Headline
RHSA-2022:6856: Red Hat Security Advisory: rh-ruby27-ruby security, bug fix, and enhancement update
An update for rh-ruby27-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-41816: ruby: buffer overflow in CGI.escape_html
- CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods
- CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse
- CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion
Synopsis
Moderate: rh-ruby27-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for rh-ruby27-ruby is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: rh-ruby27-ruby (2.7.6). (BZ#2128631)
Security Fix(es):
- ruby: buffer overflow in CGI.escape_html (CVE-2021-41816)
- ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)
- ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)
- Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
Fixes
- BZ - 2025104 - CVE-2021-41817 ruby: Regular expression denial of service vulnerability of Date parsing methods
- BZ - 2026752 - CVE-2021-41816 ruby: buffer overflow in CGI.escape_html
- BZ - 2026757 - CVE-2021-41819 ruby: Cookie prefix spoofing in CGI::Cookie.parse
- BZ - 2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion
- BZ - 2128631 - rh-ruby27-ruby: Rebase to the latest Ruby 2.7 release [rhscl-3] [rhscl-3.8.z]
CVEs
- CVE-2021-41816
- CVE-2021-41817
- CVE-2021-41819
- CVE-2022-28739
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
SRPM
rh-ruby27-ruby-2.7.6-131.el7.src.rpm
SHA-256: aaace51cd2ada1527015c862be17643110cfe26b593e5a5dd1cc64775f8c4cd1
x86_64
rh-ruby27-ruby-2.7.6-131.el7.x86_64.rpm
SHA-256: bfd3b6a8be98172fc66fb53bb0e9e7720f25f250d13d91b31b09531862d7564c
rh-ruby27-ruby-debuginfo-2.7.6-131.el7.x86_64.rpm
SHA-256: a363668ec9327da0894ae0f316f1a37261a0f10ae925b69506969e9a3cdf0a50
rh-ruby27-ruby-devel-2.7.6-131.el7.x86_64.rpm
SHA-256: bd8cc53587c3e798a6d494b6db0efc1224baee0cbe5fa9925d4281f310188fda
rh-ruby27-ruby-doc-2.7.6-131.el7.noarch.rpm
SHA-256: b6e41aa40e4248b4e0d9646d60b44f6da411145f1fcac571dddf87d66ba20a96
rh-ruby27-ruby-libs-2.7.6-131.el7.x86_64.rpm
SHA-256: 489c05a7f1b551700c3a81bb32d4284461a0be8ec5089e3bc073d1669f0c1b28
rh-ruby27-rubygem-bigdecimal-2.0.0-131.el7.x86_64.rpm
SHA-256: a4e1a0a1f8e65f8dbc3ded30beb24e617b71072e9110fccf8109e9f4ae95c27d
rh-ruby27-rubygem-bundler-2.2.24-131.el7.noarch.rpm
SHA-256: 9ca80fe3a85da72383933d5e40e3bfe6f6c92f6c290eff53d3f3a648e9c90acd
rh-ruby27-rubygem-did_you_mean-1.4.0-131.el7.noarch.rpm
SHA-256: c7fd6681156cd24841ef3e6c2cfadb93d3fc0a25f198209ef12a3941d2ca3068
rh-ruby27-rubygem-io-console-0.5.6-131.el7.x86_64.rpm
SHA-256: c0bbc8dcfd0e5f980da5786ebb23613286c9f47420d4ad356e5302d75763b9ee
rh-ruby27-rubygem-irb-1.2.6-131.el7.noarch.rpm
