RedHat: RHSA-2021-2229:01 Moderate: rh-ruby27-ruby security, bug fi...

Advisories

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: rh-ruby27-ruby security, bug fix, and enhancement update
Advisory ID:       RHSA-2021:2229-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2229
Issue date:        2021-06-03
CVE Names:         CVE-2020-25613 CVE-2021-28965 
=====================================================================

1. Summary:

An update for rh-ruby27-ruby is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to perform system management tasks. 

The following packages have been upgraded to a later upstream version:
rh-ruby27-ruby (2.7.3). (BZ#1947931)

Security Fix(es):

* ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)

* ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* rh-ruby27-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are
given and address contains leading zero [rhscl-3] (BZ#1950016)

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Software Collections 3.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1883623 - CVE-2020-25613 ruby: Potential HTTP request smuggling in WEBrick
1947526 - CVE-2021-28965 ruby: XML round-trip vulnerability in REXML
1950016 - rh-ruby27-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero [rhscl-3]

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-ruby27-ruby-2.7.3-129.el7.src.rpm

noarch:
rh-ruby27-ruby-doc-2.7.3-129.el7.noarch.rpm
rh-ruby27-rubygem-bundler-2.1.4-129.el7.noarch.rpm
rh-ruby27-rubygem-did_you_mean-1.4.0-129.el7.noarch.rpm
rh-ruby27-rubygem-irb-1.2.6-129.el7.noarch.rpm
rh-ruby27-rubygem-minitest-5.13.0-129.el7.noarch.rpm
rh-ruby27-rubygem-net-telnet-0.2.0-129.el7.noarch.rpm
rh-ruby27-rubygem-power_assert-1.1.7-129.el7.noarch.rpm
rh-ruby27-rubygem-rake-13.0.1-129.el7.noarch.rpm
rh-ruby27-rubygem-rdoc-6.2.1-129.el7.noarch.rpm
rh-ruby27-rubygem-test-unit-3.3.4-129.el7.noarch.rpm
rh-ruby27-rubygem-xmlrpc-0.3.0-129.el7.noarch.rpm
rh-ruby27-rubygems-3.1.6-129.el7.noarch.rpm
rh-ruby27-rubygems-devel-3.1.6-129.el7.noarch.rpm

ppc64le:
rh-ruby27-ruby-2.7.3-129.el7.ppc64le.rpm
rh-ruby27-ruby-debuginfo-2.7.3-129.el7.ppc64le.rpm
rh-ruby27-ruby-devel-2.7.3-129.el7.ppc64le.rpm
rh-ruby27-ruby-libs-2.7.3-129.el7.ppc64le.rpm
rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.ppc64le.rpm
rh-ruby27-rubygem-io-console-0.5.6-129.el7.ppc64le.rpm
rh-ruby27-rubygem-json-2.3.0-129.el7.ppc64le.rpm
rh-ruby27-rubygem-openssl-2.1.2-129.el7.ppc64le.rpm
rh-ruby27-rubygem-psych-3.1.0-129.el7.ppc64le.rpm
rh-ruby27-rubygem-racc-1.4.16-129.el7.ppc64le.rpm

s390x:
rh-ruby27-ruby-2.7.3-129.el7.s390x.rpm
rh-ruby27-ruby-debuginfo-2.7.3-129.el7.s390x.rpm
rh-ruby27-ruby-devel-2.7.3-129.el7.s390x.rpm
rh-ruby27-ruby-libs-2.7.3-129.el7.s390x.rpm
rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.s390x.rpm
rh-ruby27-rubygem-io-console-0.5.6-129.el7.s390x.rpm
rh-ruby27-rubygem-json-2.3.0-129.el7.s390x.rpm
rh-ruby27-rubygem-openssl-2.1.2-129.el7.s390x.rpm
rh-ruby27-rubygem-psych-3.1.0-129.el7.s390x.rpm
rh-ruby27-rubygem-racc-1.4.16-129.el7.s390x.rpm

x86_64:
rh-ruby27-ruby-2.7.3-129.el7.x86_64.rpm
rh-ruby27-ruby-debuginfo-2.7.3-129.el7.x86_64.rpm
rh-ruby27-ruby-devel-2.7.3-129.el7.x86_64.rpm
rh-ruby27-ruby-libs-2.7.3-129.el7.x86_64.rpm
rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.x86_64.rpm
rh-ruby27-rubygem-io-console-0.5.6-129.el7.x86_64.rpm
rh-ruby27-rubygem-json-2.3.0-129.el7.x86_64.rpm
rh-ruby27-rubygem-openssl-2.1.2-129.el7.x86_64.rpm
rh-ruby27-rubygem-psych-3.1.0-129.el7.x86_64.rpm
rh-ruby27-rubygem-racc-1.4.16-129.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
rh-ruby27-ruby-2.7.3-129.el7.src.rpm

