ESB-2019.1674

Operating System:
[RedHat]
Published:
14 May 2019
Protect yourself against future threats.
//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.
Resources > Security Bulletins > ESB-2019.1674
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.1674
          Important: rh-ror50-rubygem-actionpack security update
                                14 May 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ruby on rails
                   ruby
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
                   Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux WS/Desktop 6
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account      
                   Delete Arbitrary Files          -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-8325 CVE-2019-8324 CVE-2019-8323
                   CVE-2019-8322 CVE-2019-8321 CVE-2019-8320
                   CVE-2019-5419 CVE-2019-5418 

Reference:         ESB-2019.1314
                   ESB-2019.1202
                   ESB-2019.0821
                   ESB-2019.0678

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2019:1147
   https://access.redhat.com/errata/RHSA-2019:1148
   https://access.redhat.com/errata/RHSA-2019:1149
   https://access.redhat.com/errata/RHSA-2019:1150
   https://access.redhat.com/errata/RHSA-2019:1151

Comment: This bulletin contains five (5) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rh-ror50-rubygem-actionpack security update
Advisory ID:       RHSA-2019:1147-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1147
Issue date:        2019-05-13
CVE Names:         CVE-2019-5418 CVE-2019-5419 
=====================================================================

1. Summary:

An update for rh-ror50-rubygem-actionpack is now available for Red Hat
Software Collections.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch

3. Description:

Ruby on Rails is a model-view-controller (MVC) framework for web
application development. Action Pack implements the controller and the view
components.

Security Fix(es):

* rubygem-actionpack: render file directory traversal in Action View
(CVE-2019-5418)

* rubygem-actionpack: denial of service vulnerability in Action View
(CVE-2019-5419)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1689159 - CVE-2019-5418 rubygem-actionpack: render file directory traversal in Action View
1689160 - CVE-2019-5419 rubygem-actionpack: denial of service vulnerability in Action View

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
rh-ror50-rubygem-actionpack-5.0.1-2.el6.src.rpm

noarch:
rh-ror50-rubygem-actionpack-5.0.1-2.el6.noarch.rpm
rh-ror50-rubygem-actionpack-doc-5.0.1-2.el6.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
rh-ror50-rubygem-actionpack-5.0.1-2.el6.src.rpm

noarch:
rh-ror50-rubygem-actionpack-5.0.1-2.el6.noarch.rpm
rh-ror50-rubygem-actionpack-doc-5.0.1-2.el6.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-ror50-rubygem-actionpack-5.0.1-2.el7.src.rpm

noarch:
rh-ror50-rubygem-actionpack-5.0.1-2.el7.noarch.rpm
rh-ror50-rubygem-actionpack-doc-5.0.1-2.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
rh-ror50-rubygem-actionpack-5.0.1-2.el7.src.rpm

noarch:
rh-ror50-rubygem-actionpack-5.0.1-2.el7.noarch.rpm
rh-ror50-rubygem-actionpack-doc-5.0.1-2.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

Source:
rh-ror50-rubygem-actionpack-5.0.1-2.el7.src.rpm

noarch:
rh-ror50-rubygem-actionpack-5.0.1-2.el7.noarch.rpm
rh-ror50-rubygem-actionpack-doc-5.0.1-2.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
rh-ror50-rubygem-actionpack-5.0.1-2.el7.src.rpm

noarch:
rh-ror50-rubygem-actionpack-5.0.1-2.el7.noarch.rpm
rh-ror50-rubygem-actionpack-doc-5.0.1-2.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-ror50-rubygem-actionpack-5.0.1-2.el7.src.rpm

noarch:
rh-ror50-rubygem-actionpack-5.0.1-2.el7.noarch.rpm
rh-ror50-rubygem-actionpack-doc-5.0.1-2.el7.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-5418
https://access.redhat.com/security/cve/CVE-2019-5419
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXNkw5dzjgjWX9erEAQhiHBAAiUDdS68e/pkQQ4YDneLBLdLOmZaoPZqa
E8BkpklNIsYBx3x6PUiky9PDkdd8dkHO9f4I1dl55irKlqrg1hKJUBMsm2LMHUTf
o7/QXoHIRF8HP995GBNmpChGAbE9CtZI8VNbZh6kgNmpeCAYRwoBI7e6TSmJ6aUj
LzZpw3dvy8cUNkuBJiV/4ZDe+a0s/X0BS91OlCQ7J8DeXyNlFddTNT2ic9nwmmLy
ajvvexoSr1tVaMAeeotfuGYxFOUVAzuVgH5fIi5NwpHQn86alyqjYr+e1XQsLOGH
Gf7Njb5+aenqjzXXjrUoplUJEMCD885mdECTsM3WwFRaVBt+F5LuO+EBN034nWp9
r8EYxWO0+f9IDTUV7ndCDpmCz4EnfBL7IR2EwzXtXKyBQdoBrEXZW//gf/o+0xMg
7U+omBp4JuC6lNwlhQY2ieCY8Aq/DttP6M1tDh0kT7uQNIk9Fmz0qVH9aTkRS6T3
+/3qglkQN58WY2woQoU5hetcjdGf8kCpHuzj57PbgHq7lJuUH5jEC8CJOTuD1tw+
0CtYU41Yw5SI5//54DKU/eSK0bAzHlgTAWmhxJsiSkQnWJHiw2+tt0ELNCxh/LxR
UK1JPY++4jWQCp8iGioEmDAcSSRKYBb1O59OwH5weQ7/IwCzDLu2qnWLIPdxbLQI
p60qNG9Boyk=
=Vfif
- -----END PGP SIGNATURE-----