SHA-256: 104a95d202a1eb42b9c85d906f26e06b9e4ce5fe165f7d13ed6113c7dcf12b66
rh-ruby27-rubygem-json-2.3.0-131.el7.x86_64.rpm
SHA-256: c269d9e6ea424e48724d78dceae64a005331c79af6e9ae2cbd98fbd8ae9b908f
rh-ruby27-rubygem-minitest-5.13.0-131.el7.noarch.rpm
SHA-256: 15a6bd681d3d0ed52fa28e60b580ce20406fcc86407315fa5be12559434c350c
rh-ruby27-rubygem-net-telnet-0.2.0-131.el7.noarch.rpm
SHA-256: 3410cdc6c39b0fa782cc602d75f7d26960e8b3b5d198c12404cad8d18e703481
rh-ruby27-rubygem-openssl-2.1.3-131.el7.x86_64.rpm
SHA-256: 14e42a126163105bf48362cb3005910346024e064e3292727db08a73aab04ab5
rh-ruby27-rubygem-power_assert-1.1.7-131.el7.noarch.rpm
SHA-256: eada6a71f8d91d1abd3f0dae09304b3cd177505b82ee26b55768a59855d1a87e
rh-ruby27-rubygem-psych-3.1.0-131.el7.x86_64.rpm
SHA-256: 59bf4b0ab1f848ce786e72c9c2995d52ac60bd723ca8117efbadccc7bad8d7f9
rh-ruby27-rubygem-racc-1.4.16-131.el7.x86_64.rpm
SHA-256: 8d59465677948a8757276639ea949bfa7054781f3e1fcf1316c2224a6aec1972
rh-ruby27-rubygem-rake-13.0.1-131.el7.noarch.rpm
SHA-256: f407a989737208b4469822f5c5fa5b4cdc0d87183f07c79d1d94dc2068f29b32
rh-ruby27-rubygem-rdoc-6.2.1.1-131.el7.noarch.rpm
SHA-256: 601a2d666a0c432ad0881826064717fc0f360bd49c90802caa764a7fab483c83
rh-ruby27-rubygem-test-unit-3.3.4-131.el7.noarch.rpm
SHA-256: bc820144eb0d9d59f02b43dfa73e42b17ddfdd767d924034d58a2228314d8ded
rh-ruby27-rubygem-xmlrpc-0.3.0-131.el7.noarch.rpm
SHA-256: caa3e86d4c4f130e1498bf545dba74a10b30b48a89e50d9779e80285e8e17030
rh-ruby27-rubygems-3.1.6-131.el7.noarch.rpm
SHA-256: da94e98ac6677741e29a0b4942bbbd8fb7311e69ed3ccd58d9ae3a418a881e13
rh-ruby27-rubygems-devel-3.1.6-131.el7.noarch.rpm
SHA-256: 61875511aed085519350da7ab5ab5826cb86788c41944ac3b7351271362a7a25
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7
SRPM
rh-ruby27-ruby-2.7.6-131.el7.src.rpm
SHA-256: aaace51cd2ada1527015c862be17643110cfe26b593e5a5dd1cc64775f8c4cd1
s390x
rh-ruby27-ruby-2.7.6-131.el7.s390x.rpm
SHA-256: 13d6cab9b160195f27cac3f3ea386746c3eff7ec4acb24f51f530d65b478c6d0
rh-ruby27-ruby-debuginfo-2.7.6-131.el7.s390x.rpm
SHA-256: 2b1afa2edc17c65eadc518826b526cfa56ce90bba6205be9f0547c11b7696258
rh-ruby27-ruby-devel-2.7.6-131.el7.s390x.rpm
SHA-256: 9d2113523aa7b2efef37c6dea0db452633dc5266a01881a4daf2e54d111a803a
rh-ruby27-ruby-doc-2.7.6-131.el7.noarch.rpm
SHA-256: b6e41aa40e4248b4e0d9646d60b44f6da411145f1fcac571dddf87d66ba20a96
rh-ruby27-ruby-libs-2.7.6-131.el7.s390x.rpm
SHA-256: c07d8931500768b2301068f752bdc6b40f5182d6d12b7787cad2ef005c8bfdea
rh-ruby27-rubygem-bigdecimal-2.0.0-131.el7.s390x.rpm
SHA-256: c0a11b77c3fb63045a23431df920cfcc1612b1eee6755bf768a3d64779be37c4
rh-ruby27-rubygem-bundler-2.2.24-131.el7.noarch.rpm
SHA-256: 9ca80fe3a85da72383933d5e40e3bfe6f6c92f6c290eff53d3f3a648e9c90acd
rh-ruby27-rubygem-did_you_mean-1.4.0-131.el7.noarch.rpm
