Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.0860
Important: rh-ruby security, bug fix, and enhancement update
27 March 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: rh-ruby22-ruby
rh-ruby23-ruby
rh-ruby24-ruby
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Overwrite Arbitrary Files -- Remote with User Interaction
Create Arbitrary Files -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2017-17790 CVE-2017-17405 CVE-2017-14064
CVE-2017-14033 CVE-2017-10784 CVE-2017-0903
CVE-2017-0902 CVE-2017-0901 CVE-2017-0900
CVE-2017-0899 CVE-2017-0898 CVE-2015-7551
CVE-2009-5147
Reference: ASB-2017.0137
ESB-2018.0591
ESB-2018.0314
ESB-2017.3238
ESB-2017.2869
ESB-2017.2557
ESB-2017.2520
Original Bulletin:
https://access.redhat.com/errata/RHSA-2018:0583
https://access.redhat.com/errata/RHSA-2018:0584
https://access.redhat.com/errata/RHSA-2018:0585
Comment: This bulletin contains three (3) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-ruby22-ruby security, bug fix, and enhancement update
Advisory ID: RHSA-2018:0583-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2018:0583
Issue date: 2018-03-26
CVE Names: CVE-2009-5147 CVE-2015-7551 CVE-2017-0898
CVE-2017-0899 CVE-2017-0900 CVE-2017-0901
CVE-2017-0902 CVE-2017-0903 CVE-2017-10784
CVE-2017-14033 CVE-2017-14064 CVE-2017-17405
CVE-2017-17790
=====================================================================
1. Summary:
An update for rh-ruby22-ruby is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
3. Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version:
rh-ruby22-ruby (2.2.9), rh-ruby22-rubygems (2.4.5.4),
rh-ruby22-rubygem-psych (2.0.8.1), rh-ruby22-rubygem-json (1.8.1.1).
(BZ#1549646)
Security Fix(es):
* ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405)
* ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898)
* rubygems: Arbitrary file overwrite due to incorrect validation of
specification name (CVE-2017-0901)
* rubygems: DNS hijacking vulnerability (CVE-2017-0902)
* rubygems: Unsafe object deserialization through YAML formatted gem
specifications (CVE-2017-0903)
* ruby: Escape sequence injection vulnerability in the Basic authentication
of WEBrick (CVE-2017-10784)
* ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033)
* ruby: DL::dlopen could open a library with tainted library name
(CVE-2009-5147, CVE-2015-7551)
* rubygems: Escape sequence in the "summary" field of gemspec
(CVE-2017-0899)
* rubygems: No size limit in summary length of gem spec (CVE-2017-0900)
* ruby: Arbitrary heap exposure during a JSON.generate call
(CVE-2017-14064)
* ruby: Command injection in lib/resolv.rb:lazy_initialize() allows
arbitrary code execution (CVE-2017-17790)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1248935 - CVE-2009-5147 CVE-2015-7551 ruby: DL::dlopen could open a library with tainted library name
1487552 - CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call
1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name
1487588 - CVE-2017-0900 rubygems: No size limit in summary length of gem spec
1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability
1487590 - CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec
1491866 - CVE-2017-14033 ruby: Buffer underrun in OpenSSL ASN1 decode
1492012 - CVE-2017-10784 ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
1492015 - CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf
1500488 - CVE-2017-0903 rubygems: Unsafe object deserialization through YAML formatted gem specifications
1526189 - CVE-2017-17405 ruby: Command injection vulnerability in Net::FTP
1528218 - CVE-2017-17790 ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution
1549646 - Rebase to the latest Ruby 2.2 point release
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-ruby22-ruby-2.2.9-19.el6.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source:
rh-ruby22-ruby-2.2.9-19.el6.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
rh-ruby22-ruby-2.2.9-19.el6.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-ruby22-ruby-2.2.9-19.el7.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source:
rh-ruby22-ruby-2.2.9-19.el7.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source:
rh-ruby22-ruby-2.2.9-19.el7.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-ruby22-ruby-2.2.9-19.el7.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2009-5147
https://access.redhat.com/security/cve/CVE-2015-7551
https://access.redhat.com/security/cve/CVE-2017-0898
https://access.redhat.com/security/cve/CVE-2017-0899
https://access.redhat.com/security/cve/CVE-2017-0900
https://access.redhat.com/security/cve/CVE-2017-0901
https://access.redhat.com/security/cve/CVE-2017-0902
https://access.redhat.com/security/cve/CVE-2017-0903
https://access.redhat.com/security/cve/CVE-2017-10784
https://access.redhat.com/security/cve/CVE-2017-14033
https://access.redhat.com/security/cve/CVE-2017-14064
https://access.redhat.com/security/cve/CVE-2017-17405
https://access.redhat.com/security/cve/CVE-2017-17790
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFauMCwXlSAg2UNWIIRAt7+AKCI6oUS1rfveUw8jicxIi6EpIyH4wCgqBO0
GhFJ0ZG9kuNetqyols+muU4=
=ZJq+
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-ruby23-ruby security, bug fix, and enhancement update
Advisory ID: RHSA-2018:0585-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2018:0585
Issue date: 2018-03-26
CVE Names: CVE-2017-0898 CVE-2017-0899 CVE-2017-0900
CVE-2017-0901 CVE-2017-0902 CVE-2017-0903
CVE-2017-10784 CVE-2017-14033 CVE-2017-14064
CVE-2017-17405 CVE-2017-17790
