Headline
RHSA-2022:0708: Red Hat Security Advisory: rh-ruby26-ruby security, bug fix, and enhancement update
An update for rh-ruby26-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2020-36327: rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source
- CVE-2021-31799: rubygem-rdoc: Command injection vulnerability in RDoc
- CVE-2021-31810: ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host
- CVE-2021-32066: ruby: StartTLS stripping vulnerability in Net::IMAP
- CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods
- CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse
Synopsis
Important: rh-ruby26-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for rh-ruby26-ruby is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: rh-ruby26-ruby (2.6.9). (BZ#2056947)
Security Fix(es):
- rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327)
- rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799)
- ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810)
- ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)
- ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)
- ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
Fixes
- BZ - 1958999 - CVE-2020-36327 rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source
- BZ - 1980126 - CVE-2021-31810 ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host
- BZ - 1980128 - CVE-2021-32066 ruby: StartTLS stripping vulnerability in Net::IMAP
- BZ - 1980132 - CVE-2021-31799 rubygem-rdoc: Command injection vulnerability in RDoc
- BZ - 2025104 - CVE-2021-41817 ruby: Regular expression denial of service vulnerability of Date parsing methods
- BZ - 2026757 - CVE-2021-41819 ruby: Cookie prefix spoofing in CGI::Cookie.parse
CVEs
- CVE-2020-36327
- CVE-2021-31799
- CVE-2021-31810
- CVE-2021-32066
- CVE-2021-41817
- CVE-2021-41819
References
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/articles/6206172
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
SRPM
rh-ruby26-ruby-2.6.9-120.el7.src.rpm
SHA-256: ac7966e13657e0c71c8801781f24173f2d0733093579264fedabbfcbe54198dd
x86_64
rh-ruby26-ruby-2.6.9-120.el7.x86_64.rpm
SHA-256: 8bb40c1a359dd2abc08895cf16b1837c0e3994a3015dbbbed8927ae3ef81f9d7
rh-ruby26-ruby-debuginfo-2.6.9-120.el7.x86_64.rpm
SHA-256: a56ff30036e58b1bc0c78960e56f2a8ee82e01e0676fc10403384cecaa1cea63
rh-ruby26-ruby-devel-2.6.9-120.el7.x86_64.rpm
SHA-256: ed3d805debb26b7718764ccb7517da9ee7ad359c7de93d861fdc7da453f277b1
rh-ruby26-ruby-doc-2.6.9-120.el7.noarch.rpm
SHA-256: 6f53544e9a7f951a96b5d799d1f4b83ff9ae2807f9cd8d9926f64e71694c7445
rh-ruby26-ruby-libs-2.6.9-120.el7.x86_64.rpm
SHA-256: a1c34272b8b0432208bafc0ec1b28219717c0a7e5719360ece483430d5c770a0
rh-ruby26-rubygem-bigdecimal-1.4.1-120.el7.x86_64.rpm
SHA-256: 01f49c15cf52827d0f1da63dec6934949838fedeb7bd306f623ef48672303be3
rh-ruby26-rubygem-bundler-1.17.2-120.el7.noarch.rpm
SHA-256: 3fdf77a044d2c56fa835ac7268498dcb13ac9820c8d31ace8eb8b5992dafe183
rh-ruby26-rubygem-did_you_mean-1.3.0-120.el7.noarch.rpm
SHA-256: db8cdb8ffcd7a7f14d963415d1510792d49aefcee85880ac875ce025d50af382
rh-ruby26-rubygem-io-console-0.4.7-120.el7.x86_64.rpm
SHA-256: 8153de85eccc407680aca82e4bb03dc9b6ce87aee8b03cd9b4c0340a6dfe7811
rh-ruby26-rubygem-irb-1.0.0-120.el7.noarch.rpm
SHA-256: 971f106946ecfcfffbe5e064cb986384b509bb17a2029eeef0a92e3593ae5682
rh-ruby26-rubygem-json-2.1.0-120.el7.x86_64.rpm
SHA-256: 9d9d40cb3d9a4dc7bd0662ee0c6b28d5570f9ba1658c5ca281a58c2288338664
rh-ruby26-rubygem-minitest-5.11.3-120.el7.noarch.rpm
SHA-256: e6b36dcfb6ac52771701595d28bb4fe5821de894476dd28bb232caca4875fca0
rh-ruby26-rubygem-net-telnet-0.2.0-120.el7.noarch.rpm
SHA-256: 1abb3b798956d529a1ffe25eea8cd0ebeb3a752bdb39067a8202346d71321db1
rh-ruby26-rubygem-openssl-2.1.2-120.el7.x86_64.rpm
SHA-256: 25fe614e0f6e1213e354c8248d6b6cef1b9d8881653fb1f2b17deb8f7a03edeb
rh-ruby26-rubygem-power_assert-1.1.3-120.el7.noarch.rpm
SHA-256: 742d860cb402b246495913e43eebbb2739e9fe0bd9722f9a2b4cbbe2699dcdc5
rh-ruby26-rubygem-psych-3.1.0-120.el7.x86_64.rpm
SHA-256: 68d4b20662badb88ba7c9a62de5e6348ab3ae9c45935bcc6325182d7eb110073
rh-ruby26-rubygem-rake-12.3.3-120.el7.noarch.rpm
SHA-256: 602a6850c66b66fb29b1a781d65a34a6bf0e310c4cdd423d0f3bf07cf8d408d6
rh-ruby26-rubygem-rdoc-6.1.2.1-120.el7.noarch.rpm
SHA-256: 03a70c7bd082e4e902c24f33a857e9d7cb9aeb395e9107e7e57333462cbbde2b
rh-ruby26-rubygem-test-unit-3.2.9-120.el7.noarch.rpm
SHA-256: 4d1a9520a8aa3c6cce13f2ce7672a73b0236edf1107621d14f2c5f3acf60effd
rh-ruby26-rubygem-xmlrpc-0.3.0-120.el7.noarch.rpm
SHA-256: 157e89e039b2497212ca363eb25f79bf2657acf93f6d4d299d45cebbcb817110
rh-ruby26-rubygems-3.0.3.1-120.el7.noarch.rpm
SHA-256: 782c637f117fb9e89889e1c8551f752b003d0f9988d2e2c12db3d88d2973a99a
rh-ruby26-rubygems-devel-3.0.3.1-120.el7.noarch.rpm
SHA-256: 1a2cf2143dfc057f7f9234f30d4098fc7681078dbb05cba9f0dd639b2007a3be
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7
SRPM
rh-ruby26-ruby-2.6.9-120.el7.src.rpm
SHA-256: ac7966e13657e0c71c8801781f24173f2d0733093579264fedabbfcbe54198dd
s390x
rh-ruby26-ruby-2.6.9-120.el7.s390x.rpm
SHA-256: 07cb2c04f0c2d18cce3001224efe0f9b22a71b5ddabd2c63a39070eb6f66a366
rh-ruby26-ruby-debuginfo-2.6.9-120.el7.s390x.rpm
SHA-256: e4018f3c5ae70bba991c75f8a3f4f1a1e515f37d23e7de8271e4b26afa9d74b4
rh-ruby26-ruby-devel-2.6.9-120.el7.s390x.rpm
SHA-256: 8bae1e9a5298f1300de75b5f23576e6a25469c479fd0d3b035cf0395a41e8f24
rh-ruby26-ruby-doc-2.6.9-120.el7.noarch.rpm
SHA-256: 6f53544e9a7f951a96b5d799d1f4b83ff9ae2807f9cd8d9926f64e71694c7445
rh-ruby26-ruby-libs-2.6.9-120.el7.s390x.rpm
SHA-256: e5c88f5629518cc7f3fdcb53010f9ad4388ad8c383e162b4d0419510aae837da
rh-ruby26-rubygem-bigdecimal-1.4.1-120.el7.s390x.rpm
SHA-256: d2c17a62de8b0a34015ba1aeb7f6aff3f4d02e473b8f831482936dfe4d9ef7e2
rh-ruby26-rubygem-bundler-1.17.2-120.el7.noarch.rpm
SHA-256: 3fdf77a044d2c56fa835ac7268498dcb13ac9820c8d31ace8eb8b5992dafe183
rh-ruby26-rubygem-did_you_mean-1.3.0-120.el7.noarch.rpm
SHA-256: db8cdb8ffcd7a7f14d963415d1510792d49aefcee85880ac875ce025d50af382
rh-ruby26-rubygem-io-console-0.4.7-120.el7.s390x.rpm
SHA-256: 6a6dac874dc63a02e1d10e319145c4b5880bb12171a76496c6691fe9cdb15590
rh-ruby26-rubygem-irb-1.0.0-120.el7.noarch.rpm
SHA-256: 971f106946ecfcfffbe5e064cb986384b509bb17a2029eeef0a92e3593ae5682
rh-ruby26-rubygem-json-2.1.0-120.el7.s390x.rpm
SHA-256: 3c231a2bed27775fc23e77cd2d8675fcac111a58a66d35d91c2f59dd9c92068e
rh-ruby26-rubygem-minitest-5.11.3-120.el7.noarch.rpm
SHA-256: e6b36dcfb6ac52771701595d28bb4fe5821de894476dd28bb232caca4875fca0
rh-ruby26-rubygem-net-telnet-0.2.0-120.el7.noarch.rpm
SHA-256: 1abb3b798956d529a1ffe25eea8cd0ebeb3a752bdb39067a8202346d71321db1
rh-ruby26-rubygem-openssl-2.1.2-120.el7.s390x.rpm
SHA-256: 653cfa964d44023fb0bb994431f511804cf1cf30c392bc4f9cb3200d0240db2a
rh-ruby26-rubygem-power_assert-1.1.3-120.el7.noarch.rpm
SHA-256: 742d860cb402b246495913e43eebbb2739e9fe0bd9722f9a2b4cbbe2699dcdc5
rh-ruby26-rubygem-psych-3.1.0-120.el7.s390x.rpm
SHA-256: 965d61b9ef257846d4a1ae1eed0f5b8ac059327dc33063b58b2ffb4c949d2954
rh-ruby26-rubygem-rake-12.3.3-120.el7.noarch.rpm
SHA-256: 602a6850c66b66fb29b1a781d65a34a6bf0e310c4cdd423d0f3bf07cf8d408d6
rh-ruby26-rubygem-rdoc-6.1.2.1-120.el7.noarch.rpm
SHA-256: 03a70c7bd082e4e902c24f33a857e9d7cb9aeb395e9107e7e57333462cbbde2b
rh-ruby26-rubygem-test-unit-3.2.9-120.el7.noarch.rpm
SHA-256: 4d1a9520a8aa3c6cce13f2ce7672a73b0236edf1107621d14f2c5f3acf60effd
rh-ruby26-rubygem-xmlrpc-0.3.0-120.el7.noarch.rpm
SHA-256: 157e89e039b2497212ca363eb25f79bf2657acf93f6d4d299d45cebbcb817110
rh-ruby26-rubygems-3.0.3.1-120.el7.noarch.rpm
SHA-256: 782c637f117fb9e89889e1c8551f752b003d0f9988d2e2c12db3d88d2973a99a
rh-ruby26-rubygems-devel-3.0.3.1-120.el7.noarch.rpm
SHA-256: 1a2cf2143dfc057f7f9234f30d4098fc7681078dbb05cba9f0dd639b2007a3be
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7
SRPM
rh-ruby26-ruby-2.6.9-120.el7.src.rpm
SHA-256: ac7966e13657e0c71c8801781f24173f2d0733093579264fedabbfcbe54198dd
ppc64le
rh-ruby26-ruby-2.6.9-120.el7.ppc64le.rpm
SHA-256: 667115f30958979de07f4aa2192ce48835757a71d7ee0e2ed20e9b11c94168d3
rh-ruby26-ruby-debuginfo-2.6.9-120.el7.ppc64le.rpm
SHA-256: 25e6f35c6a5cecac4f38234b643818d5803b2f86bf4a5e48cb38926bd1a80b5d
rh-ruby26-ruby-devel-2.6.9-120.el7.ppc64le.rpm
SHA-256: 6553f717993869162f47d46123c28b18e01cd2334a53e15b0cd71ab4b919b690
rh-ruby26-ruby-doc-2.6.9-120.el7.noarch.rpm
SHA-256: 6f53544e9a7f951a96b5d799d1f4b83ff9ae2807f9cd8d9926f64e71694c7445
rh-ruby26-ruby-libs-2.6.9-120.el7.ppc64le.rpm
SHA-256: 5c57a49333704613a853a4c710735c79a9a339b4b8f3e95edf183e6848967e19
rh-ruby26-rubygem-bigdecimal-1.4.1-120.el7.ppc64le.rpm
SHA-256: 1a3cebb4f9c749577ce6095406a97c832ee2fdf78fb9c607872d0ab61749e55c
rh-ruby26-rubygem-bundler-1.17.2-120.el7.noarch.rpm
SHA-256: 3fdf77a044d2c56fa835ac7268498dcb13ac9820c8d31ace8eb8b5992dafe183
rh-ruby26-rubygem-did_you_mean-1.3.0-120.el7.noarch.rpm
SHA-256: db8cdb8ffcd7a7f14d963415d1510792d49aefcee85880ac875ce025d50af382
rh-ruby26-rubygem-io-console-0.4.7-120.el7.ppc64le.rpm
SHA-256: c94ad1f3cdcba6372a133886f5a8bc3cd718d8342e1e39f909fca9cc95586185
rh-ruby26-rubygem-irb-1.0.0-120.el7.noarch.rpm
SHA-256: 971f106946ecfcfffbe5e064cb986384b509bb17a2029eeef0a92e3593ae5682
rh-ruby26-rubygem-json-2.1.0-120.el7.ppc64le.rpm
SHA-256: c0e5bfa633efbb0cd455601d13f6f9543686143c40081c07b2d7706c6a808f41
rh-ruby26-rubygem-minitest-5.11.3-120.el7.noarch.rpm
SHA-256: e6b36dcfb6ac52771701595d28bb4fe5821de894476dd28bb232caca4875fca0
rh-ruby26-rubygem-net-telnet-0.2.0-120.el7.noarch.rpm
SHA-256: 1abb3b798956d529a1ffe25eea8cd0ebeb3a752bdb39067a8202346d71321db1
rh-ruby26-rubygem-openssl-2.1.2-120.el7.ppc64le.rpm
SHA-256: 69f7d7c9b6d89c944f7f7f1417b892e41bef26282761974a11b6cf2e5e0f506a
rh-ruby26-rubygem-power_assert-1.1.3-120.el7.noarch.rpm
SHA-256: 742d860cb402b246495913e43eebbb2739e9fe0bd9722f9a2b4cbbe2699dcdc5
rh-ruby26-rubygem-psych-3.1.0-120.el7.ppc64le.rpm
SHA-256: 093fe49fbfcfdc8a72b2df982691e4cfdc1d143e7e0627862ff8e23a159c55a2
rh-ruby26-rubygem-rake-12.3.3-120.el7.noarch.rpm
SHA-256: 602a6850c66b66fb29b1a781d65a34a6bf0e310c4cdd423d0f3bf07cf8d408d6
rh-ruby26-rubygem-rdoc-6.1.2.1-120.el7.noarch.rpm
SHA-256: 03a70c7bd082e4e902c24f33a857e9d7cb9aeb395e9107e7e57333462cbbde2b
rh-ruby26-rubygem-test-unit-3.2.9-120.el7.noarch.rpm
SHA-256: 4d1a9520a8aa3c6cce13f2ce7672a73b0236edf1107621d14f2c5f3acf60effd
rh-ruby26-rubygem-xmlrpc-0.3.0-120.el7.noarch.rpm
SHA-256: 157e89e039b2497212ca363eb25f79bf2657acf93f6d4d299d45cebbcb817110
rh-ruby26-rubygems-3.0.3.1-120.el7.noarch.rpm
SHA-256: 782c637f117fb9e89889e1c8551f752b003d0f9988d2e2c12db3d88d2973a99a
rh-ruby26-rubygems-devel-3.0.3.1-120.el7.noarch.rpm
SHA-256: 1a2cf2143dfc057f7f9234f30d4098fc7681078dbb05cba9f0dd639b2007a3be
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
SRPM
rh-ruby26-ruby-2.6.9-120.el7.src.rpm
SHA-256: ac7966e13657e0c71c8801781f24173f2d0733093579264fedabbfcbe54198dd
x86_64
rh-ruby26-ruby-2.6.9-120.el7.x86_64.rpm
SHA-256: 8bb40c1a359dd2abc08895cf16b1837c0e3994a3015dbbbed8927ae3ef81f9d7
rh-ruby26-ruby-debuginfo-2.6.9-120.el7.x86_64.rpm
SHA-256: a56ff30036e58b1bc0c78960e56f2a8ee82e01e0676fc10403384cecaa1cea63
rh-ruby26-ruby-devel-2.6.9-120.el7.x86_64.rpm
SHA-256: ed3d805debb26b7718764ccb7517da9ee7ad359c7de93d861fdc7da453f277b1
rh-ruby26-ruby-doc-2.6.9-120.el7.noarch.rpm
SHA-256: 6f53544e9a7f951a96b5d799d1f4b83ff9ae2807f9cd8d9926f64e71694c7445
rh-ruby26-ruby-libs-2.6.9-120.el7.x86_64.rpm
SHA-256: a1c34272b8b0432208bafc0ec1b28219717c0a7e5719360ece483430d5c770a0
rh-ruby26-rubygem-bigdecimal-1.4.1-120.el7.x86_64.rpm
SHA-256: 01f49c15cf52827d0f1da63dec6934949838fedeb7bd306f623ef48672303be3
rh-ruby26-rubygem-bundler-1.17.2-120.el7.noarch.rpm
SHA-256: 3fdf77a044d2c56fa835ac7268498dcb13ac9820c8d31ace8eb8b5992dafe183
rh-ruby26-rubygem-did_you_mean-1.3.0-120.el7.noarch.rpm
SHA-256: db8cdb8ffcd7a7f14d963415d1510792d49aefcee85880ac875ce025d50af382
rh-ruby26-rubygem-io-console-0.4.7-120.el7.x86_64.rpm
SHA-256: 8153de85eccc407680aca82e4bb03dc9b6ce87aee8b03cd9b4c0340a6dfe7811
rh-ruby26-rubygem-irb-1.0.0-120.el7.noarch.rpm
SHA-256: 971f106946ecfcfffbe5e064cb986384b509bb17a2029eeef0a92e3593ae5682
rh-ruby26-rubygem-json-2.1.0-120.el7.x86_64.rpm
SHA-256: 9d9d40cb3d9a4dc7bd0662ee0c6b28d5570f9ba1658c5ca281a58c2288338664
rh-ruby26-rubygem-minitest-5.11.3-120.el7.noarch.rpm
SHA-256: e6b36dcfb6ac52771701595d28bb4fe5821de894476dd28bb232caca4875fca0
rh-ruby26-rubygem-net-telnet-0.2.0-120.el7.noarch.rpm
SHA-256: 1abb3b798956d529a1ffe25eea8cd0ebeb3a752bdb39067a8202346d71321db1
rh-ruby26-rubygem-openssl-2.1.2-120.el7.x86_64.rpm
SHA-256: 25fe614e0f6e1213e354c8248d6b6cef1b9d8881653fb1f2b17deb8f7a03edeb
rh-ruby26-rubygem-power_assert-1.1.3-120.el7.noarch.rpm
SHA-256: 742d860cb402b246495913e43eebbb2739e9fe0bd9722f9a2b4cbbe2699dcdc5
rh-ruby26-rubygem-psych-3.1.0-120.el7.x86_64.rpm
SHA-256: 68d4b20662badb88ba7c9a62de5e6348ab3ae9c45935bcc6325182d7eb110073
rh-ruby26-rubygem-rake-12.3.3-120.el7.noarch.rpm
SHA-256: 602a6850c66b66fb29b1a781d65a34a6bf0e310c4cdd423d0f3bf07cf8d408d6
rh-ruby26-rubygem-rdoc-6.1.2.1-120.el7.noarch.rpm
SHA-256: 03a70c7bd082e4e902c24f33a857e9d7cb9aeb395e9107e7e57333462cbbde2b
rh-ruby26-rubygem-test-unit-3.2.9-120.el7.noarch.rpm
SHA-256: 4d1a9520a8aa3c6cce13f2ce7672a73b0236edf1107621d14f2c5f3acf60effd
rh-ruby26-rubygem-xmlrpc-0.3.0-120.el7.noarch.rpm
SHA-256: 157e89e039b2497212ca363eb25f79bf2657acf93f6d4d299d45cebbcb817110
rh-ruby26-rubygems-3.0.3.1-120.el7.noarch.rpm
SHA-256: 782c637f117fb9e89889e1c8551f752b003d0f9988d2e2c12db3d88d2973a99a
rh-ruby26-rubygems-devel-3.0.3.1-120.el7.noarch.rpm
SHA-256: 1a2cf2143dfc057f7f9234f30d4098fc7681078dbb05cba9f0dd639b2007a3be