{"schema_version": "1.3.1", "id": "RLSA-2022:0543", "modified": "2023-02-02T13:35:15.239050Z", "published": "2022-02-16T08:26:13Z", "related": ["CVE-2020-36327", "CVE-2021-31799", "CVE-2021-31810", "CVE-2021-32066", "CVE-2021-41817", "CVE-2021-41819"], "summary": "Important: ruby:2.6 security update", "details": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es):\n\n* rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327)\n\n* rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799)\n\n* ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810)\n\n* ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)\n\n* ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)\n\n* ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:8", "name": "ruby", "purl": "pkg:rpm/rocky-linux/ruby?distro=rocky-linux-8-5-legacy&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.6.9-108.module+el8.5.0+738+032c9c02"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "rubygem-abrt", "purl": "pkg:rpm/rocky-linux/rubygem-abrt?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.3.0-4.module+el8.5.0+738+032c9c02"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "rubygem-abrt", "purl": "pkg:rpm/rocky-linux/rubygem-abrt?distro=rocky-linux-8-4-legacy&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.3.0-4.module+el8.3.0+167+5c390590"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "rubygem-abrt", "purl": "pkg:rpm/rocky-linux/rubygem-abrt?distro=rocky-linux-8-5-legacy&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.3.0-4.module+el8.4.0+592+03ff458a"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "rubygem-bson", "purl": "pkg:rpm/rocky-linux/rubygem-bson?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:4.5.0-1.module+el8.4.0+593+8d7f9f0c"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "rubygem-bson", "purl": "pkg:rpm/rocky-linux/rubygem-bson?distro=rocky-linux-8-4-legacy&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:4.5.0-1.module+el8.4.0+446+80b53620"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "rubygem-mongo", "purl": "pkg:rpm/rocky-linux/rubygem-mongo?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.8.0-1.module+el8.4.0+593+8d7f9f0c"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "rubygem-mongo", "purl": "pkg:rpm/rocky-linux/rubygem-mongo?distro=rocky-linux-8-4-legacy&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.8.0-1.module+el8.4.0+446+80b53620"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "rubygem-mysql2", "purl": "pkg:rpm/rocky-linux/rubygem-mysql2?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.5.2-1.module+el8.5.0+738+032c9c02"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "rubygem-mysql2", "purl": "pkg:rpm/rocky-linux/rubygem-mysql2?distro=rocky-linux-8-4-legacy&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.5.2-1.module+el8.4.0+446+80b53620"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "rubygem-mysql2", "purl": "pkg:rpm/rocky-linux/rubygem-mysql2?distro=rocky-linux-8-5-legacy&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.5.2-1.module+el8.4.0+593+8d7f9f0c"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "rubygem-pg", "purl": "pkg:rpm/rocky-linux/rubygem-pg?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.1.4-1.module+el8.5.0+738+032c9c02"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "rubygem-pg", "purl": "pkg:rpm/rocky-linux/rubygem-pg?distro=rocky-linux-8-4-legacy&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.1.4-1.module+el8.4.0+446+80b53620"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "rubygem-pg", "purl": "pkg:rpm/rocky-linux/rubygem-pg?distro=rocky-linux-8-5-legacy&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.1.4-1.module+el8.4.0+593+8d7f9f0c"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2022:0543"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958999"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980126"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980128"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980132"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025104"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026757"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}