=====================================================================
1. Summary:
An update for rh-ruby23-ruby is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
3. Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version:
rh-ruby23-ruby (2.3.6), rh-ruby23-rubygems (2.5.2.2),
rh-ruby23-rubygem-json (1.8.3.1), rh-ruby23-rubygem-minitest (5.8.5),
rh-ruby23-rubygem-psych (2.1.0.1). (BZ#1549649)
Security Fix(es):
* ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405)
* ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898)
* rubygems: Arbitrary file overwrite due to incorrect validation of
specification name (CVE-2017-0901)
* rubygems: DNS hijacking vulnerability (CVE-2017-0902)
* rubygems: Unsafe object deserialization through YAML formatted gem
specifications (CVE-2017-0903)
* ruby: Escape sequence injection vulnerability in the Basic authentication
of WEBrick (CVE-2017-10784)
* ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033)
* rubygems: Escape sequence in the "summary" field of gemspec
(CVE-2017-0899)
* rubygems: No size limit in summary length of gem spec (CVE-2017-0900)
* ruby: Arbitrary heap exposure during a JSON.generate call
(CVE-2017-14064)
* ruby: Command injection in lib/resolv.rb:lazy_initialize() allows
arbitrary code execution (CVE-2017-17790)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1487552 - CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call
1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name
1487588 - CVE-2017-0900 rubygems: No size limit in summary length of gem spec
1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability
1487590 - CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec
1491866 - CVE-2017-14033 ruby: Buffer underrun in OpenSSL ASN1 decode
1492012 - CVE-2017-10784 ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
1492015 - CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf
1500488 - CVE-2017-0903 rubygems: Unsafe object deserialization through YAML formatted gem specifications
1526189 - CVE-2017-17405 ruby: Command injection vulnerability in Net::FTP
1528218 - CVE-2017-17790 ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution
1549649 - Rebase to the latest Ruby 2.3 point release
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-ruby23-ruby-2.3.6-67.el6.src.rpm
noarch:
rh-ruby23-ruby-doc-2.3.6-67.el6.noarch.rpm
rh-ruby23-ruby-irb-2.3.6-67.el6.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-67.el6.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-67.el6.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-67.el6.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-67.el6.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-67.el6.noarch.rpm
rh-ruby23-rubygems-2.5.2.2-67.el6.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.2-67.el6.noarch.rpm
x86_64:
rh-ruby23-ruby-2.3.6-67.el6.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.6-67.el6.x86_64.rpm
rh-ruby23-ruby-devel-2.3.6-67.el6.x86_64.rpm
rh-ruby23-ruby-libs-2.3.6-67.el6.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.6-67.el6.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-67.el6.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-67.el6.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-67.el6.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-67.el6.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-67.el6.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-67.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source:
rh-ruby23-ruby-2.3.6-67.el6.src.rpm
noarch:
rh-ruby23-ruby-doc-2.3.6-67.el6.noarch.rpm
rh-ruby23-ruby-irb-2.3.6-67.el6.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-67.el6.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-67.el6.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-67.el6.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-67.el6.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-67.el6.noarch.rpm
rh-ruby23-rubygems-2.5.2.2-67.el6.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.2-67.el6.noarch.rpm
x86_64:
rh-ruby23-ruby-2.3.6-67.el6.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.6-67.el6.x86_64.rpm
rh-ruby23-ruby-devel-2.3.6-67.el6.x86_64.rpm
rh-ruby23-ruby-libs-2.3.6-67.el6.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.6-67.el6.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-67.el6.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-67.el6.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-67.el6.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-67.el6.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-67.el6.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-67.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
rh-ruby23-ruby-2.3.6-67.el6.src.rpm
noarch:
rh-ruby23-ruby-doc-2.3.6-67.el6.noarch.rpm
rh-ruby23-ruby-irb-2.3.6-67.el6.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-67.el6.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-67.el6.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-67.el6.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-67.el6.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-67.el6.noarch.rpm
rh-ruby23-rubygems-2.5.2.2-67.el6.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.2-67.el6.noarch.rpm
x86_64:
rh-ruby23-ruby-2.3.6-67.el6.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.6-67.el6.x86_64.rpm
rh-ruby23-ruby-devel-2.3.6-67.el6.x86_64.rpm
