Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1674 Important: rh-ror50-rubygem-actionpack security update 14 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ruby on rails ruby Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Delete Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-8325 CVE-2019-8324 CVE-2019-8323 CVE-2019-8322 CVE-2019-8321 CVE-2019-8320 CVE-2019-5419 CVE-2019-5418 Reference: ESB-2019.1314 ESB-2019.1202 ESB-2019.0821 ESB-2019.0678 Original Bulletin: https://access.redhat.com/errata/RHSA-2019:1147 https://access.redhat.com/errata/RHSA-2019:1148 https://access.redhat.com/errata/RHSA-2019:1149 https://access.redhat.com/errata/RHSA-2019:1150 https://access.redhat.com/errata/RHSA-2019:1151 Comment: This bulletin contains five (5) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-ror50-rubygem-actionpack security update Advisory ID: RHSA-2019:1147-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:1147 Issue date: 2019-05-13 CVE Names: CVE-2019-5418 CVE-2019-5419 ===================================================================== 1. Summary: An update for rh-ror50-rubygem-actionpack is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * rubygem-actionpack: render file directory traversal in Action View (CVE-2019-5418) * rubygem-actionpack: denial of service vulnerability in Action View (CVE-2019-5419) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1689159 - CVE-2019-5418 rubygem-actionpack: render file directory traversal in Action View 1689160 - CVE-2019-5419 rubygem-actionpack: denial of service vulnerability in Action View 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-ror50-rubygem-actionpack-5.0.1-2.el6.src.rpm noarch: rh-ror50-rubygem-actionpack-5.0.1-2.el6.noarch.rpm rh-ror50-rubygem-actionpack-doc-5.0.1-2.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-ror50-rubygem-actionpack-5.0.1-2.el6.src.rpm noarch: rh-ror50-rubygem-actionpack-5.0.1-2.el6.noarch.rpm rh-ror50-rubygem-actionpack-doc-5.0.1-2.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ror50-rubygem-actionpack-5.0.1-2.el7.src.rpm noarch: rh-ror50-rubygem-actionpack-5.0.1-2.el7.noarch.rpm rh-ror50-rubygem-actionpack-doc-5.0.1-2.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-ror50-rubygem-actionpack-5.0.1-2.el7.src.rpm noarch: rh-ror50-rubygem-actionpack-5.0.1-2.el7.noarch.rpm rh-ror50-rubygem-actionpack-doc-5.0.1-2.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-ror50-rubygem-actionpack-5.0.1-2.el7.src.rpm noarch: rh-ror50-rubygem-actionpack-5.0.1-2.el7.noarch.rpm rh-ror50-rubygem-actionpack-doc-5.0.1-2.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-ror50-rubygem-actionpack-5.0.1-2.el7.src.rpm noarch: rh-ror50-rubygem-actionpack-5.0.1-2.el7.noarch.rpm rh-ror50-rubygem-actionpack-doc-5.0.1-2.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ror50-rubygem-actionpack-5.0.1-2.el7.src.rpm noarch: rh-ror50-rubygem-actionpack-5.0.1-2.el7.noarch.rpm rh-ror50-rubygem-actionpack-doc-5.0.1-2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-5418 https://access.redhat.com/security/cve/CVE-2019-5419 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXNkw5dzjgjWX9erEAQhiHBAAiUDdS68e/pkQQ4YDneLBLdLOmZaoPZqa E8BkpklNIsYBx3x6PUiky9PDkdd8dkHO9f4I1dl55irKlqrg1hKJUBMsm2LMHUTf o7/QXoHIRF8HP995GBNmpChGAbE9CtZI8VNbZh6kgNmpeCAYRwoBI7e6TSmJ6aUj LzZpw3dvy8cUNkuBJiV/4ZDe+a0s/X0BS91OlCQ7J8DeXyNlFddTNT2ic9nwmmLy ajvvexoSr1tVaMAeeotfuGYxFOUVAzuVgH5fIi5NwpHQn86alyqjYr+e1XQsLOGH Gf7Njb5+aenqjzXXjrUoplUJEMCD885mdECTsM3WwFRaVBt+F5LuO+EBN034nWp9 r8EYxWO0+f9IDTUV7ndCDpmCz4EnfBL7IR2EwzXtXKyBQdoBrEXZW//gf/o+0xMg 7U+omBp4JuC6lNwlhQY2ieCY8Aq/DttP6M1tDh0kT7uQNIk9Fmz0qVH9aTkRS6T3 +/3qglkQN58WY2woQoU5hetcjdGf8kCpHuzj57PbgHq7lJuUH5jEC8CJOTuD1tw+ 0CtYU41Yw5SI5//54DKU/eSK0bAzHlgTAWmhxJsiSkQnWJHiw2+tt0ELNCxh/LxR UK1JPY++4jWQCp8iGioEmDAcSSRKYBb1O59OwH5weQ7/IwCzDLu2qnWLIPdxbLQI p60qNG9Boyk= =Vfif - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-ruby25-ruby security, bug fix, and enhancement update Advisory ID: RHSA-2019:1148-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:1148 Issue date: 2019-05-13 CVE Names: CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 ===================================================================== 1. Summary: An update for rh-ruby25-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby25-ruby (2.5.5). (BZ#1700274) Security Fix(es): * rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324) * rubygems: Delete directory using symlink when decompressing tar (CVE-2019-8320) * rubygems: Escape sequence injection vulnerability in verbose (CVE-2019-8321) * rubygems: Escape sequence injection vulnerability in gem owner (CVE-2019-8322) * rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323) * rubygems: Escape sequence injection vulnerability in errors (CVE-2019-8325) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1692512 - CVE-2019-8320 rubygems: Delete directory using symlink when decompressing tar 1692514 - CVE-2019-8321 rubygems: Escape sequence injection vulnerability in verbose 1692516 - CVE-2019-8322 rubygems: Escape sequence injection vulnerability in gem owner 1692519 - CVE-2019-8323 rubygems: Escape sequence injection vulnerability in API response handling 1692520 - CVE-2019-8324 rubygems: Installing a malicious gem may lead to arbitrary code execution 1692522 - CVE-2019-8325 rubygems: Escape sequence injection vulnerability in errors 1700274 - Rebase to the latest Ruby 2.5 point release [3.2.z] 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ruby25-ruby-2.5.5-7.el7.src.rpm aarch64: rh-ruby25-ruby-2.5.5-7.el7.aarch64.