- -------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rh-ruby25-ruby security, bug fix, and enhancement update
Advisory ID:       RHSA-2019:1148-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1148
Issue date:        2019-05-13
CVE Names:         CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 
                   CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 
=====================================================================

1. Summary:

An update for rh-ruby25-ruby is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version:
rh-ruby25-ruby (2.5.5). (BZ#1700274)

Security Fix(es):

* rubygems: Installing a malicious gem may lead to arbitrary code execution
(CVE-2019-8324)

* rubygems: Delete directory using symlink when decompressing tar
(CVE-2019-8320)

* rubygems: Escape sequence injection vulnerability in verbose
(CVE-2019-8321)

* rubygems: Escape sequence injection vulnerability in gem owner
(CVE-2019-8322)

* rubygems: Escape sequence injection vulnerability in API response
handling (CVE-2019-8323)

* rubygems: Escape sequence injection vulnerability in errors
(CVE-2019-8325)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1692512 - CVE-2019-8320 rubygems: Delete directory using symlink when decompressing tar
1692514 - CVE-2019-8321 rubygems: Escape sequence injection vulnerability in verbose
1692516 - CVE-2019-8322 rubygems: Escape sequence injection vulnerability in gem owner
1692519 - CVE-2019-8323 rubygems: Escape sequence injection vulnerability in API response handling
1692520 - CVE-2019-8324 rubygems: Installing a malicious gem may lead to arbitrary code execution
1692522 - CVE-2019-8325 rubygems: Escape sequence injection vulnerability in errors
1700274 - Rebase to the latest Ruby 2.5 point release [3.2.z]

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-ruby25-ruby-2.5.5-7.el7.src.rpm

aarch64:
rh-ruby25-ruby-2.5.5-7.el7.aarch64.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.aarch64.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.aarch64.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.aarch64.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.aarch64.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.aarch64.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.aarch64.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.aarch64.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.aarch64.rpm

noarch:
rh-ruby25-ruby-doc-2.5.5-7.el7.noarch.rpm
rh-ruby25-ruby-irb-2.5.5-7.el7.noarch.rpm
rh-ruby25-rubygem-did_you_mean-1.2.0-7.el7.noarch.rpm
rh-ruby25-rubygem-minitest-5.10.3-7.el7.noarch.rpm
rh-ruby25-rubygem-net-telnet-0.1.1-7.el7.noarch.rpm
rh-ruby25-rubygem-power_assert-1.1.1-7.el7.noarch.rpm
rh-ruby25-rubygem-rake-12.3.0-7.el7.noarch.rpm
rh-ruby25-rubygem-rdoc-6.0.1-7.el7.noarch.rpm
rh-ruby25-rubygem-test-unit-3.2.7-7.el7.noarch.rpm
rh-ruby25-rubygem-xmlrpc-0.3.0-7.el7.noarch.rpm
rh-ruby25-rubygems-2.7.6.2-7.el7.noarch.rpm
rh-ruby25-rubygems-devel-2.7.6.2-7.el7.noarch.rpm

ppc64le:
rh-ruby25-ruby-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.ppc64le.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.ppc64le.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.ppc64le.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.ppc64le.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.ppc64le.rpm

s390x:
rh-ruby25-ruby-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.s390x.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.s390x.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.s390x.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.s390x.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.s390x.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.s390x.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-ruby25-ruby-2.5.5-7.el7.src.rpm

aarch64:
rh-ruby25-ruby-2.5.5-7.el7.aarch64.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.aarch64.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.aarch64.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.aarch64.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.aarch64.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.aarch64.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.aarch64.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.aarch64.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.aarch64.rpm

noarch:
rh-ruby25-ruby-doc-2.5.5-7.el7.noarch.rpm
rh-ruby25-ruby-irb-2.5.5-7.el7.noarch.rpm
rh-ruby25-rubygem-did_you_mean-1.2.0-7.el7.noarch.rpm
rh-ruby25-rubygem-minitest-5.10.3-7.el7.noarch.rpm
rh-ruby25-rubygem-net-telnet-0.1.1-7.el7.noarch.rpm
rh-ruby25-rubygem-power_assert-1.1.1-7.el7.noarch.rpm
rh-ruby25-rubygem-rake-12.3.0-7.el7.noarch.rpm
rh-ruby25-rubygem-rdoc-6.0.1-7.el7.noarch.rpm
rh-ruby25-rubygem-test-unit-3.2.7-7.el7.noarch.rpm
rh-ruby25-rubygem-xmlrpc-0.3.0-7.el7.noarch.rpm
rh-ruby25-rubygems-2.7.6.2-7.el7.noarch.rpm
rh-ruby25-rubygems-devel-2.7.6.2-7.el7.noarch.rpm

ppc64le:
rh-ruby25-ruby-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.ppc64le.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.ppc64le.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.ppc64le.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.ppc64le.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.ppc64le.rpm