rh-ruby23-ruby-libs-2.3.6-67.el6.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.6-67.el6.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-67.el6.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-67.el6.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-67.el6.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-67.el6.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-67.el6.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-67.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-ruby23-ruby-2.3.6-67.el7.src.rpm
noarch:
rh-ruby23-ruby-doc-2.3.6-67.el7.noarch.rpm
rh-ruby23-ruby-irb-2.3.6-67.el7.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-67.el7.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-67.el7.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-67.el7.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-67.el7.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-67.el7.noarch.rpm
rh-ruby23-rubygems-2.5.2.2-67.el7.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.2-67.el7.noarch.rpm
x86_64:
rh-ruby23-ruby-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-devel-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-libs-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.6-67.el7.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-67.el7.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-67.el7.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-67.el7.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-67.el7.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-67.el7.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-67.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source:
rh-ruby23-ruby-2.3.6-67.el7.src.rpm
noarch:
rh-ruby23-ruby-doc-2.3.6-67.el7.noarch.rpm
rh-ruby23-ruby-irb-2.3.6-67.el7.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-67.el7.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-67.el7.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-67.el7.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-67.el7.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-67.el7.noarch.rpm
rh-ruby23-rubygems-2.5.2.2-67.el7.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.2-67.el7.noarch.rpm
x86_64:
rh-ruby23-ruby-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-devel-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-libs-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.6-67.el7.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-67.el7.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-67.el7.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-67.el7.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-67.el7.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-67.el7.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-67.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source:
rh-ruby23-ruby-2.3.6-67.el7.src.rpm
noarch:
rh-ruby23-ruby-doc-2.3.6-67.el7.noarch.rpm
rh-ruby23-ruby-irb-2.3.6-67.el7.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-67.el7.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-67.el7.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-67.el7.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-67.el7.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-67.el7.noarch.rpm
rh-ruby23-rubygems-2.5.2.2-67.el7.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.2-67.el7.noarch.rpm
x86_64:
rh-ruby23-ruby-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-devel-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-libs-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.6-67.el7.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-67.el7.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-67.el7.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-67.el7.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-67.el7.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-67.el7.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-67.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-ruby23-ruby-2.3.6-67.el7.src.rpm
noarch:
rh-ruby23-ruby-doc-2.3.6-67.el7.noarch.rpm
rh-ruby23-ruby-irb-2.3.6-67.el7.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-67.el7.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-67.el7.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-67.el7.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-67.el7.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-67.el7.noarch.rpm
rh-ruby23-rubygems-2.5.2.2-67.el7.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.2-67.el7.noarch.rpm
x86_64:
rh-ruby23-ruby-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-devel-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-libs-2.3.6-67.el7.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.6-67.el7.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-67.el7.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-67.el7.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-67.el7.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-67.el7.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-67.el7.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-67.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2017-0898
https://access.redhat.com/security/cve/CVE-2017-0899
https://access.redhat.com/security/cve/CVE-2017-0900
https://access.redhat.com/security/cve/CVE-2017-0901
https://access.redhat.com/security/cve/CVE-2017-0902
https://access.redhat.com/security/cve/CVE-2017-0903
https://access.redhat.com/security/cve/CVE-2017-10784
https://access.redhat.com/security/cve/CVE-2017-14033
https://access.redhat.com/security/cve/CVE-2017-14064
https://access.redhat.com/security/cve/CVE-2017-17405
