Vulnerability Database
Blog
FAQ
Docs
RHSA-2020:2769
See a problem?
Please try reporting it
to the source
first.
Source
https://access.redhat.com/errata/RHSA-2020:2769
Import Source
https://security.access.redhat.com/data/osv/RHSA-2020:2769.json
JSON Data
https://api.osv.dev/v1/vulns/RHSA-2020:2769
Related
CVE-2018-16396
CVE-2019-8321
CVE-2019-8322
CVE-2019-8323
CVE-2019-8324
CVE-2019-8325
Published
2024-09-13T22:05:02Z
Modified
2024-09-13T22:05:02Z
Severity
7.2 (High)
CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS Calculator
Summary
Red Hat Security Advisory: ruby security update
Details
References
https://access.redhat.com/errata/RHSA-2020:2769
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1643089
https://bugzilla.redhat.com/show_bug.cgi?id=1692514
https://bugzilla.redhat.com/show_bug.cgi?id=1692516
https://bugzilla.redhat.com/show_bug.cgi?id=1692519
https://bugzilla.redhat.com/show_bug.cgi?id=1692520
https://bugzilla.redhat.com/show_bug.cgi?id=1692522
https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_2769.json
https://access.redhat.com/security/cve/CVE-2018-16396
https://www.cve.org/CVERecord?id=CVE-2018-16396
https://nvd.nist.gov/vuln/detail/CVE-2018-16396
https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
https://access.redhat.com/security/cve/CVE-2019-8321
https://www.cve.org/CVERecord?id=CVE-2019-8321
https://nvd.nist.gov/vuln/detail/CVE-2019-8321
https://access.redhat.com/security/cve/CVE-2019-8322
https://www.cve.org/CVERecord?id=CVE-2019-8322
https://nvd.nist.gov/vuln/detail/CVE-2019-8322
https://access.redhat.com/security/cve/CVE-2019-8323
https://www.cve.org/CVERecord?id=CVE-2019-8323
https://nvd.nist.gov/vuln/detail/CVE-2019-8323
https://access.redhat.com/security/cve/CVE-2019-8324
https://www.cve.org/CVERecord?id=CVE-2019-8324
https://nvd.nist.gov/vuln/detail/CVE-2019-8324
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
https://access.redhat.com/security/cve/CVE-2019-8325
https://www.cve.org/CVERecord?id=CVE-2019-8325
https://nvd.nist.gov/vuln/detail/CVE-2019-8325
Affected packages
Red Hat:rhel_aus:7.4::server
/
ruby
Package
Name
ruby
Purl
pkg:rpm/redhat/ruby
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_aus:7.4::server
/
ruby-debuginfo
Package
Name
ruby-debuginfo
Purl
pkg:rpm/redhat/ruby-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_aus:7.4::server
/
ruby-devel
Package
Name
ruby-devel
Purl
pkg:rpm/redhat/ruby-devel
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_aus:7.4::server
/
ruby-doc
Package
Name
ruby-doc
Purl
pkg:rpm/redhat/ruby-doc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_aus:7.4::server
/
ruby-irb
Package
Name
ruby-irb
Purl
pkg:rpm/redhat/ruby-irb
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_aus:7.4::server
/
ruby-libs
Package
Name
ruby-libs
Purl
pkg:rpm/redhat/ruby-libs
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_aus:7.4::server
/
ruby-tcltk
Package
Name
ruby-tcltk
Purl
pkg:rpm/redhat/ruby-tcltk
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-bigdecimal
Package
Name
rubygem-bigdecimal
Purl
pkg:rpm/redhat/rubygem-bigdecimal
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.2.0-37.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-io-console
Package
Name
rubygem-io-console
Purl
pkg:rpm/redhat/rubygem-io-console
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.4.2-37.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-json
Package
Name
rubygem-json
Purl
pkg:rpm/redhat/rubygem-json
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.7-37.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-minitest
Package
Name
rubygem-minitest
Purl
pkg:rpm/redhat/rubygem-minitest
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.3.2-37.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-psych
Package
Name
rubygem-psych
Purl
pkg:rpm/redhat/rubygem-psych
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0-37.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-rake
Package
Name
rubygem-rake
Purl
pkg:rpm/redhat/rubygem-rake
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.9.6-37.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-rdoc
Package
Name
rubygem-rdoc
Purl
pkg:rpm/redhat/rubygem-rdoc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.0.0-37.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygems
Package
Name
rubygems
Purl
pkg:rpm/redhat/rubygems
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.14.1-37.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygems-devel
Package
Name
rubygems-devel
Purl
pkg:rpm/redhat/rubygems-devel
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.14.1-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby
Package
Name
ruby
Purl
pkg:rpm/redhat/ruby
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby-debuginfo
