9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.895 High
EPSS
Percentile
98.8%
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: rh-ruby22-ruby (2.2.9), rh-ruby22-rubygems (2.4.5.4), rh-ruby22-rubygem-psych (2.0.8.1), rh-ruby22-rubygem-json (1.8.1.1). (BZ#1549646)
Security Fix(es):
ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405)
ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898)
rubygems: Arbitrary file overwrite due to incorrect validation of specification name (CVE-2017-0901)
rubygems: DNS hijacking vulnerability (CVE-2017-0902)
rubygems: Unsafe object deserialization through YAML formatted gem specifications (CVE-2017-0903)
ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick (CVE-2017-10784)
ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033)
ruby: DL::dlopen could open a library with tainted library name (CVE-2009-5147, CVE-2015-7551)
rubygems: Escape sequence in the “summary” field of gemspec (CVE-2017-0899)
rubygems: No size limit in summary length of gem spec (CVE-2017-0900)
ruby: Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064)
ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution (CVE-2017-17790)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.895 High
EPSS
Percentile
98.8%