Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.6133 Ruby 2.7.7 Released 25 November 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Ruby Publisher: Ruby Operating System: UNIX variants (UNIX, Linux, OSX) Windows Resolution: Patch/Upgrade CVE Names: CVE-2021-33621 Original Bulletin: https://www.ruby-lang.org/en/news/2022/11/24/ruby-2-7-7-released/ Comment: CVSS (Max): 8.8 CVE-2021-33621 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- Ruby 2.7.7 Released Posted by usa on 24 Nov 2022 Ruby 2.7.7 has been released. This release includes a security fix. Please check the topics below for details. o CVE-2021-33621: HTTP response splitting in CGI This release also includes some build problem fixes. They are not considered to affect compatibility with previous versions. See the commit logs for further details. Download o https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.7.tar.bz2 SIZE: 14850886 SHA1: dfcd86b459a9d4bbdf2d4eb82ad3476cb9820892 SHA256: cf800820c9e69cdd31a8cdab920391f74ed935db2397a905afabd48961913658 SHA512: 24cc772ac1b56d3bb423f1b33716f221bf534f3717a506bf8235a698f8a454db7d79d94ae9a84067153c2f737b3f8f6085f34e36cc04be0d75ae2fdd57718870 o https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.7.tar.gz SIZE: 16947579 SHA1: a038ab04e9d6dff7f9e7187b65497b29d4400597 SHA256: e10127db691d7ff36402cfe88f418c8d025a3f1eea92044b162dd72f0b8c7b90 SHA512: 7e6259f0e7a5687d12fded914dcb93e283e956022be40ef8fc6a27f66be14e057d8101b05c7b042b43fc24e3b5c4092d1675917a814d74b08adb63a3388baed2 o https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.7.tar.xz SIZE: 12101804 SHA1: 28e2b97728bf89f64a1b787821660d5412657057 SHA256: b38dff2e1f8ce6e5b7d433f8758752987a6b2adfd9bc7571dbc42ea5d04e3e4c SHA512: a19be3f0dfce040fe79f439e606f179d6750d2cc6e7b64fd65933edd487f5995573f7d0730beec9d3edadf942f8e9216f01ab3fff189d6cbe9d46a9add3e2683 o https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.7.zip SIZE: 20730295 SHA1: bf41b294f428a4f8a38894f8fa613dd6f889c317 SHA256: 7b48a8411bb79a06e9edbbb7380bd82527697b7d8f62840b985111003317bae0 SHA512: 90dabc0fcedc25e3e46d5e9f2dff01c56e142c2e71b95c4c5f4da056f1e47cb320ef8b949282fd9594869e91cd76eab27ad70061be6c26b0d0d8837ae0fb8309 Release Comment Many committers, developers, and users who provided bug reports helped us make this release. Thanks for their contributions. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY4ANBskNZI30y1K9AQhSwxAAhLeYlnJWWLGW1+Y8stCqvfoeAMpjUOVa Bejo09cl5yOiDoONj23+D5RSUCZpY06fYCZ1MRFWNRY3n3ZGyOK3rpqthYUIOvs9 e/j6DvFffdJr8D/wVodQkmKBeABZgCtkcNFmtK6VG9aeIT98U1ETq89T+TJy434Z pPYg6mYJcoZD/z8hsIjMR4IQspBzeO126LUdiL/n3HzNay8LRs4f6sn/FRjPtrZU altTKbgl70Evhk+XOO/jFw/WXOnFRXM2MSeiWhFJ/zCfnm7M5fGm8rFzoe8p9WkW uveS0c6kc4m/bBwHndf71BOaf2nOKJkYkqnb3YtJLdjCODqEvcgXOdMPEzntwymC yInk5RWiPj+ounNtuDitIKI3WhXC4gPkNo8RnX9Q0HXt+suSubBj7c6uHptzTMYh DxLjdEgVhjDUBqKNAP9YsOhJPpqF0+XMpOwlIsKKAyUDVfqFXrLgGjZgecQq3I/s xhNfIlEa7xKTEmcDHjlRGu5S4uuZ4yOoELID+QZj3WfTe55uG2575+rkWRB7cdFK 6w4c7/oBdfe9oS0sj/NX5g1Xid5AVm2rS5hLJJAMiwld5jZjormC5j6zcJtwUleR FCmWLfcgbEldz9HN0zAeo6zTYtgqi/ubWGjMx4KRAZbRfb4TxORXqoROppK6WtM1 0c/0F5IB07k= =VxNu -----END PGP SIGNATURE-----