Package
Name
ruby-debuginfo
Purl
pkg:rpm/redhat/ruby-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby-devel
Package
Name
ruby-devel
Purl
pkg:rpm/redhat/ruby-devel
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby-doc
Package
Name
ruby-doc
Purl
pkg:rpm/redhat/ruby-doc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby-irb
Package
Name
ruby-irb
Purl
pkg:rpm/redhat/ruby-irb
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby-libs
Package
Name
ruby-libs
Purl
pkg:rpm/redhat/ruby-libs
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby-tcltk
Package
Name
ruby-tcltk
Purl
pkg:rpm/redhat/ruby-tcltk
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-bigdecimal
Package
Name
rubygem-bigdecimal
Purl
pkg:rpm/redhat/rubygem-bigdecimal
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.2.0-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-io-console
Package
Name
rubygem-io-console
Purl
pkg:rpm/redhat/rubygem-io-console
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.4.2-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-json
Package
Name
rubygem-json
Purl
pkg:rpm/redhat/rubygem-json
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.7-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-minitest
Package
Name
rubygem-minitest
Purl
pkg:rpm/redhat/rubygem-minitest
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.3.2-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-psych
Package
Name
rubygem-psych
Purl
pkg:rpm/redhat/rubygem-psych
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-rake
Package
Name
rubygem-rake
Purl
pkg:rpm/redhat/rubygem-rake
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.9.6-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-rdoc
Package
Name
rubygem-rdoc
Purl
pkg:rpm/redhat/rubygem-rdoc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.0.0-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygems
Package
Name
rubygems
Purl
pkg:rpm/redhat/rubygems
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.14.1-37.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygems-devel
Package
Name
rubygems-devel
Purl
pkg:rpm/redhat/rubygems-devel
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.14.1-37.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby
Package
Name
ruby
Purl
pkg:rpm/redhat/ruby
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby-debuginfo
Package
Name
ruby-debuginfo
Purl
pkg:rpm/redhat/ruby-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby-devel
Package
Name
ruby-devel
Purl
pkg:rpm/redhat/ruby-devel
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby-doc
Package
Name
ruby-doc
Purl
pkg:rpm/redhat/ruby-doc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby-irb
Package
Name
ruby-irb
Purl
pkg:rpm/redhat/ruby-irb
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby-libs
Package
Name
ruby-libs
Purl
pkg:rpm/redhat/ruby-libs
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby-tcltk
Package
Name
ruby-tcltk
Purl
pkg:rpm/redhat/ruby-tcltk
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-37.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-bigdecimal
Package
Name
rubygem-bigdecimal
Purl
pkg:rpm/redhat/rubygem-bigdecimal
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.2.0-37.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-io-console
Package
Name
rubygem-io-console
Purl
pkg:rpm/redhat/rubygem-io-console
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.4.2-37.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-json
Package
Name
rubygem-json
Purl
pkg:rpm/redhat/rubygem-json
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.7-37.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-minitest
Package
Name
rubygem-minitest
Purl
pkg:rpm/redhat/rubygem-minitest
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.3.2-37.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-psych
Package
Name
rubygem-psych
Purl
pkg:rpm/redhat/rubygem-psych
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0-37.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-rake
Package
Name
rubygem-rake
Purl
pkg:rpm/redhat/rubygem-rake
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.9.6-37.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-rdoc
Package
Name
rubygem-rdoc
Purl
pkg:rpm/redhat/rubygem-rdoc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.0.0-37.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygems
Package
Name
rubygems
Purl
pkg:rpm/redhat/rubygems
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.14.1-37.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygems-devel
Package
Name
rubygems-devel
Purl
pkg:rpm/redhat/rubygems-devel
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.14.1-37.el7_4
RHSA-2020:2769 - OSV