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.aarch64.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.aarch64.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.aarch64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.aarch64.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.aarch64.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.aarch64.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.aarch64.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.aarch64.rpm noarch: rh-ruby25-ruby-doc-2.5.5-7.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.5-7.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-7.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-7.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-7.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-7.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.0-7.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1-7.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-7.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-7.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.2-7.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.2-7.el7.noarch.rpm ppc64le: rh-ruby25-ruby-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.ppc64le.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.ppc64le.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.ppc64le.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.ppc64le.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.ppc64le.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.ppc64le.rpm s390x: rh-ruby25-ruby-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.s390x.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.s390x.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.s390x.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.s390x.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.s390x.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ruby25-ruby-2.5.5-7.el7.src.rpm aarch64: rh-ruby25-ruby-2.5.5-7.el7.aarch64.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.aarch64.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.aarch64.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.aarch64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.aarch64.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.aarch64.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.aarch64.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.aarch64.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.aarch64.rpm noarch: rh-ruby25-ruby-doc-2.5.5-7.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.5-7.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-7.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-7.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-7.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-7.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.0-7.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1-7.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-7.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-7.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.2-7.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.2-7.el7.noarch.rpm ppc64le: rh-ruby25-ruby-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.ppc64le.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.ppc64le.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.ppc64le.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.ppc64le.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.ppc64le.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.ppc64le.rpm s390x: rh-ruby25-ruby-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.s390x.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.s390x.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.s390x.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.s390x.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.s390x.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.s390x.rpm x86_64: rh-ruby25-ruby-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.x86_64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.x86_64.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.x86_64.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.x86_64.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.x86_64.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-ruby25-ruby-2.5.5-7.el7.src.rpm noarch: rh-ruby25-ruby-doc-2.5.5-7.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.5-7.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-7.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-7.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-7.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-7.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.0-7.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1-7.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-7.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-7.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.2-7.