AlmaLinux 2324 Published by

A ruby:2.7 security update has been released for AlmaLinux.



ALSA-2021:3020 Important: ruby:2.7 security update


Type:
security

Severity:
important

Release date:
2021-08-05

Description
Security Fix(es):
* rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327)
* rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799)
* ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810)
* ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2020-36327
CVE-2021-31799
CVE-2021-31810
CVE-2021-32066

Updates packages:
ruby-2.7.4-137.module_el8.4.0+2515+f744ca41.x86_64.rpm
ruby-default-gems-2.7.4-137.module_el8.4.0+2515+f744ca41.noarch.rpm
ruby-devel-2.7.4-137.module_el8.4.0+2515+f744ca41.x86_64.rpm
ruby-doc-2.7.4-137.module_el8.4.0+2515+f744ca41.noarch.rpm
ruby-libs-2.7.4-137.module_el8.4.0+2515+f744ca41.x86_64.rpm
rubygem-bigdecimal-2.0.0-137.module_el8.4.0+2515+f744ca41.x86_64.rpm
rubygem-bundler-2.2.24-137.module_el8.4.0+2515+f744ca41.noarch.rpm
rubygem-io-console-0.5.6-137.module_el8.4.0+2515+f744ca41.x86_64.rpm
rubygem-irb-1.2.6-137.module_el8.4.0+2515+f744ca41.noarch.rpm
rubygem-json-2.3.0-137.module_el8.4.0+2515+f744ca41.x86_64.rpm
rubygem-minitest-5.13.0-137.module_el8.4.0+2515+f744ca41.noarch.rpm
rubygem-net-telnet-0.2.0-137.module_el8.4.0+2515+f744ca41.noarch.rpm
rubygem-openssl-2.1.2-137.module_el8.4.0+2515+f744ca41.x86_64.rpm
rubygem-power_assert-1.1.7-137.module_el8.4.0+2515+f744ca41.noarch.rpm
rubygem-psych-3.1.0-137.module_el8.4.0+2515+f744ca41.x86_64.rpm
rubygem-rake-13.0.1-137.module_el8.4.0+2515+f744ca41.noarch.rpm
rubygem-rdoc-6.2.1.1-137.module_el8.4.0+2515+f744ca41.noarch.rpm
rubygem-test-unit-3.3.4-137.module_el8.4.0+2515+f744ca41.noarch.rpm
rubygem-xmlrpc-0.3.0-137.module_el8.4.0+2515+f744ca41.noarch.rpm
rubygems-3.1.6-137.module_el8.4.0+2515+f744ca41.noarch.rpm
rubygems-devel-3.1.6-137.module_el8.4.0+2515+f744ca41.noarch.rpm

Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2021:3020 Important: ruby:2.7 security update