RHSA-2022:0543
Vulnerability Summary
Timeline
Description
Red Hat Security Advisory: ruby:2.6 security update
CVSS Metrics
- v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Systems
- redhat•ruby
< 0:2.6.9-108.module+el8.5.0+13719+08a8ba32
- redhat•ruby-debuginfo
< 0:2.6.9-108.module+el8.5.0+13719+08a8ba32
- redhat•ruby-debugsource
< 0:2.6.9-108.module+el8.5.0+13719+08a8ba32
- redhat•ruby-devel
< 0:2.6.9-108.module+el8.5.0+13719+08a8ba32
- redhat•ruby-doc
< 0:2.6.9-108.module+el8.5.0+13719+08a8ba32
- redhat•ruby-libs
< 0:2.6.9-108.module+el8.5.0+13719+08a8ba32
- redhat•ruby-libs-debuginfo
< 0:2.6.9-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-abrt
< 0:0.3.0-4.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-abrt-doc
< 0:0.3.0-4.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-bigdecimal
< 0:1.4.1-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-bigdecimal-debuginfo
< 0:1.4.1-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-bson
< 0:4.5.0-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-bson-debuginfo
< 0:4.5.0-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-bson-debugsource
< 0:4.5.0-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-bson-doc
< 0:4.5.0-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-bundler
< 0:1.17.2-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-did_you_mean
< 0:1.3.0-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-io-console
< 0:0.4.7-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-io-console-debuginfo
< 0:0.4.7-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-irb
< 0:1.0.0-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-json
< 0:2.1.0-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-json-debuginfo
< 0:2.1.0-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-minitest
< 0:5.11.3-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-mongo
< 0:2.8.0-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-mongo-doc
< 0:2.8.0-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-mysql2
< 0:0.5.2-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-mysql2-debuginfo
< 0:0.5.2-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-mysql2-debugsource
< 0:0.5.2-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-mysql2-doc
< 0:0.5.2-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-net-telnet
< 0:0.2.0-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-openssl
< 0:2.1.2-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-openssl-debuginfo
< 0:2.1.2-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-pg
< 0:1.1.4-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-pg-debuginfo
< 0:1.1.4-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-pg-debugsource
< 0:1.1.4-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-pg-doc
< 0:1.1.4-1.module+el8.1.0+3653+beb38eb0
- redhat•rubygem-power_assert
< 0:1.1.3-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-psych
< 0:3.1.0-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-psych-debuginfo
< 0:3.1.0-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-rake
< 0:12.3.3-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-rdoc
< 0:6.1.2.1-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-test-unit
< 0:3.2.9-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygem-xmlrpc
< 0:0.3.0-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygems
< 0:3.0.3.1-108.module+el8.5.0+13719+08a8ba32
- redhat•rubygems-devel
< 0:3.0.3.1-108.module+el8.5.0+13719+08a8ba32
References (33)
- https://access.redhat.com/errata/RHSA-2022:0543
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/articles/6206172
- https://bugzilla.redhat.com/show_bug.cgi?id=1958999
- https://bugzilla.redhat.com/show_bug.cgi?id=1980126
- https://bugzilla.redhat.com/show_bug.cgi?id=1980128
- https://bugzilla.redhat.com/show_bug.cgi?id=1980132
- https://bugzilla.redhat.com/show_bug.cgi?id=2025104
- https://bugzilla.redhat.com/show_bug.cgi?id=2026757
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0543.json
- https://access.redhat.com/security/cve/CVE-2020-36327
- https://www.cve.org/CVERecord?id=CVE-2020-36327
- https://nvd.nist.gov/vuln/detail/CVE-2020-36327
- https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327/
- https://access.redhat.com/security/cve/CVE-2021-31799
- https://www.cve.org/CVERecord?id=CVE-2021-31799
- https://nvd.nist.gov/vuln/detail/CVE-2021-31799
- https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
- https://access.redhat.com/security/cve/CVE-2021-31810
- https://www.cve.org/CVERecord?id=CVE-2021-31810
- https://nvd.nist.gov/vuln/detail/CVE-2021-31810
- https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
- https://access.redhat.com/security/cve/CVE-2021-32066
- https://www.cve.org/CVERecord?id=CVE-2021-32066
- https://nvd.nist.gov/vuln/detail/CVE-2021-32066
- https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/
- https://access.redhat.com/security/cve/CVE-2021-41817
- https://www.cve.org/CVERecord?id=CVE-2021-41817
- https://nvd.nist.gov/vuln/detail/CVE-2021-41817
- https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
- https://access.redhat.com/security/cve/CVE-2021-41819
- https://www.cve.org/CVERecord?id=CVE-2021-41819
- https://nvd.nist.gov/vuln/detail/CVE-2021-41819