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.2-7.el7.noarch.rpm ppc64le: rh-ruby25-ruby-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.ppc64le.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.ppc64le.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.ppc64le.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.ppc64le.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.ppc64le.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.ppc64le.rpm s390x: rh-ruby25-ruby-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.s390x.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.s390x.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.s390x.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.s390x.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.s390x.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.s390x.rpm x86_64: rh-ruby25-ruby-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.x86_64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.x86_64.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.x86_64.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.x86_64.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.x86_64.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-ruby25-ruby-2.5.5-7.el7.src.rpm noarch: rh-ruby25-ruby-doc-2.5.5-7.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.5-7.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-7.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-7.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-7.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-7.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.0-7.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1-7.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-7.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-7.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.2-7.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.2-7.el7.noarch.rpm ppc64le: rh-ruby25-ruby-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.ppc64le.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.ppc64le.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.ppc64le.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.ppc64le.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.ppc64le.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.ppc64le.rpm s390x: rh-ruby25-ruby-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.s390x.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.s390x.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.s390x.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.s390x.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.s390x.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.s390x.rpm x86_64: rh-ruby25-ruby-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.x86_64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.x86_64.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.x86_64.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.x86_64.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.x86_64.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-ruby25-ruby-2.5.5-7.el7.src.rpm noarch: rh-ruby25-ruby-doc-2.5.5-7.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.5-7.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-7.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-7.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-7.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-7.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.0-7.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1-7.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-7.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-7.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.2-7.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.2-7.el7.noarch.rpm ppc64le: rh-ruby25-ruby-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.ppc64le.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.ppc64le.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.ppc64le.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.ppc64le.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.ppc64le.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.ppc64le.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.ppc64le.rpm s390x: rh-ruby25-ruby-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.s390x.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.s390x.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.s390x.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.s390x.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.s390x.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.s390x.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.s390x.rpm x86_64: rh-ruby25-ruby-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.x86_64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.x86_64.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.x86_64.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.x86_64.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.x86_64.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ruby25-ruby-2.5.5-7.el7.src.rpm noarch: rh-ruby25-ruby-doc-2.5.5-7.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.5-7.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-7.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-7.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-7.