s390x:
rh-ruby25-ruby-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.s390x.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.s390x.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.s390x.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.s390x.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.s390x.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.s390x.rpm

x86_64:
rh-ruby25-ruby-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.x86_64.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.x86_64.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.x86_64.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.x86_64.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.x86_64.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
rh-ruby25-ruby-2.5.5-7.el7.src.rpm

noarch:
rh-ruby25-ruby-doc-2.5.5-7.el7.noarch.rpm
rh-ruby25-ruby-irb-2.5.5-7.el7.noarch.rpm
rh-ruby25-rubygem-did_you_mean-1.2.0-7.el7.noarch.rpm
rh-ruby25-rubygem-minitest-5.10.3-7.el7.noarch.rpm
rh-ruby25-rubygem-net-telnet-0.1.1-7.el7.noarch.rpm
rh-ruby25-rubygem-power_assert-1.1.1-7.el7.noarch.rpm
rh-ruby25-rubygem-rake-12.3.0-7.el7.noarch.rpm
rh-ruby25-rubygem-rdoc-6.0.1-7.el7.noarch.rpm
rh-ruby25-rubygem-test-unit-3.2.7-7.el7.noarch.rpm
rh-ruby25-rubygem-xmlrpc-0.3.0-7.el7.noarch.rpm
rh-ruby25-rubygems-2.7.6.2-7.el7.noarch.rpm
rh-ruby25-rubygems-devel-2.7.6.2-7.el7.noarch.rpm

ppc64le:
rh-ruby25-ruby-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.ppc64le.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.ppc64le.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.ppc64le.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.ppc64le.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.ppc64le.rpm

s390x:
rh-ruby25-ruby-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.s390x.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.s390x.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.s390x.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.s390x.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.s390x.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.s390x.rpm

x86_64:
rh-ruby25-ruby-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.x86_64.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.x86_64.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.x86_64.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.x86_64.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.x86_64.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

Source:
rh-ruby25-ruby-2.5.5-7.el7.src.rpm

noarch:
rh-ruby25-ruby-doc-2.5.5-7.el7.noarch.rpm
rh-ruby25-ruby-irb-2.5.5-7.el7.noarch.rpm
rh-ruby25-rubygem-did_you_mean-1.2.0-7.el7.noarch.rpm
rh-ruby25-rubygem-minitest-5.10.3-7.el7.noarch.rpm
rh-ruby25-rubygem-net-telnet-0.1.1-7.el7.noarch.rpm
rh-ruby25-rubygem-power_assert-1.1.1-7.el7.noarch.rpm
rh-ruby25-rubygem-rake-12.3.0-7.el7.noarch.rpm
rh-ruby25-rubygem-rdoc-6.0.1-7.el7.noarch.rpm
rh-ruby25-rubygem-test-unit-3.2.7-7.el7.noarch.rpm
rh-ruby25-rubygem-xmlrpc-0.3.0-7.el7.noarch.rpm
rh-ruby25-rubygems-2.7.6.2-7.el7.noarch.rpm
rh-ruby25-rubygems-devel-2.7.6.2-7.el7.noarch.rpm

ppc64le:
rh-ruby25-ruby-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.ppc64le.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.ppc64le.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.ppc64le.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.ppc64le.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.ppc64le.rpm

s390x:
rh-ruby25-ruby-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.s390x.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.s390x.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.s390x.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.s390x.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.s390x.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.s390x.rpm

x86_64:
rh-ruby25-ruby-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.x86_64.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.x86_64.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.x86_64.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.x86_64.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.x86_64.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
rh-ruby25-ruby-2.5.5-7.el7.src.rpm

noarch:
rh-ruby25-ruby-doc-2.5.5-7.el7.noarch.rpm
rh-ruby25-ruby-irb-2.5.5-7.el7.noarch.rpm
rh-ruby25-rubygem-did_you_mean-1.2.0-7.el7.noarch.rpm
rh-ruby25-rubygem-minitest-5.10.3-7.el7.noarch.rpm
rh-ruby25-rubygem-net-telnet-0.1.1-7.el7.noarch.rpm
rh-ruby25-rubygem-power_assert-1.1.1-7.el7.noarch.rpm
rh-ruby25-rubygem-rake-12.3.0-7.el7.noarch.rpm
rh-ruby25-rubygem-rdoc-6.0.1-7.el7.noarch.rpm
rh-ruby25-rubygem-test-unit-3.2.7-7.el7.noarch.rpm
rh-ruby25-rubygem-xmlrpc-0.3.0-7.el7.noarch.rpm
rh-ruby25-rubygems-2.7.6.2-7.el7.noarch.rpm
rh-ruby25-rubygems-devel-2.7.6.2-7.el7.noarch.rpm

ppc64le:
rh-ruby25-ruby-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.ppc64le.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.ppc64le.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.ppc64le.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.ppc64le.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.ppc64le.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.ppc64le.rpm

s390x:
rh-ruby25-ruby-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.s390x.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.s390x.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.s390x.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.s390x.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.s390x.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.s390x.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.s390x.rpm

x86_64:
rh-ruby25-ruby-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.x86_64.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.x86_64.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.x86_64.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.x86_64.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.x86_64.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-ruby25-ruby-2.5.5-7.el7.src.rpm