SHA-256: c7fd6681156cd24841ef3e6c2cfadb93d3fc0a25f198209ef12a3941d2ca3068
rh-ruby27-rubygem-io-console-0.5.6-131.el7.s390x.rpm
SHA-256: bfd3a3d7076143dc72a3de6baf374b75ef3b4c7df7073a30b2274a6eaa501a87
rh-ruby27-rubygem-irb-1.2.6-131.el7.noarch.rpm
SHA-256: 104a95d202a1eb42b9c85d906f26e06b9e4ce5fe165f7d13ed6113c7dcf12b66
rh-ruby27-rubygem-json-2.3.0-131.el7.s390x.rpm
SHA-256: ddcad69aee30faa5e4db15e0da30ae85de2bb3507a91b5ee02c1c61631d98c7b
rh-ruby27-rubygem-minitest-5.13.0-131.el7.noarch.rpm
SHA-256: 15a6bd681d3d0ed52fa28e60b580ce20406fcc86407315fa5be12559434c350c
rh-ruby27-rubygem-net-telnet-0.2.0-131.el7.noarch.rpm
SHA-256: 3410cdc6c39b0fa782cc602d75f7d26960e8b3b5d198c12404cad8d18e703481
rh-ruby27-rubygem-openssl-2.1.3-131.el7.s390x.rpm
SHA-256: 8857855b50659d5fffffdea41b7602e737e1c405bb5f742c210304c385623a29
rh-ruby27-rubygem-power_assert-1.1.7-131.el7.noarch.rpm
SHA-256: eada6a71f8d91d1abd3f0dae09304b3cd177505b82ee26b55768a59855d1a87e
rh-ruby27-rubygem-psych-3.1.0-131.el7.s390x.rpm
SHA-256: 84559317564fced771b599dc66a41ca89a74ca1b23614d698ac3d9fad2d75ec0
rh-ruby27-rubygem-racc-1.4.16-131.el7.s390x.rpm
SHA-256: 0cf2f536a297ae1ac264247d63435684dce0db03ece87b2097ca19b378c91934
rh-ruby27-rubygem-rake-13.0.1-131.el7.noarch.rpm
SHA-256: f407a989737208b4469822f5c5fa5b4cdc0d87183f07c79d1d94dc2068f29b32
rh-ruby27-rubygem-rdoc-6.2.1.1-131.el7.noarch.rpm
SHA-256: 601a2d666a0c432ad0881826064717fc0f360bd49c90802caa764a7fab483c83
rh-ruby27-rubygem-test-unit-3.3.4-131.el7.noarch.rpm
SHA-256: bc820144eb0d9d59f02b43dfa73e42b17ddfdd767d924034d58a2228314d8ded
rh-ruby27-rubygem-xmlrpc-0.3.0-131.el7.noarch.rpm
SHA-256: caa3e86d4c4f130e1498bf545dba74a10b30b48a89e50d9779e80285e8e17030
rh-ruby27-rubygems-3.1.6-131.el7.noarch.rpm
SHA-256: da94e98ac6677741e29a0b4942bbbd8fb7311e69ed3ccd58d9ae3a418a881e13
rh-ruby27-rubygems-devel-3.1.6-131.el7.noarch.rpm
SHA-256: 61875511aed085519350da7ab5ab5826cb86788c41944ac3b7351271362a7a25
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7
SRPM
rh-ruby27-ruby-2.7.6-131.el7.src.rpm
SHA-256: aaace51cd2ada1527015c862be17643110cfe26b593e5a5dd1cc64775f8c4cd1
ppc64le
rh-ruby27-ruby-2.7.6-131.el7.ppc64le.rpm
SHA-256: 334a9650b481cd7dbab97873acfd6bfc2303ac5446f8066cd92decbcc028b84e
rh-ruby27-ruby-debuginfo-2.7.6-131.el7.ppc64le.rpm
SHA-256: b931153965f1a264f96b4d0e2ed5b142d5e390d79fcda0809282887eea973b97
rh-ruby27-ruby-devel-2.7.6-131.el7.ppc64le.rpm
SHA-256: dd308fbbcae2511353010f9a0e1753d8234eefdcb48e0d5df37e566eb373839d
rh-ruby27-ruby-doc-2.7.6-131.el7.noarch.rpm
SHA-256: b6e41aa40e4248b4e0d9646d60b44f6da411145f1fcac571dddf87d66ba20a96
rh-ruby27-ruby-libs-2.7.6-131.el7.ppc64le.rpm
SHA-256: 9d506600453efce5418c65599415a3f3d1cca82b0f8b8d9214668c6662399c9c