noarch:
rh-ruby27-ruby-doc-2.7.3-129.el7.noarch.rpm
rh-ruby27-rubygem-bundler-2.1.4-129.el7.noarch.rpm
rh-ruby27-rubygem-did_you_mean-1.4.0-129.el7.noarch.rpm
rh-ruby27-rubygem-irb-1.2.6-129.el7.noarch.rpm
rh-ruby27-rubygem-minitest-5.13.0-129.el7.noarch.rpm
rh-ruby27-rubygem-net-telnet-0.2.0-129.el7.noarch.rpm
rh-ruby27-rubygem-power_assert-1.1.7-129.el7.noarch.rpm
rh-ruby27-rubygem-rake-13.0.1-129.el7.noarch.rpm
rh-ruby27-rubygem-rdoc-6.2.1-129.el7.noarch.rpm
rh-ruby27-rubygem-test-unit-3.3.4-129.el7.noarch.rpm
rh-ruby27-rubygem-xmlrpc-0.3.0-129.el7.noarch.rpm
rh-ruby27-rubygems-3.1.6-129.el7.noarch.rpm
rh-ruby27-rubygems-devel-3.1.6-129.el7.noarch.rpm

ppc64le:
rh-ruby27-ruby-2.7.3-129.el7.ppc64le.rpm
rh-ruby27-ruby-debuginfo-2.7.3-129.el7.ppc64le.rpm
rh-ruby27-ruby-devel-2.7.3-129.el7.ppc64le.rpm
rh-ruby27-ruby-libs-2.7.3-129.el7.ppc64le.rpm
rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.ppc64le.rpm
rh-ruby27-rubygem-io-console-0.5.6-129.el7.ppc64le.rpm
rh-ruby27-rubygem-json-2.3.0-129.el7.ppc64le.rpm
rh-ruby27-rubygem-openssl-2.1.2-129.el7.ppc64le.rpm
rh-ruby27-rubygem-psych-3.1.0-129.el7.ppc64le.rpm
rh-ruby27-rubygem-racc-1.4.16-129.el7.ppc64le.rpm

s390x:
rh-ruby27-ruby-2.7.3-129.el7.s390x.rpm
rh-ruby27-ruby-debuginfo-2.7.3-129.el7.s390x.rpm
rh-ruby27-ruby-devel-2.7.3-129.el7.s390x.rpm
rh-ruby27-ruby-libs-2.7.3-129.el7.s390x.rpm
rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.s390x.rpm
rh-ruby27-rubygem-io-console-0.5.6-129.el7.s390x.rpm
rh-ruby27-rubygem-json-2.3.0-129.el7.s390x.rpm
rh-ruby27-rubygem-openssl-2.1.2-129.el7.s390x.rpm
rh-ruby27-rubygem-psych-3.1.0-129.el7.s390x.rpm
rh-ruby27-rubygem-racc-1.4.16-129.el7.s390x.rpm

x86_64:
rh-ruby27-ruby-2.7.3-129.el7.x86_64.rpm
rh-ruby27-ruby-debuginfo-2.7.3-129.el7.x86_64.rpm
rh-ruby27-ruby-devel-2.7.3-129.el7.x86_64.rpm
rh-ruby27-ruby-libs-2.7.3-129.el7.x86_64.rpm
rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.x86_64.rpm
rh-ruby27-rubygem-io-console-0.5.6-129.el7.x86_64.rpm
rh-ruby27-rubygem-json-2.3.0-129.el7.x86_64.rpm
rh-ruby27-rubygem-openssl-2.1.2-129.el7.x86_64.rpm
rh-ruby27-rubygem-psych-3.1.0-129.el7.x86_64.rpm
rh-ruby27-rubygem-racc-1.4.16-129.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-ruby27-ruby-2.7.3-129.el7.src.rpm

