Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0860 Important: rh-ruby security, bug fix, and enhancement update 27 March 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: rh-ruby22-ruby rh-ruby23-ruby rh-ruby24-ruby Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Overwrite Arbitrary Files -- Remote with User Interaction Create Arbitrary Files -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-17790 CVE-2017-17405 CVE-2017-14064 CVE-2017-14033 CVE-2017-10784 CVE-2017-0903 CVE-2017-0902 CVE-2017-0901 CVE-2017-0900 CVE-2017-0899 CVE-2017-0898 CVE-2015-7551 CVE-2009-5147 Reference: ASB-2017.0137 ESB-2018.0591 ESB-2018.0314 ESB-2017.3238 ESB-2017.2869 ESB-2017.2557 ESB-2017.2520 Original Bulletin: https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0584 https://access.redhat.com/errata/RHSA-2018:0585 Comment: This bulletin contains three (3) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-ruby22-ruby security, bug fix, and enhancement update Advisory ID: RHSA-2018:0583-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:0583 Issue date: 2018-03-26 CVE Names: CVE-2009-5147 CVE-2015-7551 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17790 ===================================================================== 1. Summary: An update for rh-ruby22-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby22-ruby (2.2.9), rh-ruby22-rubygems (2.4.5.4), rh-ruby22-rubygem-psych (2.0.8.1), rh-ruby22-rubygem-json (1.8.1.1). (BZ#1549646) Security Fix(es): * ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405) * ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898) * rubygems: Arbitrary file overwrite due to incorrect validation of specification name (CVE-2017-0901) * rubygems: DNS hijacking vulnerability (CVE-2017-0902) * rubygems: Unsafe object deserialization through YAML formatted gem specifications (CVE-2017-0903) * ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick (CVE-2017-10784) * ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033) * ruby: DL::dlopen could open a library with tainted library name (CVE-2009-5147, CVE-2015-7551) * rubygems: Escape sequence in the "summary" field of gemspec (CVE-2017-0899) * rubygems: No size limit in summary length of gem spec (CVE-2017-0900) * ruby: Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064) * ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution (CVE-2017-17790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1248935 - CVE-2009-5147 CVE-2015-7551 ruby: DL::dlopen could open a library with tainted library name 1487552 - CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call 1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name 1487588 - CVE-2017-0900 rubygems: No size limit in summary length of gem spec 1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability 1487590 - CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec 1491866 - CVE-2017-14033 ruby: Buffer underrun in OpenSSL ASN1 decode 1492012 - CVE-2017-10784 ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick 1492015 - CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf 1500488 - CVE-2017-0903 rubygems: Unsafe object deserialization through YAML formatted gem specifications 1526189 - CVE-2017-17405 ruby: Command injection vulnerability in Net::FTP 1528218 - CVE-2017-17790 ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution 1549646 - Rebase to the latest Ruby 2.2 point release 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-ruby22-ruby-2.2.9-19.el6.src.rpm noarch: rh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm x86_64: rh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-ruby22-ruby-2.2.9-19.el6.src.rpm noarch: rh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm x86_64: rh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-ruby22-ruby-2.2.9-19.el6.src.rpm noarch: rh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm x86_64: rh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ruby22-ruby-2.2.9-19.el7.src.rpm noarch: rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm x86_64: rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-ruby22-ruby-2.2.9-19.el7.src.rpm noarch: rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm x86_64: rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-ruby22-ruby-2.2.9-19.el7.src.rpm noarch: rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm x86_64: rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ruby22-ruby-2.2.9-19.el7.src.rpm noarch: rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm x86_64: rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2009-5147 https://access.redhat.com/security/cve/CVE-2015-7551 https://access.redhat.com/security/cve/CVE-2017-0898 https://access.redhat.com/security/cve/CVE-2017-0899 https://access.redhat.com/security/cve/CVE-2017-0900 https://access.redhat.com/security/cve/CVE-2017-0901 https://access.redhat.com/security/cve/CVE-2017-0902 https://access.redhat.com/security/cve/CVE-2017-0903 https://access.redhat.com/security/cve/CVE-2017-10784 https://access.redhat.com/security/cve/CVE-2017-14033 https://access.redhat.com/security/cve/CVE-2017-14064 https://access.redhat.com/security/cve/CVE-2017-17405 https://access.redhat.com/security/cve/CVE-2017-17790 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFauMCwXlSAg2UNWIIRAt7+AKCI6oUS1rfveUw8jicxIi6EpIyH4wCgqBO0 GhFJ0ZG9kuNetqyols+muU4= =ZJq+ - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-ruby23-ruby security, bug fix, and enhancement