RHSA-2018:0378

Description

Red Hat Security Advisory: ruby security update

CVSS Metrics

• v3.0•HIGH•Score: 8.1CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•ruby

  < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4

• redhat•ruby-debuginfo

  < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4

• redhat•ruby-devel

  < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4

• redhat•ruby-doc

  < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4

• redhat•ruby-irb

  < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4

• redhat•ruby-libs

  < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4

• redhat•ruby-tcltk

  < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4 | < 0:2.0.0.648-33.el7_4

• redhat•rubygem-bigdecimal

  < 0:1.2.0-33.el7_4 | < 0:1.2.0-33.el7_4 | < 0:1.2.0-33.el7_4 | < 0:1.2.0-33.el7_4

• redhat•rubygem-io-console

  < 0:0.4.2-33.el7_4 | < 0:0.4.2-33.el7_4 | < 0:0.4.2-33.el7_4 | < 0:0.4.2-33.el7_4

• redhat•rubygem-json

  < 0:1.7.7-33.el7_4 | < 0:1.7.7-33.el7_4 | < 0:1.7.7-33.el7_4 | < 0:1.7.7-33.el7_4

• redhat•rubygem-minitest

  < 0:4.3.2-33.el7_4 | < 0:4.3.2-33.el7_4 | < 0:4.3.2-33.el7_4 | < 0:4.3.2-33.el7_4

• redhat•rubygem-psych

  < 0:2.0.0-33.el7_4 | < 0:2.0.0-33.el7_4 | < 0:2.0.0-33.el7_4 | < 0:2.0.0-33.el7_4

• redhat•rubygem-rake

  < 0:0.9.6-33.el7_4 | < 0:0.9.6-33.el7_4 | < 0:0.9.6-33.el7_4 | < 0:0.9.6-33.el7_4

• redhat•rubygem-rdoc

  < 0:4.0.0-33.el7_4 | < 0:4.0.0-33.el7_4 | < 0:4.0.0-33.el7_4 | < 0:4.0.0-33.el7_4

• redhat•rubygems

  < 0:2.0.14.1-33.el7_4 | < 0:2.0.14.1-33.el7_4 | < 0:2.0.14.1-33.el7_4 | < 0:2.0.14.1-33.el7_4

• redhat•rubygems-devel

  < 0:2.0.14.1-33.el7_4 | < 0:2.0.14.1-33.el7_4 | < 0:2.0.14.1-33.el7_4 | < 0:2.0.14.1-33.el7_4

References (54)

• https://access.redhat.com/errata/RHSA-2018:0378
• https://access.redhat.com/security/updates/classification/#important
• https://bugzilla.redhat.com/show_bug.cgi?id=1487552
• https://bugzilla.redhat.com/show_bug.cgi?id=1487587
• https://bugzilla.redhat.com/show_bug.cgi?id=1487588
• https://bugzilla.redhat.com/show_bug.cgi?id=1487589
• https://bugzilla.redhat.com/show_bug.cgi?id=1487590
• https://bugzilla.redhat.com/show_bug.cgi?id=1491866
• https://bugzilla.redhat.com/show_bug.cgi?id=1492012
• https://bugzilla.redhat.com/show_bug.cgi?id=1492015
• https://bugzilla.redhat.com/show_bug.cgi?id=1500488
• https://bugzilla.redhat.com/show_bug.cgi?id=1526189
• https://bugzilla.redhat.com/show_bug.cgi?id=1528218
• https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0378.json
• https://access.redhat.com/security/cve/CVE-2017-0898
• https://www.cve.org/CVERecord?id=CVE-2017-0898
• https://nvd.nist.gov/vuln/detail/CVE-2017-0898
• https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/
• https://access.redhat.com/security/cve/CVE-2017-0899
• https://www.cve.org/CVERecord?id=CVE-2017-0899
• https://nvd.nist.gov/vuln/detail/CVE-2017-0899
• http://blog.rubygems.org/2017/08/27/2.6.13-released.html
• https://access.redhat.com/security/cve/CVE-2017-0900
• https://www.cve.org/CVERecord?id=CVE-2017-0900
• https://nvd.nist.gov/vuln/detail/CVE-2017-0900
• https://access.redhat.com/security/cve/CVE-2017-0901
• https://www.cve.org/CVERecord?id=CVE-2017-0901
• https://nvd.nist.gov/vuln/detail/CVE-2017-0901
• https://access.redhat.com/security/cve/CVE-2017-0902
• https://www.cve.org/CVERecord?id=CVE-2017-0902
• https://nvd.nist.gov/vuln/detail/CVE-2017-0902
• https://access.redhat.com/security/cve/CVE-2017-0903
• https://www.cve.org/CVERecord?id=CVE-2017-0903
• https://nvd.nist.gov/vuln/detail/CVE-2017-0903
• http://blog.rubygems.org/2017/10/09/2.6.14-released.html
• https://access.redhat.com/security/cve/CVE-2017-10784
• https://www.cve.org/CVERecord?id=CVE-2017-10784
• https://nvd.nist.gov/vuln/detail/CVE-2017-10784
• https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/
• https://access.redhat.com/security/cve/CVE-2017-14033
• https://www.cve.org/CVERecord?id=CVE-2017-14033
• https://nvd.nist.gov/vuln/detail/CVE-2017-14033
• https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/
• https://access.redhat.com/security/cve/CVE-2017-14064
• https://www.cve.org/CVERecord?id=CVE-2017-14064
• https://nvd.nist.gov/vuln/detail/CVE-2017-14064
• https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/
• https://access.redhat.com/security/cve/CVE-2017-17405
• https://www.cve.org/CVERecord?id=CVE-2017-17405
• https://nvd.nist.gov/vuln/detail/CVE-2017-17405
• https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/
• https://access.redhat.com/security/cve/CVE-2017-17790
• https://www.cve.org/CVERecord?id=CVE-2017-17790
• https://nvd.nist.gov/vuln/detail/CVE-2017-17790