noarch:
rh-ruby27-ruby-doc-2.7.3-129.el7.noarch.rpm
rh-ruby27-rubygem-bundler-2.1.4-129.el7.noarch.rpm
rh-ruby27-rubygem-did_you_mean-1.4.0-129.el7.noarch.rpm
rh-ruby27-rubygem-irb-1.2.6-129.el7.noarch.rpm
rh-ruby27-rubygem-minitest-5.13.0-129.el7.noarch.rpm
rh-ruby27-rubygem-net-telnet-0.2.0-129.el7.noarch.rpm
rh-ruby27-rubygem-power_assert-1.1.7-129.el7.noarch.rpm
rh-ruby27-rubygem-rake-13.0.1-129.el7.noarch.rpm
rh-ruby27-rubygem-rdoc-6.2.1-129.el7.noarch.rpm
rh-ruby27-rubygem-test-unit-3.3.4-129.el7.noarch.rpm
rh-ruby27-rubygem-xmlrpc-0.3.0-129.el7.noarch.rpm
rh-ruby27-rubygems-3.1.6-129.el7.noarch.rpm
rh-ruby27-rubygems-devel-3.1.6-129.el7.noarch.rpm

x86_64:
rh-ruby27-ruby-2.7.3-129.el7.x86_64.rpm
rh-ruby27-ruby-debuginfo-2.7.3-129.el7.x86_64.rpm
rh-ruby27-ruby-devel-2.7.3-129.el7.x86_64.rpm
rh-ruby27-ruby-libs-2.7.3-129.el7.x86_64.rpm
rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.x86_64.rpm
rh-ruby27-rubygem-io-console-0.5.6-129.el7.x86_64.rpm
rh-ruby27-rubygem-json-2.3.0-129.el7.x86_64.rpm
rh-ruby27-rubygem-openssl-2.1.2-129.el7.x86_64.rpm
rh-ruby27-rubygem-psych-3.1.0-129.el7.x86_64.rpm
rh-ruby27-rubygem-racc-1.4.16-129.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25613
https://access.redhat.com/security/cve/CVE-2021-28965
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.7_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYLi8sdzjgjWX9erEAQhZBA/7BsCXtACIZAKvhE3vQ8UTauQ2PLpkqBFn
N0EeqwNa54flJw/TOMQqYj1hIqhvd9IY2+UgTmCCA5dv1fpS0gZIqgmwa2pf3Iiz
4wsV1jBy0kdhi0d57uEbEiyBXa4NPMqVgbGSOv7lhOq6mr5uxUZYd3Fz6IAWsGHc
tLTUzzA4zbrSlYVwTryYA4EbgsGj+tWm1nj1lwT4/xdK8e0YtR3oxIowoUaj1G2h
txnpZnCewwDirAc29zW6Fa4OV4zZ7Ssqz5jJJ660A+JL6/KIqAev9drgPscxN9Nd
PZ/N3WZyBvkHpB+9aERge4Cw16yDc2njRR0oJepVk6iO5HKWy5FA9Pc3GjSrQ52Y
/2OK+00Y/bIYHKpRn4ekPCUWsJkG8kdoZoCzPu15NtYiDPlkNpNVCIUIjfuVDPfd
NNjtPPZzLhgT3e60vY6hXWOg1ws6mHfOSZ9YogNUOLQa0pjrU8Rb4jDjQzmznM4J
PNOS4MxV5pFpByHC2KNhN4qcYxEKyLeb7viPZHdt/jtpo+s9N1h3Ho6TE3TUj/G2
XRJibTefsLHWQ6rnyLhO8Bjg8brxt9rNM23EqibdWqoQeSLzftJ47PQfmlGkQbCq
uUnsBvrFbuiPCNguDnehctFT/rduR2/EZ9b0yEbe7606xS1Xb92VmigP3HfkDTJL
z86IHfh54zI=
=9bQi
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-2229:01 Moderate: rh-ruby27-ruby security, bug fix,

An update for rh-ruby27-ruby is now available for Red Hat Software Collections

Summary

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: rh-ruby27-ruby (2.7.3). (BZ#1947931)
Security Fix(es):
* ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
* ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* rh-ruby27-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero [rhscl-3] (BZ#1950016)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Software Collections 3.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2020-25613 https://access.redhat.com/security/cve/CVE-2021-28965 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.7_release_notes/