update Advisory ID: RHSA-2018:0585-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:0585 Issue date: 2018-03-26 CVE Names: CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17790 ===================================================================== 1. Summary: An update for rh-ruby23-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby23-ruby (2.3.6), rh-ruby23-rubygems (2.5.2.2), rh-ruby23-rubygem-json (1.8.3.1), rh-ruby23-rubygem-minitest (5.8.5), rh-ruby23-rubygem-psych (2.1.0.1). (BZ#1549649) Security Fix(es): * ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405) * ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898) * rubygems: Arbitrary file overwrite due to incorrect validation of specification name (CVE-2017-0901) * rubygems: DNS hijacking vulnerability (CVE-2017-0902) * rubygems: Unsafe object deserialization through YAML formatted gem specifications (CVE-2017-0903) * ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick (CVE-2017-10784) * ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033) * rubygems: Escape sequence in the "summary" field of gemspec (CVE-2017-0899) * rubygems: No size limit in summary length of gem spec (CVE-2017-0900) * ruby: Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064) * ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution (CVE-2017-17790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1487552 - CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call 1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name 1487588 - CVE-2017-0900 rubygems: No size limit in summary length of gem spec 1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability 1487590 - CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec 1491866 - CVE-2017-14033 ruby: Buffer underrun in OpenSSL ASN1 decode 1492012 - CVE-2017-10784 ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick 1492015 - CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf 1500488 - CVE-2017-0903 rubygems: Unsafe object deserialization through YAML formatted gem specifications 1526189 - CVE-2017-17405 ruby: Command injection vulnerability in Net::FTP 1528218 - CVE-2017-17790 ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution 1549649 - Rebase to the latest Ruby 2.3 point release 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-ruby23-ruby-2.3.6-67.el6.src.rpm noarch: rh-ruby23-ruby-doc-2.3.6-67.el6.noarch.rpm rh-ruby23-ruby-irb-2.3.6-67.el6.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-67.el6.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-67.el6.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-67.el6.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-67.el6.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-67.el6.noarch.rpm rh-ruby23-rubygems-2.5.2.2-67.el6.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.2-67.el6.noarch.rpm x86_64: rh-ruby23-ruby-2.3.6-67.el6.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.6-67.el6.x86_64.rpm rh-ruby23-ruby-devel-2.3.6-67.el6.x86_64.rpm rh-ruby23-ruby-libs-2.3.6-67.el6.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.6-67.el6.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-67.el6.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-67.el6.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-67.el6.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-67.el6.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-67.el6.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-67.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-ruby23-ruby-2.3.6-67.el6.src.rpm noarch: rh-ruby23-ruby-doc-2.3.6-67.el6.noarch.rpm rh-ruby23-ruby-irb-2.3.6-67.el6.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-67.el6.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-67.el6.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-67.el6.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-67.el6.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-67.el6.noarch.rpm rh-ruby23-rubygems-2.5.2.2-67.el6.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.2-67.el6.noarch.rpm x86_64: rh-ruby23-ruby-2.3.6-67.el6.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.6-67.el6.x86_64.rpm rh-ruby23-ruby-devel-2.3.6-67.el6.x86_64.rpm rh-ruby23-ruby-libs-2.3.6-67.el6.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.6-67.el6.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-67.el6.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-67.el6.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-67.el6.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-67.el6.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-67.el6.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-67.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-ruby23-ruby-2.3.6-67.el6.src.rpm noarch: rh-ruby23-ruby-doc-2.3.6-67.el6.noarch.rpm rh-ruby23-ruby-irb-2.3.6-67.el6.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-67.el6.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-67.el6.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-67.el6.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-67.el6.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-67.el6.noarch.rpm rh-ruby23-rubygems-2.5.2.2-67.el6.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.2-67.el6.noarch.rpm x86_64: rh-ruby23-ruby-2.3.6-67.el6.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.6-67.el6.x86_64.rpm rh-ruby23-ruby-devel-2.3.6-67.el6.x86_64.rpm rh-ruby23-ruby-libs-2.3.6-67.el6.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.6-67.el6.