RHSA-2017:3485

Description

Red Hat Security Advisory: rh-ruby24-ruby security, bug fix, and enhancement update

CVSS Metrics

• v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Systems

• redhat•rh-ruby24-ruby

  < 0:2.4.2-86.el6 | < 0:2.4.2-86.el7

• redhat•rh-ruby24-ruby-debuginfo

  < 0:2.4.2-86.el6 | < 0:2.4.2-86.el7

• redhat•rh-ruby24-ruby-devel

  < 0:2.4.2-86.el6 | < 0:2.4.2-86.el7

• redhat•rh-ruby24-ruby-doc

  < 0:2.4.2-86.el6 | < 0:2.4.2-86.el7

• redhat•rh-ruby24-ruby-irb

  < 0:2.4.2-86.el6 | < 0:2.4.2-86.el7

• redhat•rh-ruby24-ruby-libs

  < 0:2.4.2-86.el6 | < 0:2.4.2-86.el7

• redhat•rh-ruby24-rubygem-bigdecimal

  < 0:1.3.0-86.el6 | < 0:1.3.0-86.el7

• redhat•rh-ruby24-rubygem-did_you_mean

  < 0:1.1.0-86.el6 | < 0:1.1.0-86.el7

• redhat•rh-ruby24-rubygem-io-console

  < 0:0.4.6-86.el6 | < 0:0.4.6-86.el7

• redhat•rh-ruby24-rubygem-json

  < 0:2.0.4-86.el6 | < 0:2.0.4-86.el7

• redhat•rh-ruby24-rubygem-minitest

  < 0:5.10.1-86.el6 | < 0:5.10.1-86.el7

• redhat•rh-ruby24-rubygem-net-telnet

  < 0:0.1.1-86.el6 | < 0:0.1.1-86.el7

• redhat•rh-ruby24-rubygem-openssl

  < 0:2.0.5-86.el6 | < 0:2.0.5-86.el7

• redhat•rh-ruby24-rubygem-power_assert

  < 0:0.4.1-86.el6 | < 0:0.4.1-86.el7

• redhat•rh-ruby24-rubygem-psych

  < 0:2.2.2-86.el6 | < 0:2.2.2-86.el7

• redhat•rh-ruby24-rubygem-rake

  < 0:12.0.0-86.el6 | < 0:12.0.0-86.el7

• redhat•rh-ruby24-rubygem-rdoc

  < 0:5.0.0-86.el6 | < 0:5.0.0-86.el7

• redhat•rh-ruby24-rubygem-test-unit

  < 0:3.2.3-86.el6 | < 0:3.2.3-86.el7

• redhat•rh-ruby24-rubygem-xmlrpc

  < 0:0.2.1-86.el6 | < 0:0.2.1-86.el7

• redhat•rh-ruby24-rubygems

  < 0:2.6.14-86.el6 | < 0:2.6.14-86.el7

• redhat•rh-ruby24-rubygems-devel

  < 0:2.6.14-86.el6 | < 0:2.6.14-86.el7

References (41)

• https://access.redhat.com/errata/RHSA-2017:3485
• https://access.redhat.com/security/updates/classification/#moderate
• https://bugzilla.redhat.com/show_bug.cgi?id=1487552
• https://bugzilla.redhat.com/show_bug.cgi?id=1487587
• https://bugzilla.redhat.com/show_bug.cgi?id=1487588
• https://bugzilla.redhat.com/show_bug.cgi?id=1487589
• https://bugzilla.redhat.com/show_bug.cgi?id=1487590
• https://bugzilla.redhat.com/show_bug.cgi?id=1492012
• https://bugzilla.redhat.com/show_bug.cgi?id=1492015
• https://bugzilla.redhat.com/show_bug.cgi?id=1500488
• https://bugzilla.redhat.com/show_bug.cgi?id=1506785
• https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3485.json
• https://access.redhat.com/security/cve/CVE-2017-0898
• https://www.cve.org/CVERecord?id=CVE-2017-0898
• https://nvd.nist.gov/vuln/detail/CVE-2017-0898
• https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/
• https://access.redhat.com/security/cve/CVE-2017-0899
• https://www.cve.org/CVERecord?id=CVE-2017-0899
• https://nvd.nist.gov/vuln/detail/CVE-2017-0899
• http://blog.rubygems.org/2017/08/27/2.6.13-released.html
• https://access.redhat.com/security/cve/CVE-2017-0900
• https://www.cve.org/CVERecord?id=CVE-2017-0900
• https://nvd.nist.gov/vuln/detail/CVE-2017-0900
• https://access.redhat.com/security/cve/CVE-2017-0901
• https://www.cve.org/CVERecord?id=CVE-2017-0901
• https://nvd.nist.gov/vuln/detail/CVE-2017-0901
• https://access.redhat.com/security/cve/CVE-2017-0902
• https://www.cve.org/CVERecord?id=CVE-2017-0902
• https://nvd.nist.gov/vuln/detail/CVE-2017-0902
• https://access.redhat.com/security/cve/CVE-2017-0903
• https://www.cve.org/CVERecord?id=CVE-2017-0903
• https://nvd.nist.gov/vuln/detail/CVE-2017-0903
• http://blog.rubygems.org/2017/10/09/2.6.14-released.html
• https://access.redhat.com/security/cve/CVE-2017-10784
• https://www.cve.org/CVERecord?id=CVE-2017-10784
• https://nvd.nist.gov/vuln/detail/CVE-2017-10784
• https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/
• https://access.redhat.com/security/cve/CVE-2017-14064
• https://www.cve.org/CVERecord?id=CVE-2017-14064
• https://nvd.nist.gov/vuln/detail/CVE-2017-14064
• https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/