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-7.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.0-7.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1-7.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-7.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-7.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.2-7.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.2-7.el7.noarch.rpm x86_64: rh-ruby25-ruby-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-debuginfo-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-devel-2.5.5-7.el7.x86_64.rpm rh-ruby25-ruby-libs-2.5.5-7.el7.x86_64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7.x86_64.rpm rh-ruby25-rubygem-io-console-0.4.6-7.el7.x86_64.rpm rh-ruby25-rubygem-json-2.1.0-7.el7.x86_64.rpm rh-ruby25-rubygem-openssl-2.1.2-7.el7.x86_64.rpm rh-ruby25-rubygem-psych-3.0.2-7.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-8320 https://access.redhat.com/security/cve/CVE-2019-8321 https://access.redhat.com/security/cve/CVE-2019-8322 https://access.redhat.com/security/cve/CVE-2019-8323 https://access.redhat.com/security/cve/CVE-2019-8324 https://access.redhat.com/security/cve/CVE-2019-8325 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXNky2dzjgjWX9erEAQjM6Q/+L9XVFVe18BoLRP6NdFsmgo9w8LsBKt5i ptWBi+wKgNpaTTf8/AyW/1aV6BkGAYaRMgL29ltOnI00hd4szq6yUcMbsUg6lIRq 0zkLay88S8ZxON5f4Qy+dP3IhfjVQ4X8B5UCJgDv4riGw77M0RPF6cu73aSdcmXR TYxKFw/NBK5l9nHb86qALj6x7qMI+1GWMbY4xo1z5erwWDRJCla/kbg3SqwM04F5 8S+VkDK8I30KVYF2lglNWjlCcct0XIqxbRWMG0ONuWpzecLq7TLmxPDOGRwiNhoJ kbwNEOYsDntF09whfCDm+aylYygcF0DullrWa6JIDZLWmkEsd1yXbIddRL5DEOLy QK8mnJvTz8vvysxpkcxjfcTxzroga14XR9r0cO1e7EwPTlL7LiGMMvB5v+qSxRV4 Vt4N578HbFzqg9c29F9z5CZV9xseKSa00Te2pT2wBUg6xXNnrCcda9CDhNN4PDMx VOTTAcYXCkCWj1Row6CIda1CsD8BkbZxmPONxWREcTmoYNl8sQLNEbf0r3SpaSlo STMG2SUxb6+jNaYSn8KXwvUhG9jsBBYwKnZM8bRzQu5/nLhPwr8+ftjIfafTsXdQ LC9k9OFsBGnu7wi9I46O8/UADwoWWPBL8vsPMlcQnh2UMi+m41RHpFOmND3msP3g fqP5UZxEQFM= =Jkbr - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-ror42-rubygem-actionpack security update Advisory ID: RHSA-2019:1149-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:1149 Issue date: 2019-05-13 CVE Names: CVE-2019-5418 CVE-2019-5419 ===================================================================== 1. Summary: An update for rh-ror42-rubygem-actionpack is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * rubygem-actionpack: render file directory traversal in Action View (CVE-2019-5418) * rubygem-actionpack: denial of service vulnerability in Action View (CVE-2019-5419) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1689159 - CVE-2019-5418 rubygem-actionpack: render file directory traversal in Action View 1689160 - CVE-2019-5419 rubygem-actionpack: denial of service vulnerability in Action View 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-ror42-rubygem-actionpack-4.2.6-5.el6.src.rpm noarch: rh-ror42-rubygem-actionpack-4.2.6-5.el6.noarch.rpm rh-ror42-rubygem-actionpack-doc-4.2.6-5.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-ror42-rubygem-actionpack-4.2.6-5.el6.src.rpm noarch: rh-ror42-rubygem-actionpack-4.2.6-5.el6.noarch.rpm rh-ror42-rubygem-actionpack-doc-4.2.6-5.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ror42-rubygem-actionpack-4.2.6-5.el7.src.rpm noarch: rh-ror42-rubygem-actionpack-4.2.6-5.el7.noarch.rpm rh-ror42-rubygem-actionpack-doc-4.2.6-5.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-ror42-rubygem-actionpack-4.2.6-5.el7.src.rpm noarch: rh-ror42-rubygem-actionpack-4.2.6-5.el7.noarch.rpm rh-ror42-rubygem-actionpack-doc-4.2.6-5.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-ror42-rubygem-actionpack-4.2.6-5.el7.src.rpm noarch: rh-ror42-rubygem-actionpack-4.2.6-5.el7.noarch.rpm rh-ror42-rubygem-actionpack-doc-4.2.6-5.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-ror42-rubygem-actionpack-4.2.6-5.el7.src.rpm noarch: rh-ror42-rubygem-actionpack-4.2.6-5.el7.noarch.rpm rh-ror42-rubygem-actionpack-doc-4.2.6-5.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ror42-rubygem-actionpack-4.2.6-5.el7.src.rpm noarch: rh-ror42-rubygem-actionpack-4.2.6-5.el7.noarch.rpm rh-ror42-rubygem-actionpack-doc-4.2.6-5.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-5418 https://access.redhat.com/security/cve/CVE-2019-5419 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXNk07tzjgjWX9erEAQhj1w//aulVMmMn0apAh250f4WnxwMtgdPx5UvE uGBrzi9t6+saudgkx/7uj8YOqA4tmmXAVP+/CaLb6FuQNBkEWe8IVXqAed9yCl16 RBaU6OdRQfUQxIqy2Xw3eWSDK0TCfhFhBgYusbbrGfpHUfxxT5hfaNrh2D5YXZx2 5MNmr7uzRZcMKprLYXTagSgZgJvMBBmGIASGUoSQPISl3FNqutWMQ/TuL0hXgQaH nx5orb2G454ysQLJgkGV3th69Emv284q8WFqL/ccE7scaQtNSIrhxCULvg07bMyb U9AvMOWf/MwaznYCO30pe6aI6GD18R+nuxzAdqrla0TKCJlJI/aTdX9Aavk+UZmj RS4+PW6oSy6cTpRVxPBxe4QKzhhALL8KkFW3ser8rs1+EA1YEEkEssv+/KgmFUiK vJX/j5XRTdFklU9nKPeCoIZKwNm2/cfSGrTuy9f2sr4WJWDGaH+9Wfrncm374P6B xPmwGdSADgUjQHafEn+rN+NjqXWoSa0I+DVx1+gfoIMsS+AxvL1njWKclpiFFozj nm4x6M14q985lD0B31w0XBAx4geIBr0Xhl7nh6fKb3kDqtXWbDxWV6o+z87y5ETx VqbXQJx+zK2wyclIPVVELv3gziUVqov98rZrz8TCN3sz9z0g9Gh514auynEcdb+l 6GCYfc0/+v4= =0u2F - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-ruby24-ruby security, bug fix, and enhancement update Advisory ID: RHSA-2019:1150-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:1150 Issue date: 2019-05-13 CVE Names: CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 ===================================================================== 1. Summary: An update for rh-ruby24-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby (2.4.6). (BZ#1700275) Security Fix(es): * rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324) * rubygems: Delete directory using symlink when decompressing tar (CVE-2019-8320) * rubygems: Escape sequence injection vulnerability in verbose (CVE-2019-8321) * rubygems: Escape sequence injection vulnerability in gem owner (CVE-2019-8322) * rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323) * rubygems: Escape sequence injection vulnerability in errors (CVE-2019-8325) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1692512 - CVE-2019-8320 rubygems: Delete directory using symlink when decompressing tar 1692514 - CVE-2019-8321 rubygems: Escape sequence injection vulnerability in verbose 1692516 - CVE-2019-8322 rubygems: Escape sequence injection vulnerability in gem owner 1692519 - CVE-2019-8323 rubygems: Escape sequence injection vulnerability in API response handling 1692520 - CVE-2019-8324 rubygems: Installing a malicious gem may lead to arbitrary code execution 1692522 - CVE-2019-8325 rubygems: Escape sequence injection vulnerability in errors 1700275 - Rebase to the latest Ruby 2.4 point release [3.2.z] 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-ruby24-ruby-2.4.6-92.el6.src.rpm noarch: rh-ruby24-ruby-doc-2.4.6-92.el6.noarch.rpm rh-ruby24-ruby-irb-2.4.6-92.el6.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-92.el6.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-92.el6.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-92.el6.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-92.el6.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-92.el6.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-92.el6.noarch.rpm rh-ruby24-rubygems-2.6.14.4-92.el6.noarch.rpm rh-ruby24-rubygems-devel-2.6.14.4-92.el6.noarch.rpm x86_64: rh-ruby24-ruby-2.4.6-92.el6.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.6-92.el6.x86_64.rpm rh-ruby24-ruby-devel-2.4.6-92.el6.x86_64.rpm rh-ruby24-ruby-libs-2.4.6-92.el6.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.2-92.el6.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-92.el6.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-92.el6.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-92.el6.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-92.el6.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.9-92.el6.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-92.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-ruby24-ruby-2.4.6-92.el6.src.rpm noarch: rh-ruby24-ruby-doc-2.4.6-92.el6.noarch.rpm rh-ruby24-ruby-irb-2.4.6-92.el6.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-92.el6.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-92.el6.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-92.el6.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-92.el6.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-92.el6.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-92.el6.noarch.rpm rh-ruby24-rubygems-2.6.14.4-92.el6.noarch.rpm rh-ruby24-rubygems-devel-2.6.14.4-92.el6.noarch.rpm x86_64: rh-ruby24-ruby-2.4.6-92.el6.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.6-92.el6.x86_64.rpm rh-ruby24-ruby-devel-2.4.6-92.el6.x86_64.rpm rh-ruby24-ruby-libs-2.4.6-92.el6.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.2-92.el6.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-92.el6.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-92.el6.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-92.el6.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-92.el6.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.9-92.el6.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-92.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ruby24-ruby-2.4.6-92.el7.src.rpm noarch: rh-ruby24-ruby-doc-2.4.6-92.el7.noarch.rpm rh-ruby24-ruby-irb-2.4.6-92.el7.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-92.el7.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-92.el7.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-92.el7.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-92.el7.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-92.el7.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-92.el7.noarch.rpm rh-ruby24-rubygems-2.6.14.4-92.el7.noarch.rpm rh-ruby24-rubygems-devel-2.6.14.4-92.el7.noarch.rpm x86_64: rh-ruby24-ruby-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-devel-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-libs-2.4.6-92.el7.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.2-92.el7.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-92.el7.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-92.el7.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-92.el7.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-92.el7.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.9-92.el7.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-92.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-ruby24-ruby-2.4.6-92.el7.src.rpm noarch: rh-ruby24-ruby-doc-2.4.6-92.el7.noarch.rpm rh-ruby24-ruby-irb-2.4.6-92.el7.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-92.el7.