Lucene search

K
oraclelinuxOracleLinuxELSA-2022-5779
HistoryAug 03, 2022 - 12:00 a.m.

ruby:2.5 security update

2022-08-0300:00:00
linux.oracle.com
34

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

ruby
[2.5.9-110]

  • Fix FTBFS due to an incompatible load directive.
  • Fix a fiddle import test on an optimized glibc on Power 9.
  • Fix by adding length limit option for methods that parses date strings.
    Resolves: CVE-2021-41817
  • CGI::Cookie.parse no longer decodes cookie names to prevent spoofing security
    prefixes in cookie names.
    Resolves: CVE-2021-41819

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P