rh-ruby27-rubygem-bigdecimal-2.0.0-131.el7.ppc64le.rpm
SHA-256: df5366d70d1456081ed7e241774aa516015a750b01c1ac810faccacf6a0fd451
rh-ruby27-rubygem-bundler-2.2.24-131.el7.noarch.rpm
SHA-256: 9ca80fe3a85da72383933d5e40e3bfe6f6c92f6c290eff53d3f3a648e9c90acd
rh-ruby27-rubygem-did_you_mean-1.4.0-131.el7.noarch.rpm
SHA-256: c7fd6681156cd24841ef3e6c2cfadb93d3fc0a25f198209ef12a3941d2ca3068
rh-ruby27-rubygem-io-console-0.5.6-131.el7.ppc64le.rpm
SHA-256: 419a3152c6aa419762025fb1cf68b3c2dd13b54135d75d1fc575641fdbde8ac1
rh-ruby27-rubygem-irb-1.2.6-131.el7.noarch.rpm
SHA-256: 104a95d202a1eb42b9c85d906f26e06b9e4ce5fe165f7d13ed6113c7dcf12b66
rh-ruby27-rubygem-json-2.3.0-131.el7.ppc64le.rpm
SHA-256: 08cc5416af6e1cb512de0b25ae557ff6150ee47296d32c2a6fbda4e3f0f6e5cf
rh-ruby27-rubygem-minitest-5.13.0-131.el7.noarch.rpm
SHA-256: 15a6bd681d3d0ed52fa28e60b580ce20406fcc86407315fa5be12559434c350c
rh-ruby27-rubygem-net-telnet-0.2.0-131.el7.noarch.rpm
SHA-256: 3410cdc6c39b0fa782cc602d75f7d26960e8b3b5d198c12404cad8d18e703481
rh-ruby27-rubygem-openssl-2.1.3-131.el7.ppc64le.rpm
SHA-256: adf3b61d44dd42cd79277e193068e0bfc275f994884896c7579b2df93f25ab93
rh-ruby27-rubygem-power_assert-1.1.7-131.el7.noarch.rpm
SHA-256: eada6a71f8d91d1abd3f0dae09304b3cd177505b82ee26b55768a59855d1a87e
rh-ruby27-rubygem-psych-3.1.0-131.el7.ppc64le.rpm
SHA-256: e75be3784c7545f19975ff98df609121f20423cf2ee95222103573596c5113a5
rh-ruby27-rubygem-racc-1.4.16-131.el7.ppc64le.rpm
SHA-256: 4d219cb4030eafda57d6eefa4b8932663ae75764afbd4c1a2fa6662269a3abf2
rh-ruby27-rubygem-rake-13.0.1-131.el7.noarch.rpm
SHA-256: f407a989737208b4469822f5c5fa5b4cdc0d87183f07c79d1d94dc2068f29b32
rh-ruby27-rubygem-rdoc-6.2.1.1-131.el7.noarch.rpm
SHA-256: 601a2d666a0c432ad0881826064717fc0f360bd49c90802caa764a7fab483c83
rh-ruby27-rubygem-test-unit-3.3.4-131.el7.noarch.rpm
SHA-256: bc820144eb0d9d59f02b43dfa73e42b17ddfdd767d924034d58a2228314d8ded
rh-ruby27-rubygem-xmlrpc-0.3.0-131.el7.noarch.rpm
SHA-256: caa3e86d4c4f130e1498bf545dba74a10b30b48a89e50d9779e80285e8e17030
rh-ruby27-rubygems-3.1.6-131.el7.noarch.rpm
SHA-256: da94e98ac6677741e29a0b4942bbbd8fb7311e69ed3ccd58d9ae3a418a881e13
rh-ruby27-rubygems-devel-3.1.6-131.el7.noarch.rpm
SHA-256: 61875511aed085519350da7ab5ab5826cb86788c41944ac3b7351271362a7a25
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
SRPM
rh-ruby27-ruby-2.7.6-131.el7.src.rpm
SHA-256: aaace51cd2ada1527015c862be17643110cfe26b593e5a5dd1cc64775f8c4cd1
x86_64
rh-ruby27-ruby-2.7.6-131.el7.x86_64.rpm
SHA-256: bfd3b6a8be98172fc66fb53bb0e9e7720f25f250d13d91b31b09531862d7564c
rh-ruby27-ruby-debuginfo-2.7.6-131.el7.x86_64.rpm
SHA-256: a363668ec9327da0894ae0f316f1a37261a0f10ae925b69506969e9a3cdf0a50
rh-ruby27-ruby-devel-2.7.6-131.el7.x86_64.rpm