noarch:
rh-ruby25-ruby-doc-2.5.5-7.el7.noarch.rpm
rh-ruby25-ruby-irb-2.5.5-7.el7.noarch.rpm
rh-ruby25-rubygem-did_you_mean-1.2.0-7.el7.noarch.rpm
rh-ruby25-rubygem-minitest-5.10.3-7.el7.noarch.rpm
rh-ruby25-rubygem-net-telnet-0.1.1-7.el7.noarch.rpm
rh-ruby25-rubygem-power_assert-1.1.1-7.el7.noarch.rpm
rh-ruby25-rubygem-rake-12.3.0-7.el7.noarch.rpm
rh-ruby25-rubygem-rdoc-6.0.1-7.el7.noarch.rpm
rh-ruby25-rubygem-test-unit-3.2.7-7.el7.noarch.rpm
rh-ruby25-rubygem-xmlrpc-0.3.0-7.el7.noarch.rpm
rh-ruby25-rubygems-2.7.6.2-7.el7.noarch.rpm
rh-ruby25-rubygems-devel-2.7.6.2-7.el7.noarch.rpm

x86_64:
rh-ruby25-ruby-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-debuginfo-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-devel-2.5.5-7.el7.x86_64.rpm
rh-ruby25-ruby-libs-2.5.5-7.el7.x86_64.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.x86_64.rpm
rh-ruby25-rubygem-io-console-0.4.6-7.el7.x86_64.rpm
rh-ruby25-rubygem-json-2.1.0-7.el7.x86_64.rpm
rh-ruby25-rubygem-openssl-2.1.2-7.el7.x86_64.rpm
rh-ruby25-rubygem-psych-3.0.2-7.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-8320
https://access.redhat.com/security/cve/CVE-2019-8321
https://access.redhat.com/security/cve/CVE-2019-8322
https://access.redhat.com/security/cve/CVE-2019-8323
https://access.redhat.com/security/cve/CVE-2019-8324
https://access.redhat.com/security/cve/CVE-2019-8325
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXNky2dzjgjWX9erEAQjM6Q/+L9XVFVe18BoLRP6NdFsmgo9w8LsBKt5i
ptWBi+wKgNpaTTf8/AyW/1aV6BkGAYaRMgL29ltOnI00hd4szq6yUcMbsUg6lIRq
0zkLay88S8ZxON5f4Qy+dP3IhfjVQ4X8B5UCJgDv4riGw77M0RPF6cu73aSdcmXR
TYxKFw/NBK5l9nHb86qALj6x7qMI+1GWMbY4xo1z5erwWDRJCla/kbg3SqwM04F5
8S+VkDK8I30KVYF2lglNWjlCcct0XIqxbRWMG0ONuWpzecLq7TLmxPDOGRwiNhoJ
kbwNEOYsDntF09whfCDm+aylYygcF0DullrWa6JIDZLWmkEsd1yXbIddRL5DEOLy
QK8mnJvTz8vvysxpkcxjfcTxzroga14XR9r0cO1e7EwPTlL7LiGMMvB5v+qSxRV4
Vt4N578HbFzqg9c29F9z5CZV9xseKSa00Te2pT2wBUg6xXNnrCcda9CDhNN4PDMx
VOTTAcYXCkCWj1Row6CIda1CsD8BkbZxmPONxWREcTmoYNl8sQLNEbf0r3SpaSlo
STMG2SUxb6+jNaYSn8KXwvUhG9jsBBYwKnZM8bRzQu5/nLhPwr8+ftjIfafTsXdQ
LC9k9OFsBGnu7wi9I46O8/UADwoWWPBL8vsPMlcQnh2UMi+m41RHpFOmND3msP3g
fqP5UZxEQFM=
=Jkbr
- -----END PGP SIGNATURE-----

- -------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rh-ror42-rubygem-actionpack security update
Advisory ID:       RHSA-2019:1149-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1149
Issue date:        2019-05-13
CVE Names:         CVE-2019-5418 CVE-2019-5419 
=====================================================================

1. Summary:

An update for rh-ror42-rubygem-actionpack is now available for Red Hat
Software Collections.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch

3. Description:

Ruby on Rails is a model-view-controller (MVC) framework for web
application development. Action Pack implements the controller and the view
components.

Security Fix(es):

* rubygem-actionpack: render file directory traversal in Action View
(CVE-2019-5418)

* rubygem-actionpack: denial of service vulnerability in Action View
(CVE-2019-5419)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1689159 - CVE-2019-5418 rubygem-actionpack: render file directory traversal in Action View
1689160 - CVE-2019-5419 rubygem-actionpack: denial of service vulnerability in Action View

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
rh-ror42-rubygem-actionpack-4.2.6-5.el6.src.rpm

noarch:
rh-ror42-rubygem-actionpack-4.2.6-5.el6.noarch.rpm
rh-ror42-rubygem-actionpack-doc-4.2.6-5.el6.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
rh-ror42-rubygem-actionpack-4.2.6-5.el6.src.rpm

noarch:
rh-ror42-rubygem-actionpack-4.2.6-5.el6.noarch.rpm
rh-ror42-rubygem-actionpack-doc-4.2.6-5.el6.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-ror42-rubygem-actionpack-4.2.6-5.el7.src.rpm

noarch:
rh-ror42-rubygem-actionpack-4.2.6-5.el7.noarch.rpm
rh-ror42-rubygem-actionpack-doc-4.2.6-5.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
rh-ror42-rubygem-actionpack-4.2.6-5.el7.src.rpm

noarch:
rh-ror42-rubygem-actionpack-4.2.6-5.el7.noarch.rpm
rh-ror42-rubygem-actionpack-doc-4.2.6-5.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