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-92.el7.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-92.el7.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-92.el7.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-92.el7.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-92.el7.noarch.rpm rh-ruby24-rubygems-2.6.14.4-92.el7.noarch.rpm rh-ruby24-rubygems-devel-2.6.14.4-92.el7.noarch.rpm x86_64: rh-ruby24-ruby-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-devel-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-libs-2.4.6-92.el7.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.2-92.el7.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-92.el7.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-92.el7.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-92.el7.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-92.el7.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.9-92.el7.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-92.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-ruby24-ruby-2.4.6-92.el7.src.rpm noarch: rh-ruby24-ruby-doc-2.4.6-92.el7.noarch.rpm rh-ruby24-ruby-irb-2.4.6-92.el7.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-92.el7.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-92.el7.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-92.el7.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-92.el7.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-92.el7.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-92.el7.noarch.rpm rh-ruby24-rubygems-2.6.14.4-92.el7.noarch.rpm rh-ruby24-rubygems-devel-2.6.14.4-92.el7.noarch.rpm x86_64: rh-ruby24-ruby-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-devel-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-libs-2.4.6-92.el7.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.2-92.el7.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-92.el7.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-92.el7.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-92.el7.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-92.el7.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.9-92.el7.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-92.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-ruby24-ruby-2.4.6-92.el7.src.rpm noarch: rh-ruby24-ruby-doc-2.4.6-92.el7.noarch.rpm rh-ruby24-ruby-irb-2.4.6-92.el7.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-92.el7.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-92.el7.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-92.el7.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-92.el7.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-92.el7.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-92.el7.noarch.rpm rh-ruby24-rubygems-2.6.14.4-92.el7.noarch.rpm rh-ruby24-rubygems-devel-2.6.14.4-92.el7.noarch.rpm x86_64: rh-ruby24-ruby-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-devel-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-libs-2.4.6-92.el7.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.2-92.el7.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-92.el7.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-92.el7.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-92.el7.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-92.el7.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.9-92.el7.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-92.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ruby24-ruby-2.4.6-92.el7.src.rpm noarch: rh-ruby24-ruby-doc-2.4.6-92.el7.noarch.rpm rh-ruby24-ruby-irb-2.4.6-92.el7.noarch.rpm rh-ruby24-rubygem-minitest-5.10.1-92.el7.noarch.rpm rh-ruby24-rubygem-power_assert-0.4.1-92.el7.noarch.rpm rh-ruby24-rubygem-rake-12.0.0-92.el7.noarch.rpm rh-ruby24-rubygem-rdoc-5.0.0-92.el7.noarch.rpm rh-ruby24-rubygem-test-unit-3.2.3-92.el7.noarch.rpm rh-ruby24-rubygem-xmlrpc-0.2.1-92.el7.noarch.rpm rh-ruby24-rubygems-2.6.14.4-92.el7.noarch.rpm rh-ruby24-rubygems-devel-2.6.14.4-92.el7.noarch.rpm x86_64: rh-ruby24-ruby-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-debuginfo-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-devel-2.4.6-92.el7.x86_64.rpm rh-ruby24-ruby-libs-2.4.6-92.el7.x86_64.rpm rh-ruby24-rubygem-bigdecimal-1.3.2-92.el7.x86_64.rpm rh-ruby24-rubygem-did_you_mean-1.1.0-92.el7.x86_64.rpm rh-ruby24-rubygem-io-console-0.4.6-92.el7.x86_64.rpm rh-ruby24-rubygem-json-2.0.4-92.el7.x86_64.rpm rh-ruby24-rubygem-net-telnet-0.1.1-92.el7.x86_64.rpm rh-ruby24-rubygem-openssl-2.0.9-92.el7.x86_64.rpm rh-ruby24-rubygem-psych-2.2.2-92.