11 matches found
pcs security update
0.11.10-1.el97.1 - Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack Resolves: RHEL-120945, RHEL-121035, RHEL-123630, RHEL-123642, RHEL-124938 0.11.10-1 - Rebased pcs to the latest sources see CHANGELOG.md Resolves: RHEL-77194,...
RHSA-2014:0207 Red Hat Security Advisory: rubygems security update
Bulletin has no description...
pcs security update
0.10.18-2.0.1 - Replace HAM-logo.png with a generic one 0.10.18-2 - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26445, RHEL-26447, RHEL-26449 0.10.18-1 - Rebased to the latest sources see CHANGELOG.md Resolves: RHEL-7741 0.10.17-6 - Rebased to th...
Deserialization of Untrusted Data
Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Deserialization of Untrusted Data when YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to...
Denial of Service (DoS)
Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Denial of Service DoS via the extractfiles function in installer.rb, which does not check whether files exist before overwriting them, which allows user-assisted remote...
Directory Traversal
Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Directory Traversal. Before making new directories or touching files which now include path-checking code for symlinks, it would delete the target destination. If that...
Arbitrary Code Injection
Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the Gem::UserInteractionverbose function which calls say without escaping. Remediation Upgrade rubygems-update to version 2.7.9, 3.0.3 or highe...
Arbitrary Code Injection
Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence...
Arbitrary Code Injection
Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Arbitrary Code Injection. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence...
DLA-1112-1 rubygems - security update
Bulletin has no description...
MGASA-2015-0345 Updated ruby-RubyGems packages fix security vulnerabilities
Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack" CVE-2015-3900...