Lucene search
OracleLinuxELSA-2019-1235HistoryMay 16, 2019 - 12:00 a.m.
ruby security update
2019-05-1600:00:00
linux.oracle.com
121
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
64.6%
[2.0.0.648-35]
- Introduce method as precondition to fix
CVE-2019-8321.- rubygems-2.3.0-refactor-checking-really_verbose.patch
- Fix escape sequence injection vulnerability in verbose.
- Fix escape sequence injection vulnerability in gem owner.
- Fix escape sequence injection vulnerability in API response handling.
- Prohibit arbitrary code execution when installing a malicious gem.
- Fix escape sequence injection vulnerability in errors.
- ruby-2.4.6-Applied-security-patches-for-RubyGems.patch
Resolves: rhbz#1699283
[2.0.0.648-35]
- ruby-2.4.6-Applied-security-patches-for-RubyGems.patch
- Refresh expired certificates.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | ruby | <Â 2.0.0.648-35.el7_6 | ruby-2.0.0.648-35.el7_6.src.rpm |
| oracle linux | 7 | aarch64 | ruby | <Â 2.0.0.648-35.el7_6 | ruby-2.0.0.648-35.el7_6.aarch64.rpm |
| oracle linux | 7 | aarch64 | ruby-devel | <Â 2.0.0.648-35.el7_6 | ruby-devel-2.0.0.648-35.el7_6.aarch64.rpm |
| oracle linux | 7 | noarch | ruby-doc | <Â 2.0.0.648-35.el7_6 | ruby-doc-2.0.0.648-35.el7_6.noarch.rpm |
| oracle linux | 7 | noarch | ruby-irb | <Â 2.0.0.648-35.el7_6 | ruby-irb-2.0.0.648-35.el7_6.noarch.rpm |
| oracle linux | 7 | aarch64 | ruby-libs | <Â 2.0.0.648-35.el7_6 | ruby-libs-2.0.0.648-35.el7_6.aarch64.rpm |
| oracle linux | 7 | aarch64 | ruby-tcltk | <Â 2.0.0.648-35.el7_6 | ruby-tcltk-2.0.0.648-35.el7_6.aarch64.rpm |
| oracle linux | 7 | aarch64 | rubygem-bigdecimal | <Â 1.2.0-35.el7_6 | rubygem-bigdecimal-1.2.0-35.el7_6.aarch64.rpm |
| oracle linux | 7 | aarch64 | rubygem-io-console | <Â 0.4.2-35.el7_6 | rubygem-io-console-0.4.2-35.el7_6.aarch64.rpm |
| oracle linux | 7 | aarch64 | rubygem-json | <Â 1.7.7-35.el7_6 | rubygem-json-1.7.7-35.el7_6.aarch64.rpm |
Related
centos
centos
ruby, rubygem, rubygems security update
2019-05-21 21:25:00
redhat
redhat
(RHSA-2019:1235) Important: ruby security update
2019-05-15 17:11:12
nessus
nessus
Amazon Linux 2 : ruby (ALAS-2019-1249)
2019-07-24 00:00:00
EulerOS 2.0 SP5 : ruby (EulerOS-SA-2019-1597)
2019-05-29 00:00:00
Scientific Linux Security Update : ruby on SL7.x x86_64 (20190515)
2019-05-16 00:00:00
openvas
openvas
CentOS Update for ruby CESA-2019:1235 centos7
2019-05-22 00:00:00
Fedora Update for ruby FEDORA-2019-a155364f3c
2019-05-07 00:00:00
Debian Security Advisory DSA 4433-1 (ruby2.3 - security update)
2019-04-18 00:00:00
amazon
amazon
Important: ruby
2019-07-18 18:14:00
Important: ruby20, ruby21, ruby24
2019-08-07 22:58:00
f5
f5
fedora
fedora
[SECURITY] Fedora 28 Update: ruby-2.5.5-108.fc28
2019-05-10 01:35:27
[SECURITY] Fedora 29 Update: ruby-2.5.5-101.fc29
2019-05-03 03:43:05
osv
osv
ruby2.3 - security update
2019-04-16 00:00:00
ruby:2.5 bug fix and enhancement update
2019-11-05 17:38:32
ruby2.1 - security update
2019-03-29 00:00:00
freebsd
freebsd
RubyGems -- multiple vulnerabilities
2019-03-05 00:00:00
debian
debian
[SECURITY] [DSA 4433-1] ruby2.3 security update
2019-04-16 20:57:32
[SECURITY] [DLA 1735-1] ruby2.1 security update
2019-03-29 08:53:04
[SECURITY] [DLA 2330-1] jruby security update
2020-08-16 13:13:11
cloudfoundry
cloudfoundry
USN-3945-1: Ruby vulnerabilities | Cloud Foundry
2019-04-12 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2019-04-11 00:00:00
rocky
rocky
2.5 bug fix and enhancement update
2019-11-05 17:38:32
ruby:2.5 security update
2019-07-30 11:16:25
mageia
mageia
Updated jruby packages fix security vulnerabilities
2020-11-27 23:14:57
Updated ruby-RubyGems packages fix security vulnerability
2020-06-11 00:39:20
alpinelinux
alpinelinux
cve
cve
prion
prion
Design/Logic Flaw
2019-06-17 20:15:00
Design/Logic Flaw
2019-06-17 20:15:00
Design/Logic Flaw
2019-06-17 20:15:00
veracode
veracode
Escape Sequence Injection
2019-05-16 04:01:21
Escape Sequence Injection
2019-05-16 03:48:47
Escape Sequence Injection
2019-05-16 03:48:47
github
github
RubyGems Escape sequence injection vulnerability in verbose
2019-06-20 16:06:04
RubyGems Escape sequence injection vulnerability in api response handling
2019-06-20 16:05:57
RubyGems Escape sequence injection vulnerability in gem owner
2019-06-20 16:06:00
redhatcve
redhatcve
ubuntucve
ubuntucve
debiancve
debiancve
oraclelinux
oraclelinux
ruby:2.5 security update
2019-08-05 00:00:00
ruby security update
2019-08-13 00:00:00
attackerkb
attackerkb
Installing a malicious gem may lead to arbitrary code execution
2020-03-17 00:00:00
almalinux
almalinux
Important: ruby:2.5 security update
2019-07-30 11:16:25
ibm
ibm
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-z
2019-07-15 22:35:01
suse
suse
Security update for ruby-bundled-gems-rpmhelper, ruby2.5 (important)
2019-07-21 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
64.6%
Related for ELSA-2019-1235