Package List

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-ruby27-ruby-2.7.3-129.el7.src.rpm
noarch: rh-ruby27-ruby-doc-2.7.3-129.el7.noarch.rpm rh-ruby27-rubygem-bundler-2.1.4-129.el7.noarch.rpm rh-ruby27-rubygem-did_you_mean-1.4.0-129.el7.noarch.rpm rh-ruby27-rubygem-irb-1.2.6-129.el7.noarch.rpm rh-ruby27-rubygem-minitest-5.13.0-129.el7.noarch.rpm rh-ruby27-rubygem-net-telnet-0.2.0-129.el7.noarch.rpm rh-ruby27-rubygem-power_assert-1.1.7-129.el7.noarch.rpm rh-ruby27-rubygem-rake-13.0.1-129.el7.noarch.rpm rh-ruby27-rubygem-rdoc-6.2.1-129.el7.noarch.rpm rh-ruby27-rubygem-test-unit-3.3.4-129.el7.noarch.rpm rh-ruby27-rubygem-xmlrpc-0.3.0-129.el7.noarch.rpm rh-ruby27-rubygems-3.1.6-129.el7.noarch.rpm rh-ruby27-rubygems-devel-3.1.6-129.el7.noarch.rpm
ppc64le: rh-ruby27-ruby-2.7.3-129.el7.ppc64le.rpm rh-ruby27-ruby-debuginfo-2.7.3-129.el7.ppc64le.rpm rh-ruby27-ruby-devel-2.7.3-129.el7.ppc64le.rpm rh-ruby27-ruby-libs-2.7.3-129.el7.ppc64le.rpm rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.ppc64le.rpm rh-ruby27-rubygem-io-console-0.5.6-129.el7.ppc64le.rpm rh-ruby27-rubygem-json-2.3.0-129.el7.ppc64le.rpm rh-ruby27-rubygem-openssl-2.1.2-129.el7.ppc64le.rpm rh-ruby27-rubygem-psych-3.1.0-129.el7.ppc64le.rpm rh-ruby27-rubygem-racc-1.4.16-129.el7.ppc64le.rpm
s390x: rh-ruby27-ruby-2.7.3-129.el7.s390x.rpm rh-ruby27-ruby-debuginfo-2.7.3-129.el7.s390x.rpm rh-ruby27-ruby-devel-2.7.3-129.el7.s390x.rpm rh-ruby27-ruby-libs-2.7.3-129.el7.s390x.rpm rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.s390x.rpm rh-ruby27-rubygem-io-console-0.5.6-129.el7.s390x.rpm rh-ruby27-rubygem-json-2.3.0-129.el7.s390x.rpm rh-ruby27-rubygem-openssl-2.1.2-129.el7.s390x.rpm rh-ruby27-rubygem-psych-3.1.0-129.el7.s390x.rpm rh-ruby27-rubygem-racc-1.4.16-129.el7.s390x.rpm
x86_64: rh-ruby27-ruby-2.7.3-129.el7.x86_64.rpm rh-ruby27-ruby-debuginfo-2.7.3-129.el7.x86_64.rpm rh-ruby27-ruby-devel-2.7.3-129.el7.x86_64.rpm rh-ruby27-ruby-libs-2.7.3-129.el7.x86_64.rpm rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.x86_64.rpm rh-ruby27-rubygem-io-console-0.5.6-129.el7.x86_64.rpm rh-ruby27-rubygem-json-2.3.0-129.el7.x86_64.rpm rh-ruby27-rubygem-openssl-2.1.2-129.el7.x86_64.rpm rh-ruby27-rubygem-psych-3.1.0-129.el7.x86_64.rpm rh-ruby27-rubygem-racc-1.4.16-129.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-ruby27-ruby-2.7.3-129.el7.src.rpm
noarch: rh-ruby27-ruby-doc-2.7.3-129.el7.noarch.rpm rh-ruby27-rubygem-bundler-2.1.4-129.el7.noarch.rpm rh-ruby27-rubygem-did_you_mean-1.4.0-129.el7.noarch.rpm rh-ruby27-rubygem-irb-1.2.6-129.el7.noarch.rpm rh-ruby27-rubygem-minitest-5.13.0-129.el7.noarch.rpm rh-ruby27-rubygem-net-telnet-0.2.0-129.el7.noarch.rpm rh-ruby27-rubygem-power_assert-1.1.7-129.el7.noarch.rpm rh-ruby27-rubygem-rake-13.0.1-129.el7.noarch.rpm rh-ruby27-rubygem-rdoc-6.2.1-129.el7.noarch.rpm rh-ruby27-rubygem-test-unit-3.3.4-129.el7.noarch.rpm rh-ruby27-rubygem-xmlrpc-0.3.0-129.el7.noarch.rpm rh-ruby27-rubygems-3.1.6-129.el7.noarch.rpm rh-ruby27-rubygems-devel-3.1.6-129.el7.noarch.rpm