Source:
rh-ror42-rubygem-actionpack-4.2.6-5.el7.src.rpm

noarch:
rh-ror42-rubygem-actionpack-4.2.6-5.el7.noarch.rpm
rh-ror42-rubygem-actionpack-doc-4.2.6-5.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
rh-ror42-rubygem-actionpack-4.2.6-5.el7.src.rpm

noarch:
rh-ror42-rubygem-actionpack-4.2.6-5.el7.noarch.rpm
rh-ror42-rubygem-actionpack-doc-4.2.6-5.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-ror42-rubygem-actionpack-4.2.6-5.el7.src.rpm

noarch:
rh-ror42-rubygem-actionpack-4.2.6-5.el7.noarch.rpm
rh-ror42-rubygem-actionpack-doc-4.2.6-5.el7.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-5418
https://access.redhat.com/security/cve/CVE-2019-5419
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXNk07tzjgjWX9erEAQhj1w//aulVMmMn0apAh250f4WnxwMtgdPx5UvE
uGBrzi9t6+saudgkx/7uj8YOqA4tmmXAVP+/CaLb6FuQNBkEWe8IVXqAed9yCl16
RBaU6OdRQfUQxIqy2Xw3eWSDK0TCfhFhBgYusbbrGfpHUfxxT5hfaNrh2D5YXZx2
5MNmr7uzRZcMKprLYXTagSgZgJvMBBmGIASGUoSQPISl3FNqutWMQ/TuL0hXgQaH
nx5orb2G454ysQLJgkGV3th69Emv284q8WFqL/ccE7scaQtNSIrhxCULvg07bMyb
U9AvMOWf/MwaznYCO30pe6aI6GD18R+nuxzAdqrla0TKCJlJI/aTdX9Aavk+UZmj
RS4+PW6oSy6cTpRVxPBxe4QKzhhALL8KkFW3ser8rs1+EA1YEEkEssv+/KgmFUiK
vJX/j5XRTdFklU9nKPeCoIZKwNm2/cfSGrTuy9f2sr4WJWDGaH+9Wfrncm374P6B
xPmwGdSADgUjQHafEn+rN+NjqXWoSa0I+DVx1+gfoIMsS+AxvL1njWKclpiFFozj
nm4x6M14q985lD0B31w0XBAx4geIBr0Xhl7nh6fKb3kDqtXWbDxWV6o+z87y5ETx
VqbXQJx+zK2wyclIPVVELv3gziUVqov98rZrz8TCN3sz9z0g9Gh514auynEcdb+l
6GCYfc0/+v4=
=0u2F
- -----END PGP SIGNATURE-----

- -------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rh-ruby24-ruby security, bug fix, and enhancement update
Advisory ID:       RHSA-2019:1150-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1150
Issue date:        2019-05-13
CVE Names:         CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 
                   CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 
=====================================================================

1. Summary:

An update for rh-ruby24-ruby is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version:
rh-ruby24-ruby (2.4.6). (BZ#1700275)

Security Fix(es):

* rubygems: Installing a malicious gem may lead to arbitrary code execution
(CVE-2019-8324)

* rubygems: Delete directory using symlink when decompressing tar
(CVE-2019-8320)

* rubygems: Escape sequence injection vulnerability in verbose
(CVE-2019-8321)

* rubygems: Escape sequence injection vulnerability in gem owner
(CVE-2019-8322)

* rubygems: Escape sequence injection vulnerability in API response
handling (CVE-2019-8323)

* rubygems: Escape sequence injection vulnerability in errors
(CVE-2019-8325)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1692512 - CVE-2019-8320 rubygems: Delete directory using symlink when decompressing tar
1692514 - CVE-2019-8321 rubygems: Escape sequence injection vulnerability in verbose
1692516 - CVE-2019-8322 rubygems: Escape sequence injection vulnerability in gem owner
1692519 - CVE-2019-8323 rubygems: Escape sequence injection vulnerability in API response handling
1692520 - CVE-2019-8324 rubygems: Installing a malicious gem may lead to arbitrary code execution
1692522 - CVE-2019-8325 rubygems: Escape sequence injection vulnerability in errors
1700275 - Rebase to the latest Ruby 2.4 point release [3.2.z]