SHA-256: bd8cc53587c3e798a6d494b6db0efc1224baee0cbe5fa9925d4281f310188fda
rh-ruby27-ruby-doc-2.7.6-131.el7.noarch.rpm
SHA-256: b6e41aa40e4248b4e0d9646d60b44f6da411145f1fcac571dddf87d66ba20a96
rh-ruby27-ruby-libs-2.7.6-131.el7.x86_64.rpm
SHA-256: 489c05a7f1b551700c3a81bb32d4284461a0be8ec5089e3bc073d1669f0c1b28
rh-ruby27-rubygem-bigdecimal-2.0.0-131.el7.x86_64.rpm
SHA-256: a4e1a0a1f8e65f8dbc3ded30beb24e617b71072e9110fccf8109e9f4ae95c27d
rh-ruby27-rubygem-bundler-2.2.24-131.el7.noarch.rpm
SHA-256: 9ca80fe3a85da72383933d5e40e3bfe6f6c92f6c290eff53d3f3a648e9c90acd
rh-ruby27-rubygem-did_you_mean-1.4.0-131.el7.noarch.rpm
SHA-256: c7fd6681156cd24841ef3e6c2cfadb93d3fc0a25f198209ef12a3941d2ca3068
rh-ruby27-rubygem-io-console-0.5.6-131.el7.x86_64.rpm
SHA-256: c0bbc8dcfd0e5f980da5786ebb23613286c9f47420d4ad356e5302d75763b9ee
rh-ruby27-rubygem-irb-1.2.6-131.el7.noarch.rpm
SHA-256: 104a95d202a1eb42b9c85d906f26e06b9e4ce5fe165f7d13ed6113c7dcf12b66
rh-ruby27-rubygem-json-2.3.0-131.el7.x86_64.rpm
SHA-256: c269d9e6ea424e48724d78dceae64a005331c79af6e9ae2cbd98fbd8ae9b908f
rh-ruby27-rubygem-minitest-5.13.0-131.el7.noarch.rpm
SHA-256: 15a6bd681d3d0ed52fa28e60b580ce20406fcc86407315fa5be12559434c350c
rh-ruby27-rubygem-net-telnet-0.2.0-131.el7.noarch.rpm
SHA-256: 3410cdc6c39b0fa782cc602d75f7d26960e8b3b5d198c12404cad8d18e703481
rh-ruby27-rubygem-openssl-2.1.3-131.el7.x86_64.rpm
SHA-256: 14e42a126163105bf48362cb3005910346024e064e3292727db08a73aab04ab5
rh-ruby27-rubygem-power_assert-1.1.7-131.el7.noarch.rpm
SHA-256: eada6a71f8d91d1abd3f0dae09304b3cd177505b82ee26b55768a59855d1a87e
rh-ruby27-rubygem-psych-3.1.0-131.el7.x86_64.rpm
SHA-256: 59bf4b0ab1f848ce786e72c9c2995d52ac60bd723ca8117efbadccc7bad8d7f9
rh-ruby27-rubygem-racc-1.4.16-131.el7.x86_64.rpm
SHA-256: 8d59465677948a8757276639ea949bfa7054781f3e1fcf1316c2224a6aec1972
rh-ruby27-rubygem-rake-13.0.1-131.el7.noarch.rpm
SHA-256: f407a989737208b4469822f5c5fa5b4cdc0d87183f07c79d1d94dc2068f29b32
rh-ruby27-rubygem-rdoc-6.2.1.1-131.el7.noarch.rpm
SHA-256: 601a2d666a0c432ad0881826064717fc0f360bd49c90802caa764a7fab483c83
rh-ruby27-rubygem-test-unit-3.3.4-131.el7.noarch.rpm
SHA-256: bc820144eb0d9d59f02b43dfa73e42b17ddfdd767d924034d58a2228314d8ded
rh-ruby27-rubygem-xmlrpc-0.3.0-131.el7.noarch.rpm
SHA-256: caa3e86d4c4f130e1498bf545dba74a10b30b48a89e50d9779e80285e8e17030
rh-ruby27-rubygems-3.1.6-131.el7.noarch.rpm
SHA-256: da94e98ac6677741e29a0b4942bbbd8fb7311e69ed3ccd58d9ae3a418a881e13
rh-ruby27-rubygems-devel-3.1.6-131.el7.noarch.rpm
SHA-256: 61875511aed085519350da7ab5ab5826cb86788c41944ac3b7351271362a7a25
Related news
Gentoo Linux Security Advisory 202401-27 - Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. Multiple versions are affected.
