ELSA-2019-2028
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-2028
ELSA-2019-2028 - ruby security update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2019-08-13 |
Description
[2.0.0.648-36]
- Introduce 'Gem::UserInteraction#verbose' method as precondition to fix
CVE-2019-8321.
* rubygems-2.3.0-refactor-checking-really_verbose.patch
- Fix escape sequence injection vulnerability in verbose.
- Fix escape sequence injection vulnerability in gem owner.
Resolves: CVE-2019-8322
- Fix escape sequence injection vulnerability in API response handling.
Resolves: CVE-2019-8323
- Prohibit arbitrary code execution when installing a malicious gem.
Resolves: CVE-2019-8324
- Fix escape sequence injection vulnerability in errors.
Resolves: CVE-2019-8325
* ruby-2.4.6-Applied-security-patches-for-RubyGems.patch
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (aarch64) | ruby-2.0.0.648-36.el7.src.rpm | c67ffbb216db9a96cfd32d3b6af42916 | - |
| ruby-2.0.0.648-36.el7.aarch64.rpm | 4acd3542ccc9b29c11ed5727fef0d903 | - | |
| ruby-devel-2.0.0.648-36.el7.aarch64.rpm | cd7155ad67dd9cca88bfe22419e5a188 | - | |
| ruby-doc-2.0.0.648-36.el7.noarch.rpm | 48d61206484b760c3ad5b4cea13c537d | - | |
| ruby-irb-2.0.0.648-36.el7.noarch.rpm | 8bf256a4a3dc753bedb005a25ddeb331 | - | |
| ruby-libs-2.0.0.648-36.el7.aarch64.rpm | 04a6da9257335ef99f9a2d9e1ce27a04 | - | |
| ruby-tcltk-2.0.0.648-36.el7.aarch64.rpm | 8dba1dca740f47562a55042d33a9467d | - | |
| rubygem-bigdecimal-1.2.0-36.el7.aarch64.rpm | 77fafde17a9bf340aecd29ce52f6f080 | - | |
| rubygem-io-console-0.4.2-36.el7.aarch64.rpm | 7c1a3adc66224b6499283fbc013d8b2d | - | |
| rubygem-json-1.7.7-36.el7.aarch64.rpm | 29d5f2d79a730bbb152a30039a7e0959 | - | |
| rubygem-minitest-4.3.2-36.el7.noarch.rpm | f4da64f87cfd650d75887c4f9fe14d89 | - | |
| rubygem-psych-2.0.0-36.el7.aarch64.rpm | 37cb8c8ee0a07749a36fdd7d08688446 | - | |
| rubygem-rake-0.9.6-36.el7.noarch.rpm | 532f7fda32ca71e0a737c6f70a52314f | - | |
| rubygem-rdoc-4.0.0-36.el7.noarch.rpm | 90bee7925e3bb146ddd7b30b774f9651 | - | |
| rubygems-2.0.14.1-36.el7.noarch.rpm | a69263b771719db374ebf918e1599935 | - | |
| rubygems-devel-2.0.14.1-36.el7.noarch.rpm | f25445b470026362d77cf8b1a5822398 | - | |
| Oracle Linux 7 (x86_64) | ruby-2.0.0.648-36.el7.src.rpm | c67ffbb216db9a96cfd32d3b6af42916 | - |
| ruby-2.0.0.648-36.el7.x86_64.rpm | 25185a0731f64f95be3401bfc8573511 | - | |
| ruby-devel-2.0.0.648-36.el7.x86_64.rpm | a0d61c5a54aeef0a3ef5e3762b96d257 | - | |
| ruby-doc-2.0.0.648-36.el7.noarch.rpm | 48d61206484b760c3ad5b4cea13c537d | - | |
| ruby-irb-2.0.0.648-36.el7.noarch.rpm | 8bf256a4a3dc753bedb005a25ddeb331 | - | |
| ruby-libs-2.0.0.648-36.el7.i686.rpm | 808dcd6adafc8b7d563a6e5cf69b2f52 | - | |
| ruby-libs-2.0.0.648-36.el7.x86_64.rpm | f86d9797cb893f0a2bd1a34493f99863 | - | |
| ruby-tcltk-2.0.0.648-36.el7.x86_64.rpm | 0686e22b033ba6f774bbef17639570b7 | - | |
| rubygem-bigdecimal-1.2.0-36.el7.x86_64.rpm | 98c6d6f1a841c14d80877d64abfaf084 | - | |
| rubygem-io-console-0.4.2-36.el7.x86_64.rpm | 5b04cd0e799762903b75cf6512e3f7d8 | - | |
| rubygem-json-1.7.7-36.el7.x86_64.rpm | 03c016323054470d566077eaf6cf0b43 | - | |
| rubygem-minitest-4.3.2-36.el7.noarch.rpm | f4da64f87cfd650d75887c4f9fe14d89 | - | |
| rubygem-psych-2.0.0-36.el7.x86_64.rpm | e13b53bc2d8bec4601a131f1d3021153 | - | |
| rubygem-rake-0.9.6-36.el7.noarch.rpm | 532f7fda32ca71e0a737c6f70a52314f | - | |
| rubygem-rdoc-4.0.0-36.el7.noarch.rpm | 90bee7925e3bb146ddd7b30b774f9651 | - | |
| rubygems-2.0.14.1-36.el7.noarch.rpm | a69263b771719db374ebf918e1599935 | - | |
| rubygems-devel-2.0.14.1-36.el7.noarch.rpm | f25445b470026362d77cf8b1a5822398 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
