Important: ruby:2.5 security update

2019-07-3011:16:25

errata.almalinux.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.5%

JSON

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8noarchrubygem-abrt-doc< 0.3.0-4.module_el8.5.0+2623+08a8ba32rubygem-abrt-doc-0.3.0-4.module_el8.5.0+2623+08a8ba32.noarch.rpm
almalinux8aarch64rubygem-bson< 4.3.0-2.module_el8.5.0+2625+ec418553rubygem-bson-4.3.0-2.module_el8.5.0+2625+ec418553.aarch64.rpm
almalinux8noarchrubygem-pg-doc< 1.0.0-2.module_el8.5.0+2625+ec418553rubygem-pg-doc-1.0.0-2.module_el8.5.0+2625+ec418553.noarch.rpm
almalinux8noarchrubygem-bson-doc< 4.3.0-2.module_el8.5.0+2625+ec418553rubygem-bson-doc-4.3.0-2.module_el8.5.0+2625+ec418553.noarch.rpm
almalinux8noarchrubygem-mysql2-doc< 0.4.10-4.module_el8.5.0+2625+ec418553rubygem-mysql2-doc-0.4.10-4.module_el8.5.0+2625+ec418553.noarch.rpm
almalinux8aarch64rubygem-pg< 1.0.0-2.module_el8.5.0+2625+ec418553rubygem-pg-1.0.0-2.module_el8.5.0+2625+ec418553.aarch64.rpm
almalinux8noarchrubygem-mongo-doc< 2.5.1-2.module_el8.5.0+2625+ec418553rubygem-mongo-doc-2.5.1-2.module_el8.5.0+2625+ec418553.noarch.rpm
almalinux8aarch64rubygem-mysql2< 0.4.10-4.module_el8.5.0+2625+ec418553rubygem-mysql2-0.4.10-4.module_el8.5.0+2625+ec418553.aarch64.rpm
almalinux8noarchrubygem-abrt< 0.3.0-4.module_el8.5.0+2623+08a8ba32rubygem-abrt-0.3.0-4.module_el8.5.0+2623+08a8ba32.noarch.rpm
almalinux8noarchrubygem-mongo< 2.5.1-2.module_el8.5.0+2625+ec418553rubygem-mongo-2.5.1-2.module_el8.5.0+2625+ec418553.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	noarch	rubygem-abrt-doc	< 0.3.0-4.module_el8.5.0+2623+08a8ba32	rubygem-abrt-doc-0.3.0-4.module_el8.5.0+2623+08a8ba32.noarch.rpm
almalinux	8	aarch64	rubygem-bson	< 4.3.0-2.module_el8.5.0+2625+ec418553	rubygem-bson-4.3.0-2.module_el8.5.0+2625+ec418553.aarch64.rpm
almalinux	8	noarch	rubygem-pg-doc	< 1.0.0-2.module_el8.5.0+2625+ec418553	rubygem-pg-doc-1.0.0-2.module_el8.5.0+2625+ec418553.noarch.rpm
almalinux	8	noarch	rubygem-bson-doc	< 4.3.0-2.module_el8.5.0+2625+ec418553	rubygem-bson-doc-4.3.0-2.module_el8.5.0+2625+ec418553.noarch.rpm
almalinux	8	noarch	rubygem-mysql2-doc	< 0.4.10-4.module_el8.5.0+2625+ec418553	rubygem-mysql2-doc-0.4.10-4.module_el8.5.0+2625+ec418553.noarch.rpm
almalinux	8	aarch64	rubygem-pg	< 1.0.0-2.module_el8.5.0+2625+ec418553	rubygem-pg-1.0.0-2.module_el8.5.0+2625+ec418553.aarch64.rpm
almalinux	8	noarch	rubygem-mongo-doc	< 2.5.1-2.module_el8.5.0+2625+ec418553	rubygem-mongo-doc-2.5.1-2.module_el8.5.0+2625+ec418553.noarch.rpm
almalinux	8	aarch64	rubygem-mysql2	< 0.4.10-4.module_el8.5.0+2625+ec418553	rubygem-mysql2-0.4.10-4.module_el8.5.0+2625+ec418553.aarch64.rpm
almalinux	8	noarch	rubygem-abrt	< 0.3.0-4.module_el8.5.0+2623+08a8ba32	rubygem-abrt-0.3.0-4.module_el8.5.0+2623+08a8ba32.noarch.rpm
almalinux	8	noarch	rubygem-mongo	< 2.5.1-2.module_el8.5.0+2625+ec418553	rubygem-mongo-2.5.1-2.module_el8.5.0+2625+ec418553.noarch.rpm