RHSA-2022:0581 Red Hat Security Advisory: ruby:2.6 security update

Bulletin has no description...

RHSA-2021:2588 Red Hat Security Advisory: ruby:2.6 security, bug fix, and enhancement update

Bulletin has no description...

RHSA-2022:0544 Red Hat Security Advisory: ruby:2.6 security update

Bulletin has no description...

Rocky Linux 8 : ruby:2.6 (RLSA-2022:0543)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0543 advisory. - Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that...

AlmaLinux 8 : ruby:2.6 (ALSA-2021:2588)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2588 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 ruby: NUL injection vulnerability of...

CentOS 8 : ruby:2.6 (CESA-2022:5338)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:5338 advisory. - Ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 Note that Nessus has not tested for this issue but has instead relied only on the...

Oracle Linux 8 : ruby:2.6 (ELSA-2022-5338)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-5338 advisory. - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 Tenable has extracted the preceding description block directly from the Oracle Linu...

AlmaLinux 8 : ruby:2.6 (ALSA-2022:0543)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0543 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

RHEL 8 : ruby:2.6 (RHSA-2022:0582)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0582 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

RHEL 8 : ruby:2.6 (RHSA-2022:0543)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0543 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

ruby:2.6 security update

An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is a...

Oracle Linux 8 : ruby:2.6 (ELSA-2022-0543)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0543 advisory. ruby 2.6.9-108 - Upgrade to Ruby 2.6.9. - Skip JIT tests in RHEL 8. - Fix the issues required to start the 'make test-bundler' itself. - Fix Bundler...

CentOS 8 : ruby:2.6 (CESA-2022:0543)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:0543 advisory. - rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 - rubygem-rdoc: Command injection...

RHEL 8 : ruby:2.6 (RHSA-2022:0544)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0544 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Rocky Linux 8 : ruby:2.6 (RLSA-2021:2588)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2588 advisory. - Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user...

Oracle Linux 8 : ruby:2.5 (ELSA-2021-2587)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2587 advisory. ruby 2.5.9-107 - Update to Ruby 2.5.9. Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed Resolves: rhbz1952626 - Resolv::DNS:...

RHEL 8 : ruby:2.6 (RHSA-2021:2588)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2588 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Medium: ruby19, ruby21

Issue Overview: The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, u...

Unsafe object creation in json RubyGem

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specificall...

GHSA-JPHG-QWRW-7W9G Unsafe object creation in json RubyGem

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specificall...