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Red Hat Security Advisory 2022-6855-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include buffer overflow, denial of service, double free, and spoofing vulnerabilities.
Red Hat Security Advisory 2022-6856-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include buffer overflow, denial of service, and spoofing vulnerabilities.
An update for rh-ruby30-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41816: ruby: buffer overflow in CGI.escape_html * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28738: Ruby: Double free in Regexp compilation * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion
Red Hat Security Advisory 2022-6585-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a double free vulnerability.
An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-28738: Ruby: Double free in Regexp compilation * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion
Red Hat Security Advisory 2022-6447-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service and spoofing vulnerabilities.
Red Hat Security Advisory 2022-6447-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service and spoofing vulnerabilities.
Red Hat Security Advisory 2022-6447-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service and spoofing vulnerabilities.
Red Hat Security Advisory 2022-6450-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service, double free, and spoofing vulnerabilities.
Red Hat Security Advisory 2022-6450-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service, double free, and spoofing vulnerabilities.
Red Hat Security Advisory 2022-6450-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service, double free, and spoofing vulnerabilities.
An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28738: Ruby: Double free in Regexp compilation * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion
An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28738: Ruby: Double free in Regexp compilation * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion
An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28738: Ruby: Double free in Regexp compilation * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion
An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion
An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion
An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion
An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse
An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.
Ubuntu Security Notice 5462-2 - USN-5462-1 fixed several vulnerabilities in Ruby. This update provides the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
Ubuntu Security Notice 5462-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.