https://access.redhat.com/security/cve/CVE-2017-17790
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFauMlbXlSAg2UNWIIRAm5nAJ0eb6LhztJ7AP9/kU7vSMsoXg0EhwCfRmFg
bMdiP7NH/D0PVEX2sN6DcWw=
=u0rr
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-ruby24-ruby security, bug fix, and enhancement update
Advisory ID: RHSA-2018:0584-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2018:0584
Issue date: 2018-03-26
CVE Names: CVE-2017-17405 CVE-2017-17790
=====================================================================
1. Summary:
An update for rh-ruby24-ruby is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
3. Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version:
rh-ruby24-ruby (2.4.3). (BZ#1549651)
Security Fix(es):
* ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405)
* ruby: Command injection in lib/resolv.rb:lazy_initialize() allows
arbitrary code execution (CVE-2017-17790)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1526189 - CVE-2017-17405 ruby: Command injection vulnerability in Net::FTP
1528218 - CVE-2017-17790 ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution
1549651 - Rebase to the latest Ruby 2.4 point release
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-ruby24-ruby-2.4.3-90.el6.src.rpm
noarch:
rh-ruby24-ruby-doc-2.4.3-90.el6.noarch.rpm
rh-ruby24-ruby-irb-2.4.3-90.el6.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-90.el6.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-90.el6.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-90.el6.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-90.el6.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-90.el6.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-90.el6.noarch.rpm
rh-ruby24-rubygems-2.6.14-90.el6.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-90.el6.noarch.rpm
x86_64:
rh-ruby24-ruby-2.4.3-90.el6.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.3-90.el6.x86_64.rpm
rh-ruby24-ruby-devel-2.4.3-90.el6.x86_64.rpm
rh-ruby24-ruby-libs-2.4.3-90.el6.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-90.el6.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-90.el6.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-90.el6.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-90.el6.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-90.el6.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-90.el6.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-90.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source:
rh-ruby24-ruby-2.4.3-90.el6.src.rpm
noarch:
rh-ruby24-ruby-doc-2.4.3-90.el6.noarch.rpm
rh-ruby24-ruby-irb-2.4.3-90.el6.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-90.el6.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-90.el6.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-90.el6.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-90.el6.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-90.el6.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-90.el6.noarch.rpm
rh-ruby24-rubygems-2.6.14-90.el6.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-90.el6.noarch.rpm
x86_64:
rh-ruby24-ruby-2.4.3-90.el6.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.3-90.el6.x86_64.rpm
rh-ruby24-ruby-devel-2.4.3-90.el6.x86_64.rpm
rh-ruby24-ruby-libs-2.4.3-90.el6.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-90.el6.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-90.el6.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-90.el6.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-90.el6.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-90.el6.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-90.el6.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-90.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
rh-ruby24-ruby-2.4.3-90.el6.src.rpm
noarch:
rh-ruby24-ruby-doc-2.4.3-90.el6.noarch.rpm
rh-ruby24-ruby-irb-2.4.3-90.el6.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-90.el6.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-90.el6.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-90.el6.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-90.el6.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-90.el6.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-90.el6.noarch.rpm
rh-ruby24-rubygems-2.6.14-90.el6.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-90.el6.noarch.rpm
x86_64:
rh-ruby24-ruby-2.4.3-90.el6.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.3-90.el6.x86_64.rpm
rh-ruby24-ruby-devel-2.4.3-90.el6.x86_64.rpm
rh-ruby24-ruby-libs-2.4.3-90.el6.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-90.el6.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-90.el6.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-90.el6.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-90.el6.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-90.el6.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-90.el6.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-90.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-ruby24-ruby-2.4.3-90.el7.src.rpm
noarch:
rh-ruby24-ruby-doc-2.4.3-90.el7.noarch.rpm
rh-ruby24-ruby-irb-2.4.3-90.el7.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-90.el7.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-90.el7.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-90.el7.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-90.el7.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-90.el7.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-90.el7.noarch.rpm