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
rh-ruby24-ruby-2.4.6-92.el6.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.6-92.el6.noarch.rpm
rh-ruby24-ruby-irb-2.4.6-92.el6.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-92.el6.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-92.el6.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-92.el6.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-92.el6.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-92.el6.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-92.el6.noarch.rpm
rh-ruby24-rubygems-2.6.14.4-92.el6.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14.4-92.el6.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.6-92.el6.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.6-92.el6.x86_64.rpm
rh-ruby24-ruby-devel-2.4.6-92.el6.x86_64.rpm
rh-ruby24-ruby-libs-2.4.6-92.el6.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.2-92.el6.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-92.el6.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-92.el6.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-92.el6.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-92.el6.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.9-92.el6.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-92.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
rh-ruby24-ruby-2.4.6-92.el6.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.6-92.el6.noarch.rpm
rh-ruby24-ruby-irb-2.4.6-92.el6.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-92.el6.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-92.el6.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-92.el6.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-92.el6.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-92.el6.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-92.el6.noarch.rpm
rh-ruby24-rubygems-2.6.14.4-92.el6.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14.4-92.el6.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.6-92.el6.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.6-92.el6.x86_64.rpm
rh-ruby24-ruby-devel-2.4.6-92.el6.x86_64.rpm
rh-ruby24-ruby-libs-2.4.6-92.el6.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.2-92.el6.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-92.el6.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-92.el6.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-92.el6.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-92.el6.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.9-92.el6.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-92.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-ruby24-ruby-2.4.6-92.el7.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.6-92.el7.noarch.rpm
rh-ruby24-ruby-irb-2.4.6-92.el7.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-92.el7.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-92.el7.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-92.el7.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-92.el7.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-92.el7.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-92.el7.noarch.rpm
rh-ruby24-rubygems-2.6.14.4-92.el7.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14.4-92.el7.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-devel-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-libs-2.4.6-92.el7.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.2-92.el7.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-92.el7.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-92.el7.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-92.el7.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-92.el7.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.9-92.el7.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-92.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
rh-ruby24-ruby-2.4.6-92.el7.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.6-92.el7.noarch.rpm
rh-ruby24-ruby-irb-2.4.6-92.el7.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-92.el7.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-92.el7.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-92.el7.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-92.el7.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-92.el7.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-92.el7.noarch.rpm
rh-ruby24-rubygems-2.6.14.4-92.el7.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14.4-92.el7.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-devel-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-libs-2.4.6-92.el7.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.2-92.el7.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-92.el7.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-92.el7.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-92.el7.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-92.el7.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.9-92.el7.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-92.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

Source:
rh-ruby24-ruby-2.4.6-92.el7.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.6-92.el7.noarch.rpm
rh-ruby24-ruby-irb-2.4.6-92.el7.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-92.el7.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-92.el7.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-92.el7.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-92.el7.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-92.el7.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-92.el7.noarch.rpm
rh-ruby24-rubygems-2.6.14.4-92.el7.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14.4-92.el7.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-devel-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-libs-2.4.6-92.el7.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.2-92.el7.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-92.el7.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-92.el7.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-92.el7.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-92.el7.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.9-92.el7.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-92.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
rh-ruby24-ruby-2.4.6-92.el7.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.6-92.el7.noarch.rpm
rh-ruby24-ruby-irb-2.4.6-92.el7.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-92.el7.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-92.el7.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-92.el7.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-92.el7.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-92.el7.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-92.el7.noarch.rpm
rh-ruby24-rubygems-2.6.14.4-92.el7.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14.4-92.el7.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-devel-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-libs-2.4.6-92.el7.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.2-92.el7.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-92.el7.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-92.el7.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-92.el7.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-92.el7.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.9-92.el7.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-92.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-ruby24-ruby-2.4.6-92.el7.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.6-92.el7.noarch.rpm
rh-ruby24-ruby-irb-2.4.6-92.el7.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-92.el7.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-92.el7.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-92.el7.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-92.el7.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-92.el7.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-92.el7.noarch.rpm
rh-ruby24-rubygems-2.6.14.4-92.el7.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14.4-92.el7.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-devel-2.4.6-92.el7.x86_64.rpm
rh-ruby24-ruby-libs-2.4.6-92.el7.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.2-92.el7.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-92.el7.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-92.el7.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-92.el7.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-92.el7.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.9-92.el7.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-92.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-8320
https://access.redhat.com/security/cve/CVE-2019-8321
https://access.redhat.com/security/cve/CVE-2019-8322
https://access.redhat.com/security/cve/CVE-2019-8323
https://access.redhat.com/security/cve/CVE-2019-8324
https://access.redhat.com/security/cve/CVE-2019-8325
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXNk2ytzjgjWX9erEAQge8g/+PVFBKwqDHVMTTl71F/57/KGeEdtsanle
srYZ6Y3OPBBxgHo1bAsDO38drnH/NsNfTpwq5TeI7Hw8YJ3M9uuVjTFN3RuDeS2L
34WEE7oP+NabX1QBS0Z40LSp1Bzitxmbc9B031+CQNkiaXrgYa/ysK7lYDpbD+jT
rwsNQ2WMnS8BcCnA7t6/neJ55yzfFYGJ3QULiF1O/PA/OMJFy+K7GUHooiK231mF
cns6wrbC9cRISTLvDuzv0EPwY89Wsg5lbfllMEl4FnIxcvQ9zz9UyaQeT8zUQk9w
B6rYNf+mvweQ7P5s2Fa2H90BN/sZJQLi46MRZ0QSdEnwL51wPM9/awXkFnSzGG86
LoBhj1BdhpJ+qhsRkdELbXtciti+ybmY2oWJgvlqf7dqjYfxf6erfCR9X8eBJG50
kqAUUfRcaURbc4U4HC3PBGtqkyBeC6GpxkrAp4uaXASh9ZadlnNwa6iJ/5hu5wbF
KjhoaEjjqEoTAd3Im/Lv+VPI93YkQror59mqeTkZqFt8+4VyyR2pNjRxAcg7fZqI
/g/0s30QfhZ9ZBeXGa5tA0u303tEZU1PG5QZP8Atl1QrvvCdtXf/ePoMq2KJYAtP
TNhXEOrEWhI+7UJL3N2I3sMrEtrTUadBjNkmQs53PKYyjCDMXT8EndjWqPPqo5ho
s5xnZamp1Z8=
=UHPv
- -----END PGP SIGNATURE-----

