What Are You Looking For?

Sign Up
MGASA-2020-0243 - Updated ruby-RubyGems packages fix security vulnerability

Publication date: 10 Jun 2020
URL: https://advisories.mageia.org/MGASA-2020-0243.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-XXXX,
     CVE-2018-1000073,
     CVE-2018-1000074,
     CVE-2018-1000075,
     CVE-2018-1000076,
     CVE-2018-1000077,
     CVE-2018-1000078,
     CVE-2018-1000079,
     CVE-2019-8320,
     CVE-2019-8321,
     CVE-2019-8322,
     CVE-2019-8323,
     CVE-2019-8324,
     CVE-2019-8325

Updated ruby-RubyGems package fixes security vulnerabilities

The following vulnerabilities have been reported.

CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response
handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code
execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
References:
- https://bugs.mageia.org/show_bug.cgi?id=22696
- https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-XXXX
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325

SRPMS:
- 7/core/ruby-RubyGems-2.6.14-3.1.mga7

Mageia 2020-0243: ruby-RubyGems security update

Updated ruby-RubyGems package fixes security vulnerabilities The following vulnerabilities have been reported

Summary

Updated ruby-RubyGems package fixes security vulnerabilities
The following vulnerabilities have been reported.
CVE-2019-8320: Delete directory using symlink when decompressing tar CVE-2019-8321: Escape sequence injection vulnerability in verbose CVE-2019-8322: Escape sequence injection vulnerability in gem owner CVE-2019-8323: Escape sequence injection vulnerability in API response handling CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution CVE-2019-8325: Escape sequence injection vulnerability in errors

References

- https://bugs.mageia.org/show_bug.cgi?id=22696

- https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-XXXX

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325

Resolution

MGASA-2020-0243 - Updated ruby-RubyGems packages fix security vulnerability

SRPMS

- 7/core/ruby-RubyGems-2.6.14-3.1.mga7

Severity
Publication date: 10 Jun 2020
URL: https://advisories.mageia.org/MGASA-2020-0243.html
Type: security
CVE: CVE-2019-XXXX, CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079, CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo