(RHSA-2019:1948) Important: ruby security update

2019-07-3008:23:28

access.redhat.com

114

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

82.8%

JSON

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

ruby: OpenSSL::X509::Name equality check does not work correctly (CVE-2018-16395)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64rubygem-bigdecimal< 1.2.0-34.el7_4rubygem-bigdecimal-1.2.0-34.el7_4.x86_64.rpm
RedHat7x86_64ruby< 2.0.0.648-34.el7_4ruby-2.0.0.648-34.el7_4.x86_64.rpm
RedHat7noarchrubygem-minitest< 4.3.2-34.el7_4rubygem-minitest-4.3.2-34.el7_4.noarch.rpm
RedHat7x86_64ruby-libs< 2.0.0.648-34.el7_4ruby-libs-2.0.0.648-34.el7_4.x86_64.rpm
RedHat7x86_64ruby-devel< 2.0.0.648-34.el7_4ruby-devel-2.0.0.648-34.el7_4.x86_64.rpm
RedHat7s390xruby-tcltk< 2.0.0.648-34.el7_4ruby-tcltk-2.0.0.648-34.el7_4.s390x.rpm
RedHat7ppc64leruby< 2.0.0.648-34.el7_4ruby-2.0.0.648-34.el7_4.ppc64le.rpm
RedHat7s390xruby-devel< 2.0.0.648-34.el7_4ruby-devel-2.0.0.648-34.el7_4.s390x.rpm
RedHat7s390xrubygem-json< 1.7.7-34.el7_4rubygem-json-1.7.7-34.el7_4.s390x.rpm
RedHat7ppc64ruby-debuginfo< 2.0.0.648-34.el7_4ruby-debuginfo-2.0.0.648-34.el7_4.ppc64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	rubygem-bigdecimal	< 1.2.0-34.el7_4	rubygem-bigdecimal-1.2.0-34.el7_4.x86_64.rpm
RedHat	7	x86_64	ruby	< 2.0.0.648-34.el7_4	ruby-2.0.0.648-34.el7_4.x86_64.rpm
RedHat	7	noarch	rubygem-minitest	< 4.3.2-34.el7_4	rubygem-minitest-4.3.2-34.el7_4.noarch.rpm
RedHat	7	x86_64	ruby-libs	< 2.0.0.648-34.el7_4	ruby-libs-2.0.0.648-34.el7_4.x86_64.rpm
RedHat	7	x86_64	ruby-devel	< 2.0.0.648-34.el7_4	ruby-devel-2.0.0.648-34.el7_4.x86_64.rpm
RedHat	7	s390x	ruby-tcltk	< 2.0.0.648-34.el7_4	ruby-tcltk-2.0.0.648-34.el7_4.s390x.rpm
RedHat	7	ppc64le	ruby	< 2.0.0.648-34.el7_4	ruby-2.0.0.648-34.el7_4.ppc64le.rpm
RedHat	7	s390x	ruby-devel	< 2.0.0.648-34.el7_4	ruby-devel-2.0.0.648-34.el7_4.s390x.rpm
RedHat	7	s390x	rubygem-json	< 1.7.7-34.el7_4	rubygem-json-1.7.7-34.el7_4.s390x.rpm
RedHat	7	ppc64	ruby-debuginfo	< 2.0.0.648-34.el7_4	ruby-debuginfo-2.0.0.648-34.el7_4.ppc64.rpm