- -------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rh-ruby23-ruby security update
Advisory ID:       RHSA-2019:1151-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1151
Issue date:        2019-05-13
CVE Names:         CVE-2019-8324 
=====================================================================

1. Summary:

An update for rh-ruby23-ruby is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to perform system management tasks.

Security Fix(es):

* rubygems: Installing a malicious gem may lead to arbitrary code execution
(CVE-2019-8324)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1692520 - CVE-2019-8324 rubygems: Installing a malicious gem may lead to arbitrary code execution

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
rh-ruby23-ruby-2.3.8-70.el6.src.rpm

noarch:
rh-ruby23-ruby-doc-2.3.8-70.el6.noarch.rpm
rh-ruby23-ruby-irb-2.3.8-70.el6.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-70.el6.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-70.el6.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-70.el6.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-70.el6.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-70.el6.noarch.rpm
rh-ruby23-rubygems-2.5.2.3-70.el6.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.3-70.el6.noarch.rpm

x86_64:
rh-ruby23-ruby-2.3.8-70.el6.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.8-70.el6.x86_64.rpm
rh-ruby23-ruby-devel-2.3.8-70.el6.x86_64.rpm
rh-ruby23-ruby-libs-2.3.8-70.el6.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.8-70.el6.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-70.el6.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-70.el6.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-70.el6.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-70.el6.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-70.el6.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-70.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
rh-ruby23-ruby-2.3.8-70.el6.src.rpm

noarch:
rh-ruby23-ruby-doc-2.3.8-70.el6.noarch.rpm
rh-ruby23-ruby-irb-2.3.8-70.el6.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-70.el6.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-70.el6.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-70.el6.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-70.el6.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-70.el6.noarch.rpm
rh-ruby23-rubygems-2.5.2.3-70.el6.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.3-70.el6.noarch.rpm

x86_64:
rh-ruby23-ruby-2.3.8-70.el6.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.8-70.el6.x86_64.rpm
rh-ruby23-ruby-devel-2.3.8-70.el6.x86_64.rpm
rh-ruby23-ruby-libs-2.3.8-70.el6.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.8-70.el6.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-70.el6.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-70.el6.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-70.el6.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-70.el6.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-70.el6.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-70.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-ruby23-ruby-2.3.8-70.el7.src.rpm

noarch:
rh-ruby23-ruby-doc-2.3.8-70.el7.noarch.rpm
rh-ruby23-ruby-irb-2.3.8-70.el7.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-70.el7.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-70.el7.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-70.el7.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-70.el7.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-70.el7.noarch.rpm
rh-ruby23-rubygems-2.5.2.3-70.el7.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.3-70.el7.noarch.rpm

x86_64:
rh-ruby23-ruby-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-devel-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-libs-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.8-70.el7.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-70.el7.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-70.el7.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-70.el7.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-70.el7.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-70.el7.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-70.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
rh-ruby23-ruby-2.3.8-70.el7.src.rpm

noarch:
rh-ruby23-ruby-doc-2.3.8-70.el7.noarch.rpm
rh-ruby23-ruby-irb-2.3.8-70.el7.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-70.el7.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-70.el7.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-70.el7.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-70.el7.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-70.el7.noarch.rpm
rh-ruby23-rubygems-2.5.2.3-70.el7.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.3-70.el7.noarch.rpm

x86_64:
rh-ruby23-ruby-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-devel-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-libs-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.8-70.el7.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-70.el7.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-70.el7.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-70.el7.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-70.el7.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-70.el7.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-70.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

Source:
rh-ruby23-ruby-2.3.8-70.el7.src.rpm

noarch:
rh-ruby23-ruby-doc-2.3.8-70.el7.noarch.rpm
rh-ruby23-ruby-irb-2.3.8-70.el7.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-70.el7.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-70.el7.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-70.el7.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-70.el7.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-70.el7.noarch.rpm
rh-ruby23-rubygems-2.5.2.3-70.el7.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.3-70.el7.noarch.rpm

x86_64:
rh-ruby23-ruby-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-devel-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-libs-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.8-70.el7.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-70.el7.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-70.el7.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-70.el7.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-70.el7.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-70.el7.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-70.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
rh-ruby23-ruby-2.3.8-70.el7.src.rpm

noarch:
rh-ruby23-ruby-doc-2.3.8-70.el7.noarch.rpm
rh-ruby23-ruby-irb-2.3.8-70.el7.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-70.el7.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-70.el7.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-70.el7.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-70.el7.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-70.el7.noarch.rpm
rh-ruby23-rubygems-2.5.2.3-70.el7.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.3-70.el7.noarch.rpm