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-8320 https://access.redhat.com/security/cve/CVE-2019-8321 https://access.redhat.com/security/cve/CVE-2019-8322 https://access.redhat.com/security/cve/CVE-2019-8323 https://access.redhat.com/security/cve/CVE-2019-8324 https://access.redhat.com/security/cve/CVE-2019-8325 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXNk2ytzjgjWX9erEAQge8g/+PVFBKwqDHVMTTl71F/57/KGeEdtsanle srYZ6Y3OPBBxgHo1bAsDO38drnH/NsNfTpwq5TeI7Hw8YJ3M9uuVjTFN3RuDeS2L 34WEE7oP+NabX1QBS0Z40LSp1Bzitxmbc9B031+CQNkiaXrgYa/ysK7lYDpbD+jT rwsNQ2WMnS8BcCnA7t6/neJ55yzfFYGJ3QULiF1O/PA/OMJFy+K7GUHooiK231mF cns6wrbC9cRISTLvDuzv0EPwY89Wsg5lbfllMEl4FnIxcvQ9zz9UyaQeT8zUQk9w B6rYNf+mvweQ7P5s2Fa2H90BN/sZJQLi46MRZ0QSdEnwL51wPM9/awXkFnSzGG86 LoBhj1BdhpJ+qhsRkdELbXtciti+ybmY2oWJgvlqf7dqjYfxf6erfCR9X8eBJG50 kqAUUfRcaURbc4U4HC3PBGtqkyBeC6GpxkrAp4uaXASh9ZadlnNwa6iJ/5hu5wbF KjhoaEjjqEoTAd3Im/Lv+VPI93YkQror59mqeTkZqFt8+4VyyR2pNjRxAcg7fZqI /g/0s30QfhZ9ZBeXGa5tA0u303tEZU1PG5QZP8Atl1QrvvCdtXf/ePoMq2KJYAtP TNhXEOrEWhI+7UJL3N2I3sMrEtrTUadBjNkmQs53PKYyjCDMXT8EndjWqPPqo5ho s5xnZamp1Z8= =UHPv - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-ruby23-ruby security update Advisory ID: RHSA-2019:1151-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:1151 Issue date: 2019-05-13 CVE Names: CVE-2019-8324 ===================================================================== 1. Summary: An update for rh-ruby23-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1692520 - CVE-2019-8324 rubygems: Installing a malicious gem may lead to arbitrary code execution 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-ruby23-ruby-2.3.8-70.el6.src.rpm noarch: rh-ruby23-ruby-doc-2.3.8-70.el6.noarch.rpm rh-ruby23-ruby-irb-2.3.8-70.el6.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-70.el6.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-70.el6.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-70.el6.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-70.el6.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-70.el6.noarch.rpm rh-ruby23-rubygems-2.5.2.3-70.el6.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.3-70.el6.noarch.rpm x86_64: rh-ruby23-ruby-2.3.8-70.el6.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.8-70.el6.x86_64.rpm rh-ruby23-ruby-devel-2.3.8-70.el6.x86_64.rpm rh-ruby23-ruby-libs-2.3.8-70.el6.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.8-70.el6.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-70.el6.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-70.el6.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-70.el6.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-70.el6.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-70.el6.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-70.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-ruby23-ruby-2.3.8-70.el6.src.rpm noarch: rh-ruby23-ruby-doc-2.3.8-70.el6.noarch.rpm rh-ruby23-ruby-irb-2.3.8-70.el6.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-70.el6.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-70.el6.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-70.el6.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-70.el6.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-70.el6.noarch.rpm rh-ruby23-rubygems-2.5.2.3-70.el6.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.3-70.el6.noarch.rpm x86_64: rh-ruby23-ruby-2.3.8-70.el6.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.8-70.el6.x86_64.rpm rh-ruby23-ruby-devel-2.3.8-70.el6.x86_64.rpm rh-ruby23-ruby-libs-2.3.8-70.el6.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.8-70.el6.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-70.el6.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-70.el6.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-70.el6.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-70.el6.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-70.el6.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-70.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ruby23-ruby-2.3.8-70.el7.src.rpm noarch: rh-ruby23-ruby-doc-2.3.8-70.el7.noarch.rpm rh-ruby23-ruby-irb-2.3.8-70.el7.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-70.el7.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-70.el7.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-70.el7.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-70.el7.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-70.el7.noarch.rpm rh-ruby23-rubygems-2.5.2.3-70.el7.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.3-70.el7.noarch.rpm x86_64: rh-ruby23-ruby-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-devel-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-libs-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.8-70.el7.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-70.el7.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-70.el7.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-70.el7.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-70.el7.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-70.el7.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-70.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-ruby23-ruby-2.3.8-70.el7.src.rpm noarch: rh-ruby23-ruby-doc-2.3.8-70.el7.noarch.rpm rh-ruby23-ruby-irb-2.3.8-70.el7.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-70.el7.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-70.el7.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-70.el7.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-70.el7.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-70.el7.noarch.rpm rh-ruby23-rubygems-2.5.2.3-70.el7.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.3-70.el7.noarch.rpm x86_64: rh-ruby23-ruby-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-devel-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-libs-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.8-70.el7.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-70.el7.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-70.el7.