A ruby:2.7 security, bug fix, and enhancement update has been released for AlmaLinux 8.
ALSA-2022:6447 Moderate: ruby:2.7 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2022-10-07
Description
The following packages have been upgraded to a later upstream version: ruby (2.7.6). (BZ#2109424)
Security Fix(es):
* ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)
* ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)
* Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
RHSA-2022:6447
CVE-2021-41817
CVE-2021-41819
CVE-2022-28739
ALSA-2022:6447
Updates packages:
rubygem-io-console-0.5.6-138.module_el8.6.0+3263+904da987.s390x.rpm
rubygem-bigdecimal-2.0.0-138.module_el8.6.0+3263+904da987.s390x.rpm
rubygem-irb-1.2.6-138.module_el8.6.0+3263+904da987.noarch.rpm
rubygem-openssl-2.1.3-138.module_el8.6.0+3263+904da987.s390x.rpm
ruby-2.7.6-138.module_el8.6.0+3263+904da987.s390x.rpm
rubygem-bundler-2.2.24-138.module_el8.6.0+3263+904da987.noarch.rpm
ruby-libs-2.7.6-138.module_el8.6.0+3263+904da987.s390x.rpm
rubygem-bson-4.8.1-1.module_el8.6.0+3167+957ef55e.s390x.rpm
rubygem-rdoc-6.2.1.1-138.module_el8.6.0+3263+904da987.noarch.rpm
rubygem-net-telnet-0.2.0-138.module_el8.6.0+3263+904da987.noarch.rpm
ruby-devel-2.7.6-138.module_el8.6.0+3263+904da987.s390x.rpm
rubygem-rake-13.0.1-138.module_el8.6.0+3263+904da987.noarch.rpm
rubygem-xmlrpc-0.3.0-138.module_el8.6.0+3263+904da987.noarch.rpm
rubygems-3.1.6-138.module_el8.6.0+3263+904da987.noarch.rpm
rubygem-mysql2-0.5.3-1.module_el8.6.0+3167+957ef55e.s390x.rpm
rubygem-test-unit-3.3.4-138.module_el8.6.0+3263+904da987.noarch.rpm
ruby-default-gems-2.7.6-138.module_el8.6.0+3263+904da987.noarch.rpm
ruby-doc-2.7.6-138.module_el8.6.0+3263+904da987.noarch.rpm
rubygem-json-2.3.0-138.module_el8.6.0+3263+904da987.s390x.rpm
rubygems-devel-3.1.6-138.module_el8.6.0+3263+904da987.noarch.rpm
rubygem-power_assert-1.1.7-138.module_el8.6.0+3263+904da987.noarch.rpm
rubygem-pg-1.2.3-1.module_el8.6.0+3167+957ef55e.s390x.rpm
rubygem-minitest-5.13.0-138.module_el8.6.0+3263+904da987.noarch.rpm
rubygem-psych-3.1.0-138.module_el8.6.0+3263+904da987.s390x.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2022:6447 Moderate: ruby:2.7 security, bug fix, and enhancement update