsource-4.3.0-2.module+el8.3.0+167+5c390590', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-debugsource-4.3.0-2.module+el8.3.0+167+5c390590', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-debugsource-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-debugsource-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-doc-4.3.0-2.module+el8.3.0+167+5c390590', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bson-doc-4.3.0-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bundler-1.16.1-3.module+el8.3.0+167+5c390590', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bundler-1.16.1-3.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bundler-doc-1.16.1-3.module+el8.3.0+167+5c390590', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bundler-doc-1.16.1-3.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-did_you_mean-1.2.0-107.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-io-console-0.4.6-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-io-console-0.4.6-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-io-console-0.4.6-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-io-console-debuginfo-0.4.6-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-io-console-debuginfo-0.4.6-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-io-console-debuginfo-0.4.6-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-json-2.1.0-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-json-2.1.0-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-json-2.1.0-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-json-debuginfo-2.1.0-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-json-debuginfo-2.1.0-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-json-debuginfo-2.1.0-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-minitest-5.10.3-107.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mongo-2.5.1-2.module+el8.4.0+349+3470f258', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mongo-2.5.1-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mongo-doc-2.5.1-2.module+el8.4.0+349+3470f258', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mongo-doc-2.5.1-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-0.4.10-4.module+el8.3.0+167+5c390590', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-0.4.10-4.module+el8.3.0+167+5c390590', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-0.4.10-4.module+el8.5.0+739+43897a5e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-0.4.10-4.module+el8.5.0+739+43897a5e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.3.0+167+5c390590', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.3.0+167+5c390590', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.5.0+739+43897a5e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.5.0+739+43897a5e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-debugsource-0.4.10-4.module+el8.3.0+167+5c390590', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-debugsource-0.4.10-4.module+el8.3.0+167+5c390590', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-debugsource-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-debugsource-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-debugsource-0.4.10-4.module+el8.5.0+739+43897a5e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-debugsource-0.4.10-4.module+el8.5.0+739+43897a5e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-doc-0.4.10-4.module+el8.3.0+167+5c390590', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-doc-0.4.10-4.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-mysql2-doc-0.4.10-4.module+el8.5.0+739+43897a5e', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-net-telnet-0.1.1-107.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-openssl-2.1.2-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-openssl-2.1.2-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-openssl-2.1.2-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-openssl-debuginfo-2.1.2-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-openssl-debuginfo-2.1.2-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-openssl-debuginfo-2.1.2-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-1.0.0-2.module+el8.3.0+167+5c390590', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-1.0.0-2.module+el8.3.0+167+5c390590', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-debuginfo-1.0.0-2.module+el8.3.0+167+5c390590', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-debuginfo-1.0.0-2.module+el8.3.0+167+5c390590', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-debuginfo-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-debuginfo-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-debugsource-1.0.0-2.module+el8.3.0+167+5c390590', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-debugsource-1.0.0-2.module+el8.3.0+167+5c390590', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-debugsource-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-debugsource-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-doc-1.0.0-2.module+el8.3.0+167+5c390590', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-pg-doc-1.0.0-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-power_assert-1.1.1-107.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-psych-3.0.2-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-psych-3.0.2-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-psych-3.0.2-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-psych-debuginfo-3.0.2-107.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-psych-debuginfo-3.0.2-107.module+el8.4.0+592+03ff458a', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-psych-debuginfo-3.0.2-107.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rake-12.3.3-107.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rdoc-6.0.1.1-107.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-test-unit-3.2.7-107.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-xmlrpc-0.3.0-107.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygems-2.7.6.3-107.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygems-devel-2.7.6.3-107.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
};
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RockyLinux/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var package_array ( appstreams[module] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module ruby:2.5');
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby / ruby-debuginfo / ruby-debugsource / ruby-devel / ruby-doc / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25613
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965
bugzilla.redhat.com/show_bug.cgi?id=1773728
bugzilla.redhat.com/show_bug.cgi?id=1789407
bugzilla.redhat.com/show_bug.cgi?id=1789556
bugzilla.redhat.com/show_bug.cgi?id=1793683
bugzilla.redhat.com/show_bug.cgi?id=1827500
bugzilla.redhat.com/show_bug.cgi?id=1833291
bugzilla.redhat.com/show_bug.cgi?id=1883623
bugzilla.redhat.com/show_bug.cgi?id=1947526
bugzilla.redhat.com/show_bug.cgi?id=1952626
bugzilla.redhat.com/show_bug.cgi?id=1955010
errata.rockylinux.org/RLSA-2021:2587