ELSA-2019-2028

ELSA-2019-2028 - ruby security update

Type:SECURITY
Severity:MODERATE
Release Date:2019-08-13

Description


[2.0.0.648-36]
- Introduce 'Gem::UserInteraction#verbose' method as precondition to fix
CVE-2019-8321.
* rubygems-2.3.0-refactor-checking-really_verbose.patch
- Fix escape sequence injection vulnerability in verbose.
- Fix escape sequence injection vulnerability in gem owner.
Resolves: CVE-2019-8322
- Fix escape sequence injection vulnerability in API response handling.
Resolves: CVE-2019-8323
- Prohibit arbitrary code execution when installing a malicious gem.
Resolves: CVE-2019-8324
- Fix escape sequence injection vulnerability in errors.
Resolves: CVE-2019-8325
* ruby-2.4.6-Applied-security-patches-for-RubyGems.patch


Related CVEs


CVE-2017-17742
CVE-2018-6914
CVE-2018-8777
CVE-2018-8779
CVE-2018-16396
CVE-2018-1000073
CVE-2018-1000074
CVE-2018-1000075
CVE-2018-1000076
CVE-2018-1000077
CVE-2018-1000078
CVE-2018-8778
CVE-2018-8780
CVE-2018-1000079

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) ruby-2.0.0.648-36.el7.src.rpmc67ffbb216db9a96cfd32d3b6af42916-
ruby-2.0.0.648-36.el7.aarch64.rpm4acd3542ccc9b29c11ed5727fef0d903-
ruby-devel-2.0.0.648-36.el7.aarch64.rpmcd7155ad67dd9cca88bfe22419e5a188-
ruby-doc-2.0.0.648-36.el7.noarch.rpm48d61206484b760c3ad5b4cea13c537d-
ruby-irb-2.0.0.648-36.el7.noarch.rpm8bf256a4a3dc753bedb005a25ddeb331-
ruby-libs-2.0.0.648-36.el7.aarch64.rpm04a6da9257335ef99f9a2d9e1ce27a04-
ruby-tcltk-2.0.0.648-36.el7.aarch64.rpm8dba1dca740f47562a55042d33a9467d-
rubygem-bigdecimal-1.2.0-36.el7.aarch64.rpm77fafde17a9bf340aecd29ce52f6f080-
rubygem-io-console-0.4.2-36.el7.aarch64.rpm7c1a3adc66224b6499283fbc013d8b2d-
rubygem-json-1.7.7-36.el7.aarch64.rpm29d5f2d79a730bbb152a30039a7e0959-
rubygem-minitest-4.3.2-36.el7.noarch.rpmf4da64f87cfd650d75887c4f9fe14d89-
rubygem-psych-2.0.0-36.el7.aarch64.rpm37cb8c8ee0a07749a36fdd7d08688446-
rubygem-rake-0.9.6-36.el7.noarch.rpm532f7fda32ca71e0a737c6f70a52314f-
rubygem-rdoc-4.0.0-36.el7.noarch.rpm90bee7925e3bb146ddd7b30b774f9651-
rubygems-2.0.14.1-36.el7.noarch.rpma69263b771719db374ebf918e1599935-
rubygems-devel-2.0.14.1-36.el7.noarch.rpmf25445b470026362d77cf8b1a5822398-
Oracle Linux 7 (x86_64) ruby-2.0.0.648-36.el7.src.rpmc67ffbb216db9a96cfd32d3b6af42916-
ruby-2.0.0.648-36.el7.x86_64.rpm25185a0731f64f95be3401bfc8573511-
ruby-devel-2.0.0.648-36.el7.x86_64.rpma0d61c5a54aeef0a3ef5e3762b96d257-
ruby-doc-2.0.0.648-36.el7.noarch.rpm48d61206484b760c3ad5b4cea13c537d-
ruby-irb-2.0.0.648-36.el7.noarch.rpm8bf256a4a3dc753bedb005a25ddeb331-
ruby-libs-2.0.0.648-36.el7.i686.rpm808dcd6adafc8b7d563a6e5cf69b2f52-
ruby-libs-2.0.0.648-36.el7.x86_64.rpmf86d9797cb893f0a2bd1a34493f99863-
ruby-tcltk-2.0.0.648-36.el7.x86_64.rpm0686e22b033ba6f774bbef17639570b7-
rubygem-bigdecimal-1.2.0-36.el7.x86_64.rpm98c6d6f1a841c14d80877d64abfaf084-
rubygem-io-console-0.4.2-36.el7.x86_64.rpm5b04cd0e799762903b75cf6512e3f7d8-
rubygem-json-1.7.7-36.el7.x86_64.rpm03c016323054470d566077eaf6cf0b43-
rubygem-minitest-4.3.2-36.el7.noarch.rpmf4da64f87cfd650d75887c4f9fe14d89-
rubygem-psych-2.0.0-36.el7.x86_64.rpme13b53bc2d8bec4601a131f1d3021153-
rubygem-rake-0.9.6-36.el7.noarch.rpm532f7fda32ca71e0a737c6f70a52314f-
rubygem-rdoc-4.0.0-36.el7.noarch.rpm90bee7925e3bb146ddd7b30b774f9651-
rubygems-2.0.14.1-36.el7.noarch.rpma69263b771719db374ebf918e1599935-
rubygems-devel-2.0.14.1-36.el7.noarch.rpmf25445b470026362d77cf8b1a5822398-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete