Moderate: ruby:2.6 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 2.6.7. BZ1952627 Security Fixes: rubygem-bundler: Insecure permissions...

ruby:2.5 security, bug fix, and enhancement update

An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: ruby:2.5 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 2.5.9. BZ1952626 Security Fixes: ruby: NUL injection vulnerability of...

ruby:2.7 security, bug fix, and enhancement update

An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is a...

EulerOS 2.0 SP8 : ruby (EulerOS-SA-2021-1987)

According to the version of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorre...

SUSE: Security Advisory (SUSE-SU-2021:1280-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: rh-ruby25-ruby security, bug fix, and enhancement update

An update for rh-ruby25-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Amazon Linux AMI : ruby24 (ALAS-2021-1501)

The version of ruby24 installed on the remote host is prior to 2.4.10-2.14. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1501 advisory. The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-tri...

Medium: ruby24

Issue Overview: The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. CVE-2021-28965 Affected Packages: ruby24 Issue Correction: Run yum update...

openSUSE Security Update : ruby2.5 (openSUSE-2021-607)

This update for ruby2.5 fixes the following issues : - Update to 2.5.9 - CVE-2021-28965: XML round-trip vulnerability in REXML bsc1184644 This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

GHSA-8CR8-4VFW-MR7H REXML round-trip instability

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

REXML round-trip instability

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

The REXML gem before 3.2.5 in Ruby before 2.6.7 2.7.x before 2.7.3 and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

...

USN-4922-1: Ruby vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack. CVEs...

[ASA-202104-1] gitlab: multiple issues

Arch Linux Security Advisory ASA-202104-1 ========================================= Severity: Critical Date : 2021-04-29 CVE-ID : CVE-2021-22205 CVE-2021-28965 Package : gitlab Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1822 Summary ======= The package gitlab...

USN-4922-2: Ruby vulnerability

USN-4922-1 fixed a vulnerability in Ruby. This update provides the corresponding update for Ubuntu 21.04. Original advisory details: Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to...

Ubuntu 21.04 : Ruby vulnerability (USN-4922-2)

The remote Ubuntu 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-4922-2 advisory. USN-4922-1 fixed a vulnerability in Ruby. This update provides the corresponding update for Ubuntu 21.04. Tenable has extracted the preceding description block direct...

Security update for ruby2.5 (moderate)

openSUSE Security Update: Security update for ruby2.5 Announcement ID: openSUSE-SU-2021:0607-1 Rating: moderate References: 1184644 Cross-References: CVE-2021-28965 CVSS scores: CVE-2021-28965 SUSE: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: openSUSE Leap 15.2 An update...

CVE-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

CVE-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...