x86_64:
rh-ruby23-ruby-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-devel-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-libs-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.8-70.el7.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-70.el7.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-70.el7.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-70.el7.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-70.el7.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-70.el7.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-70.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-ruby23-ruby-2.3.8-70.el7.src.rpm

noarch:
rh-ruby23-ruby-doc-2.3.8-70.el7.noarch.rpm
rh-ruby23-ruby-irb-2.3.8-70.el7.noarch.rpm
rh-ruby23-rubygem-minitest-5.8.5-70.el7.noarch.rpm
rh-ruby23-rubygem-power_assert-0.2.6-70.el7.noarch.rpm
rh-ruby23-rubygem-rake-10.4.2-70.el7.noarch.rpm
rh-ruby23-rubygem-rdoc-4.2.1-70.el7.noarch.rpm
rh-ruby23-rubygem-test-unit-3.1.5-70.el7.noarch.rpm
rh-ruby23-rubygems-2.5.2.3-70.el7.noarch.rpm
rh-ruby23-rubygems-devel-2.5.2.3-70.el7.noarch.rpm

x86_64:
rh-ruby23-ruby-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-debuginfo-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-devel-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-libs-2.3.8-70.el7.x86_64.rpm
rh-ruby23-ruby-tcltk-2.3.8-70.el7.x86_64.rpm
rh-ruby23-rubygem-bigdecimal-1.2.8-70.el7.x86_64.rpm
rh-ruby23-rubygem-did_you_mean-1.0.0-70.el7.x86_64.rpm
rh-ruby23-rubygem-io-console-0.4.5-70.el7.x86_64.rpm
rh-ruby23-rubygem-json-1.8.3.1-70.el7.x86_64.rpm
rh-ruby23-rubygem-net-telnet-0.1.1-70.el7.x86_64.rpm
rh-ruby23-rubygem-psych-2.1.0.1-70.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-8324
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXNk3uNzjgjWX9erEAQjgOQ//VlbUEjZvvA34285+uiYA/nr/hwHy2DRI
zoZ9rHLCEG8ir+fGChKRfQ5G368KGLanzJOCbOuUAlTETiYprMPytOmDpz9y0CvJ
rbVJJmgieaYdaxocTrIi5TP2aBrDKa4lS66/u0s5TIMKWkyXzEBFfuX6BqPebnGO
HM6Em/jhG86yDQD0VDpsI0RUBpmTO9fvBYA6DqPpJwA6U/ak739LdkwZvKQadscU
bi5sIp7OofxSvw5sinJ/ZE8u7x/jACuNEyfm9rgqr71vuMLJlfoBxvDxwoKC0oXh
WqwUP0DGhj8xcDGil6Bv2AIqX3/d4co+bQn7nNrkNwGx1HlAPckdooJL3cqJA2ST
0vCTERdfQPzhIY28c8EXLZc4Yt9hXE8zLUBift3MZux3JVXAH/IWuKiXOS1QSnYS
9jco8/uLFsWmQMa/Ppi8P2Y03AgjlTGTwlBYlhMD1/iw69tuY3ZKMFq3IwvPZ+6H
v40xSbhEjZnA0m2Y7sPuXSATghlzju2sHqVjHZNw1z11KeyMaDpse3dN5Dwd4SH+
sE5w0QOZMSR1NlFhVaIzj1zCa4WckgFR3fe/TTwhyUjGt3oX0UWdyXSX6BzcR+Gb
73qkOEa0OEKpkg4mztq/IU9kR6UKXcrhTiPk+a0D16gFPXutc2qqwpux1M8kMKpI
Qu1uqW4aSxI=
=jZ92
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXNoSE2aOgq3Tt24GAQj7XQ/+OahmXwynBamYVn7fV4SUHCKAy23JMhF7
Z54OEiegMf5BuYpcCzC7klYzNzjur6GJqD74JpfUFl1TYJP2snOikFNlgb7FM6lf
h5P/+EL/erHZMkdIWDpA46SLu0O+7vb4T/XqQRj1uC8jyXzIk0lRYoq6c70vqAl6
0mqIcrlH9oCpdeaKfCzgZzykOn+M8iKRnowe6QT+j/7qyYpe0kvljtAPK76h0zuU
TpSmxMO4Rqgq/RpddertFU+ZI5ImWiqo68I+tqhnG/Tng9ogyTrVYJkkiwSCoRSJ
fIoffOXY1lMmZef3prBNtrmHxmWf4xa00rZ9d4jIXfHDEqFSh8COipVUSjTRQZMp
AAlKcMVgdZKdlTeoXra4DuWO+yRmB2BpyBJXc9b0StceLKNrVYppDQD4Hys0gzXP
Oc9wEbQOMhRje7DPIOIL05gi/VpZ129M+z0F5isWAjPrbXesYAiT7dPZ3QOo2JgQ
l60ccvQoIxa+iQdEQ9jvEldn7wSodcRNfj/K0EcJD3MJhQp+N8zR3yYDREuUdedo
X+1M1qv09a5694TKOOhoBv0fqhgNiK4pbuWC6bJ17DEk1Qq8/CCbIURiEMs9P2mC
eZVw1gO8xKAlUOadIGEBPKGYGnwt9O/pBvPv4rodvn+lmDJDEKeZ4lfTsZyx7OzU
2JziyXKbhWE=
=/Ij2
-----END PGP SIGNATURE-----