Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: rh-ruby23-ruby (2.3.6), rh-ruby23-rubygems (188.8.131.52), rh-ruby23-rubygem-json (184.108.40.206), rh-ruby23-rubygem-minitest (5.8.5), rh-ruby23-rubygem-psych (220.127.116.11). (BZ#1549649)
ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405)
ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898)
rubygems: Arbitrary file overwrite due to incorrect validation of specification name (CVE-2017-0901)
rubygems: DNS hijacking vulnerability (CVE-2017-0902)
rubygems: Unsafe object deserialization through YAML formatted gem specifications (CVE-2017-0903)
ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick (CVE-2017-10784)
ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033)
rubygems: Escape sequence in the "summary" field of gemspec (CVE-2017-0899)
rubygems: No size limit in summary length of gem spec (CVE-2017-0900)
ruby: Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064)
ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution (CVE-2017-17790)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.