(RHSA-2015:1657) Important: rh-ruby22-ruby security update

2015-08-2400:00:00

access.redhat.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

79.8%

JSON

Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to perform system management
tasks.

A flaw was found in a way rubygems verified the API endpoint hostname
retrieved through a DNS SRV record. A man-in-the-middle attacker could use
this flaw to force a client to download content from an untrusted domain.
(CVE-2015-3900)

All rh-ruby22-ruby users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. All running
instances of Ruby need to be restarted for this update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64rh-ruby22-ruby-devel< 2.2.2-12.el7rh-ruby22-ruby-devel-2.2.2-12.el7.x86_64.rpm
RedHat7x86_64rh-ruby22-rubygem-bigdecimal< 1.2.6-12.el7rh-ruby22-rubygem-bigdecimal-1.2.6-12.el7.x86_64.rpm
RedHat7x86_64rh-ruby22-rubygem-json< 1.8.1-12.el7rh-ruby22-rubygem-json-1.8.1-12.el7.x86_64.rpm
RedHat6noarchrh-ruby22-ruby-irb< 2.2.2-12.el6rh-ruby22-ruby-irb-2.2.2-12.el6.noarch.rpm
RedHat7noarchrh-ruby22-rubygem-test-unit< 3.0.8-12.el7rh-ruby22-rubygem-test-unit-3.0.8-12.el7.noarch.rpm
RedHat6noarchrh-ruby22-rubygem-minitest< 5.4.3-12.el6rh-ruby22-rubygem-minitest-5.4.3-12.el6.noarch.rpm
RedHat7x86_64rh-ruby22-rubygem-io-console< 0.4.3-12.el7rh-ruby22-rubygem-io-console-0.4.3-12.el7.x86_64.rpm
RedHat7srcrh-ruby22-ruby< 2.2.2-12.el7rh-ruby22-ruby-2.2.2-12.el7.src.rpm
RedHat7noarchrh-ruby22-rubygems-devel< 2.4.5-12.el7rh-ruby22-rubygems-devel-2.4.5-12.el7.noarch.rpm
RedHat6x86_64rh-ruby22-rubygems< 2.4.5-12.el6rh-ruby22-rubygems-2.4.5-12.el6.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	rh-ruby22-ruby-devel	< 2.2.2-12.el7	rh-ruby22-ruby-devel-2.2.2-12.el7.x86_64.rpm
RedHat	7	x86_64	rh-ruby22-rubygem-bigdecimal	< 1.2.6-12.el7	rh-ruby22-rubygem-bigdecimal-1.2.6-12.el7.x86_64.rpm
RedHat	7	x86_64	rh-ruby22-rubygem-json	< 1.8.1-12.el7	rh-ruby22-rubygem-json-1.8.1-12.el7.x86_64.rpm
RedHat	6	noarch	rh-ruby22-ruby-irb	< 2.2.2-12.el6	rh-ruby22-ruby-irb-2.2.2-12.el6.noarch.rpm
RedHat	7	noarch	rh-ruby22-rubygem-test-unit	< 3.0.8-12.el7	rh-ruby22-rubygem-test-unit-3.0.8-12.el7.noarch.rpm
RedHat	6	noarch	rh-ruby22-rubygem-minitest	< 5.4.3-12.el6	rh-ruby22-rubygem-minitest-5.4.3-12.el6.noarch.rpm
RedHat	7	x86_64	rh-ruby22-rubygem-io-console	< 0.4.3-12.el7	rh-ruby22-rubygem-io-console-0.4.3-12.el7.x86_64.rpm
RedHat	7	src	rh-ruby22-ruby	< 2.2.2-12.el7	rh-ruby22-ruby-2.2.2-12.el7.src.rpm
RedHat	7	noarch	rh-ruby22-rubygems-devel	< 2.4.5-12.el7	rh-ruby22-rubygems-devel-2.4.5-12.el7.noarch.rpm
RedHat	6	x86_64	rh-ruby22-rubygems	< 2.4.5-12.el6	rh-ruby22-rubygems-2.4.5-12.el6.x86_64.rpm