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-67.el6.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-67.el6.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-67.el6.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-67.el6.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-67.el6.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-67.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ruby23-ruby-2.3.6-67.el7.src.rpm noarch: rh-ruby23-ruby-doc-2.3.6-67.el7.noarch.rpm rh-ruby23-ruby-irb-2.3.6-67.el7.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-67.el7.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-67.el7.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-67.el7.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-67.el7.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-67.el7.noarch.rpm rh-ruby23-rubygems-2.5.2.2-67.el7.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.2-67.el7.noarch.rpm x86_64: rh-ruby23-ruby-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-devel-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-libs-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.6-67.el7.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-67.el7.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-67.el7.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-67.el7.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-67.el7.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-67.el7.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-67.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-ruby23-ruby-2.3.6-67.el7.src.rpm noarch: rh-ruby23-ruby-doc-2.3.6-67.el7.noarch.rpm rh-ruby23-ruby-irb-2.3.6-67.el7.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-67.el7.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-67.el7.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-67.el7.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-67.el7.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-67.el7.noarch.rpm rh-ruby23-rubygems-2.5.2.2-67.el7.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.2-67.el7.noarch.rpm x86_64: rh-ruby23-ruby-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-devel-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-libs-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.6-67.el7.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-67.el7.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-67.el7.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-67.el7.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-67.el7.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-67.el7.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-67.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-ruby23-ruby-2.3.6-67.el7.src.rpm noarch: rh-ruby23-ruby-doc-2.3.6-67.el7.noarch.rpm rh-ruby23-ruby-irb-2.3.6-67.el7.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-67.el7.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-67.el7.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-67.el7.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-67.el7.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-67.el7.noarch.rpm rh-ruby23-rubygems-2.5.2.2-67.el7.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.2-67.el7.noarch.rpm x86_64: rh-ruby23-ruby-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-devel-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-libs-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.6-67.el7.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-67.el7.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-67.el7.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-67.el7.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-67.el7.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-67.el7.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-67.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ruby23-ruby-2.3.6-67.el7.src.rpm noarch: rh-ruby23-ruby-doc-2.3.6-67.el7.noarch.rpm rh-ruby23-ruby-irb-2.3.6-67.el7.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-67.el7.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-67.el7.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-67.el7.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-67.el7.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-67.el7.noarch.rpm rh-ruby23-rubygems-2.5.2.2-67.el7.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.2-67.el7.noarch.rpm x86_64: rh-ruby23-ruby-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-devel-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-libs-2.3.6-67.el7.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.6-67.el7.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-67.el7.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-67.el7.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-67.el7.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-67.el7.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-67.el7.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-67.