Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.6133
Ruby 2.7.7 Released
25 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Ruby
Publisher: Ruby
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Resolution: Patch/Upgrade
CVE Names: CVE-2021-33621
Original Bulletin:
https://www.ruby-lang.org/en/news/2022/11/24/ruby-2-7-7-released/
Comment: CVSS (Max): 8.8 CVE-2021-33621 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Ruby 2.7.7 Released
Posted by usa on 24 Nov 2022
Ruby 2.7.7 has been released.
This release includes a security fix. Please check the topics below for
details.
o CVE-2021-33621: HTTP response splitting in CGI
This release also includes some build problem fixes. They are not considered to
affect compatibility with previous versions. See the commit logs for further
details.
Download
o https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.7.tar.bz2
SIZE: 14850886
SHA1: dfcd86b459a9d4bbdf2d4eb82ad3476cb9820892
SHA256: cf800820c9e69cdd31a8cdab920391f74ed935db2397a905afabd48961913658
SHA512: 24cc772ac1b56d3bb423f1b33716f221bf534f3717a506bf8235a698f8a454db7d79d94ae9a84067153c2f737b3f8f6085f34e36cc04be0d75ae2fdd57718870
o https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.7.tar.gz
SIZE: 16947579
SHA1: a038ab04e9d6dff7f9e7187b65497b29d4400597
SHA256: e10127db691d7ff36402cfe88f418c8d025a3f1eea92044b162dd72f0b8c7b90
SHA512: 7e6259f0e7a5687d12fded914dcb93e283e956022be40ef8fc6a27f66be14e057d8101b05c7b042b43fc24e3b5c4092d1675917a814d74b08adb63a3388baed2
o https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.7.tar.xz
SIZE: 12101804
SHA1: 28e2b97728bf89f64a1b787821660d5412657057
SHA256: b38dff2e1f8ce6e5b7d433f8758752987a6b2adfd9bc7571dbc42ea5d04e3e4c
SHA512: a19be3f0dfce040fe79f439e606f179d6750d2cc6e7b64fd65933edd487f5995573f7d0730beec9d3edadf942f8e9216f01ab3fff189d6cbe9d46a9add3e2683
o https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.7.zip
SIZE: 20730295
SHA1: bf41b294f428a4f8a38894f8fa613dd6f889c317
SHA256: 7b48a8411bb79a06e9edbbb7380bd82527697b7d8f62840b985111003317bae0
SHA512: 90dabc0fcedc25e3e46d5e9f2dff01c56e142c2e71b95c4c5f4da056f1e47cb320ef8b949282fd9594869e91cd76eab27ad70061be6c26b0d0d8837ae0fb8309
Release Comment
Many committers, developers, and users who provided bug reports helped us make
this release. Thanks for their contributions.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY4ANBskNZI30y1K9AQhSwxAAhLeYlnJWWLGW1+Y8stCqvfoeAMpjUOVa
Bejo09cl5yOiDoONj23+D5RSUCZpY06fYCZ1MRFWNRY3n3ZGyOK3rpqthYUIOvs9
e/j6DvFffdJr8D/wVodQkmKBeABZgCtkcNFmtK6VG9aeIT98U1ETq89T+TJy434Z
pPYg6mYJcoZD/z8hsIjMR4IQspBzeO126LUdiL/n3HzNay8LRs4f6sn/FRjPtrZU
altTKbgl70Evhk+XOO/jFw/WXOnFRXM2MSeiWhFJ/zCfnm7M5fGm8rFzoe8p9WkW
uveS0c6kc4m/bBwHndf71BOaf2nOKJkYkqnb3YtJLdjCODqEvcgXOdMPEzntwymC
yInk5RWiPj+ounNtuDitIKI3WhXC4gPkNo8RnX9Q0HXt+suSubBj7c6uHptzTMYh
DxLjdEgVhjDUBqKNAP9YsOhJPpqF0+XMpOwlIsKKAyUDVfqFXrLgGjZgecQq3I/s
xhNfIlEa7xKTEmcDHjlRGu5S4uuZ4yOoELID+QZj3WfTe55uG2575+rkWRB7cdFK
6w4c7/oBdfe9oS0sj/NX5g1Xid5AVm2rS5hLJJAMiwld5jZjormC5j6zcJtwUleR
FCmWLfcgbEldz9HN0zAeo6zTYtgqi/ubWGjMx4KRAZbRfb4TxORXqoROppK6WtM1
0c/0F5IB07k=
=VxNu
-----END PGP SIGNATURE-----