rh-ruby24-rubygems-2.6.14-90.el7.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-90.el7.noarch.rpm
x86_64:
rh-ruby24-ruby-2.4.3-90.el7.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.3-90.el7.x86_64.rpm
rh-ruby24-ruby-devel-2.4.3-90.el7.x86_64.rpm
rh-ruby24-ruby-libs-2.4.3-90.el7.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-90.el7.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-90.el7.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-90.el7.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-90.el7.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-90.el7.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-90.el7.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-90.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source:
rh-ruby24-ruby-2.4.3-90.el7.src.rpm
noarch:
rh-ruby24-ruby-doc-2.4.3-90.el7.noarch.rpm
rh-ruby24-ruby-irb-2.4.3-90.el7.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-90.el7.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-90.el7.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-90.el7.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-90.el7.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-90.el7.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-90.el7.noarch.rpm
rh-ruby24-rubygems-2.6.14-90.el7.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-90.el7.noarch.rpm
x86_64:
rh-ruby24-ruby-2.4.3-90.el7.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.3-90.el7.x86_64.rpm
rh-ruby24-ruby-devel-2.4.3-90.el7.x86_64.rpm
rh-ruby24-ruby-libs-2.4.3-90.el7.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-90.el7.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-90.el7.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-90.el7.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-90.el7.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-90.el7.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-90.el7.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-90.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source:
rh-ruby24-ruby-2.4.3-90.el7.src.rpm
noarch:
rh-ruby24-ruby-doc-2.4.3-90.el7.noarch.rpm
rh-ruby24-ruby-irb-2.4.3-90.el7.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-90.el7.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-90.el7.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-90.el7.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-90.el7.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-90.el7.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-90.el7.noarch.rpm
rh-ruby24-rubygems-2.6.14-90.el7.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-90.el7.noarch.rpm
x86_64:
rh-ruby24-ruby-2.4.3-90.el7.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.3-90.el7.x86_64.rpm
rh-ruby24-ruby-devel-2.4.3-90.el7.x86_64.rpm
rh-ruby24-ruby-libs-2.4.3-90.el7.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-90.el7.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-90.el7.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-90.el7.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-90.el7.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-90.el7.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-90.el7.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-90.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-ruby24-ruby-2.4.3-90.el7.src.rpm
noarch:
rh-ruby24-ruby-doc-2.4.3-90.el7.noarch.rpm
rh-ruby24-ruby-irb-2.4.3-90.el7.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-90.el7.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-90.el7.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-90.el7.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-90.el7.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-90.el7.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-90.el7.noarch.rpm
rh-ruby24-rubygems-2.6.14-90.el7.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-90.el7.noarch.rpm
x86_64:
rh-ruby24-ruby-2.4.3-90.el7.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.3-90.el7.x86_64.rpm
rh-ruby24-ruby-devel-2.4.3-90.el7.x86_64.rpm
rh-ruby24-ruby-libs-2.4.3-90.el7.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-90.el7.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-90.el7.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-90.el7.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-90.el7.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-90.el7.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-90.el7.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-90.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2017-17405
https://access.redhat.com/security/cve/CVE-2017-17790
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFauMTlXlSAg2UNWIIRAklMAJwIovc2M3b84x7czyHfrcPa9FiDCQCfZ3Ka
FYQX28iN0ScoCYxXXXVOIvk=
=ozXE
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWrmSl4x+lLeg9Ub1AQgjcRAAkdjLXQb++FWCRGDI5antdJBiouRyUuIl
U3wIvr3FDjMGxs+Gyu8QNZifDXb3tU5tqglBKmf7hklecWnTCnU1BHPmdeeLYA8I
ZeXWjhd1pjqTW/kmg3sPOrlhuJ2fvtLIm6TfpzSLcuqlHCaSOIUB6+D31eIQL30y
n9KQ1TBOyXcfxRJZUbOav++lV7pAqwtU9JlXfg1AA+YXt2XRBlItFKbngIU/xn6h
B7I8UlwlX4vy2x9TqBpzpgaabZLoEIx3c2HfykPDnzZI/SF/9tk70EJz+MYCUyHb
icJcLYnGDP+WAMoVOhVbjNAKLRpwfswr4qcrQWaoRkr18cthcIR93ERPOhKfGocT
iGtASuPWCxCKRxz/Ut0+9hGIzLF03hGSK2hxwYVpyaJ1i6hGoiL3c3krvMlHqSEu
n9MSAvo/wI/2P4YHHKPUoJ1kkbHnAwctEDmlJTvkI5DfmDRh6U9R9LxmHF6Of1kI
/k/1B7DLOpJ0qcXJjUuDx/iJvVSIOwFjrcRrQ8cIwH5KNREnRuwHj6d70qd4E1XH
Vc5cYBbRJ65DMExHQlBJSI/emKuRzUBPQSX/akhGJNcWbGw88nXLtZCzMvBD4H+f
tkbMHDjaQM27IPQwP06m7qCPlX4GotND90vFI2iProYHoLvBvASjyjxMdWu4JeoW
c/0p6XijhWA=
=/2q1
-----END PGP SIGNATURE-----