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-0898 https://access.redhat.com/security/cve/CVE-2017-0899 https://access.redhat.com/security/cve/CVE-2017-0900 https://access.redhat.com/security/cve/CVE-2017-0901 https://access.redhat.com/security/cve/CVE-2017-0902 https://access.redhat.com/security/cve/CVE-2017-0903 https://access.redhat.com/security/cve/CVE-2017-10784 https://access.redhat.com/security/cve/CVE-2017-14033 https://access.redhat.com/security/cve/CVE-2017-14064 https://access.redhat.com/security/cve/CVE-2017-17405 https://access.redhat.com/security/cve/CVE-2017-17790 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFauMlbXlSAg2UNWIIRAm5nAJ0eb6LhztJ7AP9/kU7vSMsoXg0EhwCfRmFg bMdiP7NH/D0PVEX2sN6DcWw= =u0rr - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-ruby24-ruby security, bug fix, and enhancement update Advisory ID: RHSA-2018:0584-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:0584 Issue date: 2018-03-26 CVE Names: CVE-2017-17405 CVE-2017-17790 ===================================================================== 1. Summary: An update for rh-ruby24-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby (2.4.3). (BZ#1549651) Security Fix(es): * ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405) * ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution (CVE-2017-17790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1526189 - CVE-2017-17405 ruby: Command injection vulnerability in Net::FTP 1528218 - CVE-2017-17790 ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution 1549651 - Rebase to the latest Ruby 2.4 point release 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-ruby24-ruby-2.4.3-90.el6.src.rpm noarch: rh-ruby24-ruby-doc-2.4.3-90.el6.noarch.rpm rh-ruby24-ruby-irb-2.4.3-90.el6.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-90.el6.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-90.el6.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-90.el6.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-90.el6.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-90.el6.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-90.el6.noarch.rpm rh-ruby24-rubygems-2.6.14-90.el6.noarch.rpm rh-ruby24-rubygems-devel-2.6.14-90.el6.noarch.rpm x86_64: rh-ruby24-ruby-2.4.3-90.el6.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.3-90.el6.x86_64.rpm rh-ruby24-ruby-devel-2.4.3-90.el6.x86_64.rpm rh-ruby24-ruby-libs-2.4.3-90.el6.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.0-90.el6.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-90.el6.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-90.el6.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-90.el6.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-90.el6.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.5-90.el6.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-90.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-ruby24-ruby-2.4.3-90.el6.src.rpm noarch: rh-ruby24-ruby-doc-2.4.3-90.el6.noarch.rpm rh-ruby24-ruby-irb-2.4.3-90.el6.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-90.el6.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-90.el6.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-90.el6.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-90.el6.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-90.el6.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-90.el6.noarch.rpm rh-ruby24-rubygems-2.6.14-90.el6.noarch.rpm rh-ruby24-rubygems-devel-2.6.14-90.el6.noarch.rpm x86_64: rh-ruby24-ruby-2.4.3-90.el6.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.3-90.el6.x86_64.rpm rh-ruby24-ruby-devel-2.4.3-90.el6.x86_64.rpm rh-ruby24-ruby-libs-2.4.3-90.el6.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.0-90.el6.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-90.el6.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-90.el6.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-90.el6.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-90.el6.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.5-90.el6.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-90.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-ruby24-ruby-2.4.3-90.el6.src.rpm noarch: rh-ruby24-ruby-doc-2.4.3-90.el6.noarch.rpm rh-ruby24-ruby-irb-2.4.3-90.el6.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-90.el6.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-90.el6.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-90.el6.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-90.el6.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-90.el6.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-90.el6.noarch.rpm rh-ruby24-rubygems-2.6.14-90.el6.noarch.rpm rh-ruby24-rubygems-devel-2.6.14-90.el6.noarch.rpm x86_64: rh-ruby24-ruby-2.4.3-90.el6.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.3-90.el6.x86_64.rpm rh-ruby24-ruby-devel-2.4.3-90.el6.x86_64.rpm rh-ruby24-ruby-libs-2.4.3-90.el6.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.0-90.el6.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-90.el6.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-90.el6.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-90.el6.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-90.el6.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.5-90.el6.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-90.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ruby24-ruby-2.4.3-90.el7.src.rpm noarch: rh-ruby24-ruby-doc-2.4.3-90.el7.noarch.rpm rh-ruby24-ruby-irb-2.4.3-90.el7.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-90.el7.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-90.el7.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-90.el7.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-90.el7.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-90.el7.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-90.el7.noarch.rpm rh-ruby24-rubygems-2.6.14-90.el7.noarch.rpm rh-ruby24-rubygems-devel-2.6.14-90.el7.noarch.rpm x86_64: rh-ruby24-ruby-2.4.3-90.el7.