ppc64le: rh-ruby27-ruby-2.7.3-129.el7.ppc64le.rpm rh-ruby27-ruby-debuginfo-2.7.3-129.el7.ppc64le.rpm rh-ruby27-ruby-devel-2.7.3-129.el7.ppc64le.rpm rh-ruby27-ruby-libs-2.7.3-129.el7.ppc64le.rpm rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.ppc64le.rpm rh-ruby27-rubygem-io-console-0.5.6-129.el7.ppc64le.rpm rh-ruby27-rubygem-json-2.3.0-129.el7.ppc64le.rpm rh-ruby27-rubygem-openssl-2.1.2-129.el7.ppc64le.rpm rh-ruby27-rubygem-psych-3.1.0-129.el7.ppc64le.rpm rh-ruby27-rubygem-racc-1.4.16-129.el7.ppc64le.rpm
s390x: rh-ruby27-ruby-2.7.3-129.el7.s390x.rpm rh-ruby27-ruby-debuginfo-2.7.3-129.el7.s390x.rpm rh-ruby27-ruby-devel-2.7.3-129.el7.s390x.rpm rh-ruby27-ruby-libs-2.7.3-129.el7.s390x.rpm rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.s390x.rpm rh-ruby27-rubygem-io-console-0.5.6-129.el7.s390x.rpm rh-ruby27-rubygem-json-2.3.0-129.el7.s390x.rpm rh-ruby27-rubygem-openssl-2.1.2-129.el7.s390x.rpm rh-ruby27-rubygem-psych-3.1.0-129.el7.s390x.rpm rh-ruby27-rubygem-racc-1.4.16-129.el7.s390x.rpm
x86_64: rh-ruby27-ruby-2.7.3-129.el7.x86_64.rpm rh-ruby27-ruby-debuginfo-2.7.3-129.el7.x86_64.rpm rh-ruby27-ruby-devel-2.7.3-129.el7.x86_64.rpm rh-ruby27-ruby-libs-2.7.3-129.el7.x86_64.rpm rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.x86_64.rpm rh-ruby27-rubygem-io-console-0.5.6-129.el7.x86_64.rpm rh-ruby27-rubygem-json-2.3.0-129.el7.x86_64.rpm rh-ruby27-rubygem-openssl-2.1.2-129.el7.x86_64.rpm rh-ruby27-rubygem-psych-3.1.0-129.el7.x86_64.rpm rh-ruby27-rubygem-racc-1.4.16-129.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-ruby27-ruby-2.7.3-129.el7.src.rpm
noarch: rh-ruby27-ruby-doc-2.7.3-129.el7.noarch.rpm rh-ruby27-rubygem-bundler-2.1.4-129.el7.noarch.rpm rh-ruby27-rubygem-did_you_mean-1.4.0-129.el7.noarch.rpm rh-ruby27-rubygem-irb-1.2.6-129.el7.noarch.rpm rh-ruby27-rubygem-minitest-5.13.0-129.el7.noarch.rpm rh-ruby27-rubygem-net-telnet-0.2.0-129.el7.noarch.rpm rh-ruby27-rubygem-power_assert-1.1.7-129.el7.noarch.rpm rh-ruby27-rubygem-rake-13.0.1-129.el7.noarch.rpm rh-ruby27-rubygem-rdoc-6.2.1-129.el7.noarch.rpm rh-ruby27-rubygem-test-unit-3.3.4-129.el7.noarch.rpm rh-ruby27-rubygem-xmlrpc-0.3.0-129.el7.noarch.rpm rh-ruby27-rubygems-3.1.6-129.el7.noarch.rpm rh-ruby27-rubygems-devel-3.1.6-129.el7.noarch.rpm
x86_64: rh-ruby27-ruby-2.7.3-129.el7.x86_64.rpm rh-ruby27-ruby-debuginfo-2.7.3-129.el7.x86_64.rpm rh-ruby27-ruby-devel-2.7.3-129.el7.x86_64.rpm rh-ruby27-ruby-libs-2.7.3-129.el7.x86_64.rpm rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.x86_64.rpm rh-ruby27-rubygem-io-console-0.5.6-129.el7.x86_64.rpm rh-ruby27-rubygem-json-2.3.0-129.el7.x86_64.rpm rh-ruby27-rubygem-openssl-2.1.2-129.el7.x86_64.rpm rh-ruby27-rubygem-psych-3.1.0-129.el7.x86_64.rpm rh-ruby27-rubygem-racc-1.4.16-129.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2021:2229-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2229
Issued Date: : 2021-06-03
CVE Names: CVE-2020-25613 CVE-2021-28965

Topic

An update for rh-ruby27-ruby is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Bugs Fixed

1883623 - CVE-2020-25613 ruby: Potential HTTP request smuggling in WEBrick

1947526 - CVE-2021-28965 ruby: XML round-trip vulnerability in REXML

1950016 - rh-ruby27-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero [rhscl-3]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.