RHSA-2018:3729

Description

Red Hat Security Advisory: rh-ruby23-ruby security, bug fix, and enhancement update

CVSS Metrics

• v3.0•HIGH•Score: 7.8CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Systems

• redhat•rh-ruby23-ruby

  < 0:2.3.8-69.el6 | < 0:2.3.8-69.el7

• redhat•rh-ruby23-ruby-debuginfo

  < 0:2.3.8-69.el6 | < 0:2.3.8-69.el7

• redhat•rh-ruby23-ruby-devel

  < 0:2.3.8-69.el6 | < 0:2.3.8-69.el7

• redhat•rh-ruby23-ruby-doc

  < 0:2.3.8-69.el6 | < 0:2.3.8-69.el7

• redhat•rh-ruby23-ruby-irb

  < 0:2.3.8-69.el6 | < 0:2.3.8-69.el7

• redhat•rh-ruby23-ruby-libs

  < 0:2.3.8-69.el6 | < 0:2.3.8-69.el7

• redhat•rh-ruby23-ruby-tcltk

  < 0:2.3.8-69.el6 | < 0:2.3.8-69.el7

• redhat•rh-ruby23-rubygem-bigdecimal

  < 0:1.2.8-69.el6 | < 0:1.2.8-69.el7

• redhat•rh-ruby23-rubygem-did_you_mean

  < 0:1.0.0-69.el6 | < 0:1.0.0-69.el7

• redhat•rh-ruby23-rubygem-io-console

  < 0:0.4.5-69.el6 | < 0:0.4.5-69.el7

• redhat•rh-ruby23-rubygem-json

  < 0:1.8.3.1-69.el6 | < 0:1.8.3.1-69.el7

• redhat•rh-ruby23-rubygem-minitest

  < 0:5.8.5-69.el6 | < 0:5.8.5-69.el7

• redhat•rh-ruby23-rubygem-net-telnet

  < 0:0.1.1-69.el6 | < 0:0.1.1-69.el7

• redhat•rh-ruby23-rubygem-power_assert

  < 0:0.2.6-69.el6 | < 0:0.2.6-69.el7

• redhat•rh-ruby23-rubygem-psych

  < 0:2.1.0.1-69.el6 | < 0:2.1.0.1-69.el7

• redhat•rh-ruby23-rubygem-rake

  < 0:10.4.2-69.el6 | < 0:10.4.2-69.el7

• redhat•rh-ruby23-rubygem-rdoc

  < 0:4.2.1-69.el6 | < 0:4.2.1-69.el7

• redhat•rh-ruby23-rubygem-test-unit

  < 0:3.1.5-69.el6 | < 0:3.1.5-69.el7

• redhat•rh-ruby23-rubygems

  < 0:2.5.2.3-69.el6 | < 0:2.5.2.3-69.el7

• redhat•rh-ruby23-rubygems-devel

  < 0:2.5.2.3-69.el6 | < 0:2.5.2.3-69.el7

References (73)

• https://access.redhat.com/errata/RHSA-2018:3729
• https://access.redhat.com/security/updates/classification/#important
• https://bugzilla.redhat.com/show_bug.cgi?id=1547418
• https://bugzilla.redhat.com/show_bug.cgi?id=1547419
• https://bugzilla.redhat.com/show_bug.cgi?id=1547420
• https://bugzilla.redhat.com/show_bug.cgi?id=1547421
• https://bugzilla.redhat.com/show_bug.cgi?id=1547422
• https://bugzilla.redhat.com/show_bug.cgi?id=1547425
• https://bugzilla.redhat.com/show_bug.cgi?id=1547426
• https://bugzilla.redhat.com/show_bug.cgi?id=1561947
• https://bugzilla.redhat.com/show_bug.cgi?id=1561948
• https://bugzilla.redhat.com/show_bug.cgi?id=1561949
• https://bugzilla.redhat.com/show_bug.cgi?id=1561950
• https://bugzilla.redhat.com/show_bug.cgi?id=1561952
• https://bugzilla.redhat.com/show_bug.cgi?id=1561953
• https://bugzilla.redhat.com/show_bug.cgi?id=1643086
• https://bugzilla.redhat.com/show_bug.cgi?id=1643089
• https://bugzilla.redhat.com/show_bug.cgi?id=1650591
• https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3729.json
• https://access.redhat.com/security/cve/CVE-2017-17742
• https://www.cve.org/CVERecord?id=CVE-2017-17742
• https://nvd.nist.gov/vuln/detail/CVE-2017-17742
• https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
• https://access.redhat.com/security/cve/CVE-2018-6914
• https://www.cve.org/CVERecord?id=CVE-2018-6914
• https://nvd.nist.gov/vuln/detail/CVE-2018-6914
• https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
• https://access.redhat.com/security/cve/CVE-2018-8777
• https://www.cve.org/CVERecord?id=CVE-2018-8777
• https://nvd.nist.gov/vuln/detail/CVE-2018-8777
• https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/
• https://access.redhat.com/security/cve/CVE-2018-8778
• https://www.cve.org/CVERecord?id=CVE-2018-8778
• https://nvd.nist.gov/vuln/detail/CVE-2018-8778
• https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
• https://access.redhat.com/security/cve/CVE-2018-8779
• https://www.cve.org/CVERecord?id=CVE-2018-8779
• https://nvd.nist.gov/vuln/detail/CVE-2018-8779
• https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
• https://access.redhat.com/security/cve/CVE-2018-8780
• https://www.cve.org/CVERecord?id=CVE-2018-8780
• https://nvd.nist.gov/vuln/detail/CVE-2018-8780
• https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
• https://access.redhat.com/security/cve/CVE-2018-16395
• https://www.cve.org/CVERecord?id=CVE-2018-16395
• https://nvd.nist.gov/vuln/detail/CVE-2018-16395
• https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
• https://access.redhat.com/security/cve/CVE-2018-16396
• https://www.cve.org/CVERecord?id=CVE-2018-16396
• https://nvd.nist.gov/vuln/detail/CVE-2018-16396
• https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
• https://access.redhat.com/security/cve/CVE-2018-1000073
• https://www.cve.org/CVERecord?id=CVE-2018-1000073
• https://nvd.nist.gov/vuln/detail/CVE-2018-1000073
• https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
• https://access.redhat.com/security/cve/CVE-2018-1000074
• https://www.cve.org/CVERecord?id=CVE-2018-1000074
• https://nvd.nist.gov/vuln/detail/CVE-2018-1000074
• https://access.redhat.com/security/cve/CVE-2018-1000075
• https://www.cve.org/CVERecord?id=CVE-2018-1000075
• https://nvd.nist.gov/vuln/detail/CVE-2018-1000075
• https://access.redhat.com/security/cve/CVE-2018-1000076
• https://www.cve.org/CVERecord?id=CVE-2018-1000076
• https://nvd.nist.gov/vuln/detail/CVE-2018-1000076
• https://access.redhat.com/security/cve/CVE-2018-1000077
• https://www.cve.org/CVERecord?id=CVE-2018-1000077
• https://nvd.nist.gov/vuln/detail/CVE-2018-1000077
• https://access.redhat.com/security/cve/CVE-2018-1000078
• https://www.cve.org/CVERecord?id=CVE-2018-1000078
• https://nvd.nist.gov/vuln/detail/CVE-2018-1000078
• https://access.redhat.com/security/cve/CVE-2018-1000079
• https://www.cve.org/CVERecord?id=CVE-2018-1000079
• https://nvd.nist.gov/vuln/detail/CVE-2018-1000079