RLSA-2022:0543

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2022:0543.json

Related

• CVE-2020-36327
• CVE-2021-31799
• CVE-2021-31810
• CVE-2021-32066
• CVE-2021-41817
• CVE-2021-41819

Published

2022-02-16T08:26:13Z

Modified

2023-02-02T13:35:15.239050Z

Details

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

• rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327)

• rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799)

• ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810)

• ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)

• ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)

• ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

• https://errata.rockylinux.org/RLSA-2022:0543
• https://bugzilla.redhat.com/show_bug.cgi?id=1958999
• https://bugzilla.redhat.com/show_bug.cgi?id=1980126
• https://bugzilla.redhat.com/show_bug.cgi?id=1980128
• https://bugzilla.redhat.com/show_bug.cgi?id=1980132
• https://bugzilla.redhat.com/show_bug.cgi?id=2025104
• https://bugzilla.redhat.com/show_bug.cgi?id=2026757