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.3-90.el7.x86_64.rpm rh-ruby24-ruby-devel-2.4.3-90.el7.x86_64.rpm rh-ruby24-ruby-libs-2.4.3-90.el7.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.0-90.el7.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-90.el7.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-90.el7.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-90.el7.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-90.el7.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.5-90.el7.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-90.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-ruby24-ruby-2.4.3-90.el7.src.rpm noarch: rh-ruby24-ruby-doc-2.4.3-90.el7.noarch.rpm rh-ruby24-ruby-irb-2.4.3-90.el7.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-90.el7.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-90.el7.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-90.el7.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-90.el7.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-90.el7.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-90.el7.noarch.rpm rh-ruby24-rubygems-2.6.14-90.el7.noarch.rpm rh-ruby24-rubygems-devel-2.6.14-90.el7.noarch.rpm x86_64: rh-ruby24-ruby-2.4.3-90.el7.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.3-90.el7.x86_64.rpm rh-ruby24-ruby-devel-2.4.3-90.el7.x86_64.rpm rh-ruby24-ruby-libs-2.4.3-90.el7.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.0-90.el7.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-90.el7.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-90.el7.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-90.el7.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-90.el7.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.5-90.el7.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-90.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-ruby24-ruby-2.4.3-90.el7.src.rpm noarch: rh-ruby24-ruby-doc-2.4.3-90.el7.noarch.rpm rh-ruby24-ruby-irb-2.4.3-90.el7.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-90.el7.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-90.el7.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-90.el7.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-90.el7.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-90.el7.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-90.el7.noarch.rpm rh-ruby24-rubygems-2.6.14-90.el7.noarch.rpm rh-ruby24-rubygems-devel-2.6.14-90.el7.noarch.rpm x86_64: rh-ruby24-ruby-2.4.3-90.el7.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.3-90.el7.x86_64.rpm rh-ruby24-ruby-devel-2.4.3-90.el7.x86_64.rpm rh-ruby24-ruby-libs-2.4.3-90.el7.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.0-90.el7.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-90.el7.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-90.el7.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-90.el7.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-90.el7.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.5-90.el7.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-90.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ruby24-ruby-2.4.3-90.el7.src.rpm noarch: rh-ruby24-ruby-doc-2.4.3-90.el7.noarch.rpm rh-ruby24-ruby-irb-2.4.3-90.el7.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-90.el7.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-90.el7.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-90.el7.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-90.el7.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-90.el7.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-90.el7.noarch.rpm rh-ruby24-rubygems-2.6.14-90.el7.noarch.rpm rh-ruby24-rubygems-devel-2.6.14-90.el7.noarch.rpm x86_64: rh-ruby24-ruby-2.4.3-90.el7.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.3-90.el7.x86_64.rpm rh-ruby24-ruby-devel-2.4.3-90.el7.x86_64.rpm rh-ruby24-ruby-libs-2.4.3-90.el7.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.0-90.el7.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-90.el7.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-90.el7.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-90.el7.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-90.el7.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.5-90.el7.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-90.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-17405 https://access.redhat.com/security/cve/CVE-2017-17790 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFauMTlXlSAg2UNWIIRAklMAJwIovc2M3b84x7czyHfrcPa9FiDCQCfZ3Ka FYQX28iN0ScoCYxXXXVOIvk= =ozXE - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWrmSl4x+lLeg9Ub1AQgjcRAAkdjLXQb++FWCRGDI5antdJBiouRyUuIl U3wIvr3FDjMGxs+Gyu8QNZifDXb3tU5tqglBKmf7hklecWnTCnU1BHPmdeeLYA8I ZeXWjhd1pjqTW/kmg3sPOrlhuJ2fvtLIm6TfpzSLcuqlHCaSOIUB6+D31eIQL30y n9KQ1TBOyXcfxRJZUbOav++lV7pAqwtU9JlXfg1AA+YXt2XRBlItFKbngIU/xn6h B7I8UlwlX4vy2x9TqBpzpgaabZLoEIx3c2HfykPDnzZI/SF/9tk70EJz+MYCUyHb icJcLYnGDP+WAMoVOhVbjNAKLRpwfswr4qcrQWaoRkr18cthcIR93ERPOhKfGocT iGtASuPWCxCKRxz/Ut0+9hGIzLF03hGSK2hxwYVpyaJ1i6hGoiL3c3krvMlHqSEu n9MSAvo/wI/2P4YHHKPUoJ1kkbHnAwctEDmlJTvkI5DfmDRh6U9R9LxmHF6Of1kI /k/1B7DLOpJ0qcXJjUuDx/iJvVSIOwFjrcRrQ8cIwH5KNREnRuwHj6d70qd4E1XH Vc5cYBbRJ65DMExHQlBJSI/emKuRzUBPQSX/akhGJNcWbGw88nXLtZCzMvBD4H+f tkbMHDjaQM27IPQwP06m7qCPlX4GotND90vFI2iProYHoLvBvASjyjxMdWu4JeoW c/0p6XijhWA= =/2q1 -----END PGP SIGNATURE-----