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-70.el7.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-70.el7.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-70.el7.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-70.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-ruby23-ruby-2.3.8-70.el7.src.rpm noarch: rh-ruby23-ruby-doc-2.3.8-70.el7.noarch.rpm rh-ruby23-ruby-irb-2.3.8-70.el7.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-70.el7.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-70.el7.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-70.el7.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-70.el7.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-70.el7.noarch.rpm rh-ruby23-rubygems-2.5.2.3-70.el7.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.3-70.el7.noarch.rpm x86_64: rh-ruby23-ruby-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-devel-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-libs-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.8-70.el7.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-70.el7.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-70.el7.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-70.el7.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-70.el7.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-70.el7.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-70.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-ruby23-ruby-2.3.8-70.el7.src.rpm noarch: rh-ruby23-ruby-doc-2.3.8-70.el7.noarch.rpm rh-ruby23-ruby-irb-2.3.8-70.el7.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-70.el7.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-70.el7.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-70.el7.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-70.el7.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-70.el7.noarch.rpm rh-ruby23-rubygems-2.5.2.3-70.el7.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.3-70.el7.noarch.rpm x86_64: rh-ruby23-ruby-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-devel-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-libs-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.8-70.el7.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-70.el7.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-70.el7.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-70.el7.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-70.el7.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-70.el7.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-70.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ruby23-ruby-2.3.8-70.el7.src.rpm noarch: rh-ruby23-ruby-doc-2.3.8-70.el7.noarch.rpm rh-ruby23-ruby-irb-2.3.8-70.el7.noarch.rpm rh-ruby23-rubygem-minitest-5.8.5-70.el7.noarch.rpm rh-ruby23-rubygem-power_assert-0.2.6-70.el7.noarch.rpm rh-ruby23-rubygem-rake-10.4.2-70.el7.noarch.rpm rh-ruby23-rubygem-rdoc-4.2.1-70.el7.noarch.rpm rh-ruby23-rubygem-test-unit-3.1.5-70.el7.noarch.rpm rh-ruby23-rubygems-2.5.2.3-70.el7.noarch.rpm rh-ruby23-rubygems-devel-2.5.2.3-70.el7.noarch.rpm x86_64: rh-ruby23-ruby-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-debuginfo-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-devel-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-libs-2.3.8-70.el7.x86_64.rpm rh-ruby23-ruby-tcltk-2.3.8-70.el7.x86_64.rpm rh-ruby23-rubygem-bigdecimal-1.2.8-70.el7.x86_64.rpm rh-ruby23-rubygem-did_you_mean-1.0.0-70.el7.x86_64.rpm rh-ruby23-rubygem-io-console-0.4.5-70.el7.x86_64.rpm rh-ruby23-rubygem-json-1.8.3.1-70.el7.x86_64.rpm rh-ruby23-rubygem-net-telnet-0.1.1-70.el7.x86_64.rpm rh-ruby23-rubygem-psych-2.1.0.1-70.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-8324 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXNk3uNzjgjWX9erEAQjgOQ//VlbUEjZvvA34285+uiYA/nr/hwHy2DRI zoZ9rHLCEG8ir+fGChKRfQ5G368KGLanzJOCbOuUAlTETiYprMPytOmDpz9y0CvJ rbVJJmgieaYdaxocTrIi5TP2aBrDKa4lS66/u0s5TIMKWkyXzEBFfuX6BqPebnGO HM6Em/jhG86yDQD0VDpsI0RUBpmTO9fvBYA6DqPpJwA6U/ak739LdkwZvKQadscU bi5sIp7OofxSvw5sinJ/ZE8u7x/jACuNEyfm9rgqr71vuMLJlfoBxvDxwoKC0oXh WqwUP0DGhj8xcDGil6Bv2AIqX3/d4co+bQn7nNrkNwGx1HlAPckdooJL3cqJA2ST 0vCTERdfQPzhIY28c8EXLZc4Yt9hXE8zLUBift3MZux3JVXAH/IWuKiXOS1QSnYS 9jco8/uLFsWmQMa/Ppi8P2Y03AgjlTGTwlBYlhMD1/iw69tuY3ZKMFq3IwvPZ+6H v40xSbhEjZnA0m2Y7sPuXSATghlzju2sHqVjHZNw1z11KeyMaDpse3dN5Dwd4SH+ sE5w0QOZMSR1NlFhVaIzj1zCa4WckgFR3fe/TTwhyUjGt3oX0UWdyXSX6BzcR+Gb 73qkOEa0OEKpkg4mztq/IU9kR6UKXcrhTiPk+a0D16gFPXutc2qqwpux1M8kMKpI Qu1uqW4aSxI= =jZ92 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXNoSE2aOgq3Tt24GAQj7XQ/+OahmXwynBamYVn7fV4SUHCKAy23JMhF7 Z54OEiegMf5BuYpcCzC7klYzNzjur6GJqD74JpfUFl1TYJP2snOikFNlgb7FM6lf h5P/+EL/erHZMkdIWDpA46SLu0O+7vb4T/XqQRj1uC8jyXzIk0lRYoq6c70vqAl6 0mqIcrlH9oCpdeaKfCzgZzykOn+M8iKRnowe6QT+j/7qyYpe0kvljtAPK76h0zuU TpSmxMO4Rqgq/RpddertFU+ZI5ImWiqo68I+tqhnG/Tng9ogyTrVYJkkiwSCoRSJ fIoffOXY1lMmZef3prBNtrmHxmWf4xa00rZ9d4jIXfHDEqFSh8COipVUSjTRQZMp AAlKcMVgdZKdlTeoXra4DuWO+yRmB2BpyBJXc9b0StceLKNrVYppDQD4Hys0gzXP Oc9wEbQOMhRje7DPIOIL05gi/VpZ129M+z0F5isWAjPrbXesYAiT7dPZ3QOo2JgQ l60ccvQoIxa+iQdEQ9jvEldn7wSodcRNfj/K0EcJD3MJhQp+N8zR3yYDREuUdedo X+1M1qv09a5694TKOOhoBv0fqhgNiK4pbuWC6bJ17DEk1Qq8/CCbIURiEMs9P2mC eZVw1gO8xKAlUOadIGEBPKGYGnwt9O/pBvPv4rodvn+lmDJDEKeZ4lfTsZyx7OzU 2JziyXKbhWE= =/Ij2 -----END PGP SIGNATURE-----