rh-ruby27-ruby-2.7.3-129.el7
エラータID: AXSA:2021-1769:01
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: rh-ruby27-ruby (2.7.3).
Security Fix(es):
* ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
* ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* rh-ruby27-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero [rhscl-3]
CVE-2020-25613
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
CVE-2021-28965
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
Update packages.
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
N/A
SRPMS
- rh-ruby27-ruby-2.7.3-129.el7.src.rpm
MD5: e430e583a63f301c4a110647285c4e51
SHA-256: 1e8472213db0ff7fe786a60bceaab941440748147a4dab15ac2485a1c3d4778c
Size: 11.61 MB
Asianux Server 7 for x86_64
- rh-ruby27-ruby-2.7.3-129.el7.x86_64.rpm
MD5: 5f2d9f06feef8a67d98a544e8036c6cf
SHA-256: 6729f1d49532a76a3b6adf35807212c4624f9c5888e728f3f6e83808b18e3871
Size: 78.45 kB - rh-ruby27-ruby-devel-2.7.3-129.el7.x86_64.rpm
MD5: 2b54ef1f595f9abfcf15ba78a6883001
SHA-256: a3fc62da72275241781dcd1b10834203d83da8b595d256d25bd6d8567a0943bb
Size: 245.73 kB - rh-ruby27-ruby-doc-2.7.3-129.el7.noarch.rpm
MD5: 60b4d7939fca11b1436f5edee585468b
SHA-256: dbb171a1e374f5c352fdecc1ae04df96dc0027d29772b4b6590a1cc5162928b3
Size: 6.75 MB - rh-ruby27-rubygem-bigdecimal-2.0.0-129.el7.x86_64.rpm
MD5: 923a45785a2c44492b8b2bddb2903cb6
SHA-256: 751e2d6eccee526136a836e2c3ad8dacd04ed6425063fb931b9eb48e93472738
Size: 89.14 kB - rh-ruby27-rubygem-bundler-2.1.4-129.el7.noarch.rpm
MD5: ffd45c71b93b1c2591f3b670c4f1008e
SHA-256: 5e667bce4a926a1e51a4a3aa13755dba01ab7e537a8e608200112c38122e301c
Size: 382.78 kB - rh-ruby27-rubygem-did_you_mean-1.4.0-129.el7.noarch.rpm
MD5: 0d01df42ec6f34aba468336b23186acc
SHA-256: 6625b893505b073615dc7b62dba25d44a2fc4b1ddfc533ac4c3dd99e6b0d7b69
Size: 60.57 kB - rh-ruby27-rubygem-io-console-0.5.6-129.el7.x86_64.rpm
MD5: 41bd1fb04e6e16d22b533d690ccbba33
SHA-256: 5b6f97d665fb840490272c9b7b41c0df256843bacd6c54d455dce6333d6bbf7e
Size: 61.29 kB - rh-ruby27-rubygem-irb-1.2.6-129.el7.noarch.rpm
MD5: 7108c8fcbb3e7df919b28f33493c4e39
SHA-256: 14f8e2a9c4d2d74dc16a6db5b2de54ecaefe885c4ce28bf1f57bd37487f0088d
Size: 101.63 kB - rh-ruby27-rubygem-json-2.3.0-129.el7.x86_64.rpm
MD5: 64e5281945300535e6537ed220377b09
SHA-256: f2294b84aa2a72b622f4141d7724902d46e03923e0309296851084ec774eab61
Size: 82.45 kB - rh-ruby27-rubygem-minitest-5.13.0-129.el7.noarch.rpm
MD5: f02712da4e023b65ad56b85a9c655fbc
SHA-256: 9251bf2c7596e9a32d27551c5db7a8a604a70c90ad32c2ac9db3d7426119e5b3
Size: 121.86 kB - rh-ruby27-rubygem-net-telnet-0.2.0-129.el7.noarch.rpm
MD5: f334fe4bd569fa9d0aea28d32858917b
SHA-256: 3a08af52e5fbcab97f222f60843be7cca989cd11243ef9532cd8a4c706f0d63a
Size: 62.80 kB - rh-ruby27-rubygem-openssl-2.1.2-129.el7.x86_64.rpm
MD5: d48e79759c93ffa99ec5ab5fb698ce95
SHA-256: 9be0a5e2f2b968366189cf36406c058daa418cc6366d9ef438195c60dcfacd74
Size: 178.66 kB - rh-ruby27-rubygem-power_assert-1.1.7-129.el7.noarch.rpm
MD5: 12546e7e7f85da2634ba7c22053a4554
SHA-256: e1f88e6d007ab725a7bb076f266cca7fa3f92a575e8cf1a0976173300d67c021
Size: 62.29 kB - rh-ruby27-rubygem-psych-3.1.0-129.el7.x86_64.rpm
MD5: 0b22ea02a027858b3608f92f232c4558
SHA-256: c55458f6e86dd776a308f20fca4079ac2963d240c3f8e7dc3451d0516de6b329
Size: 87.52 kB - rh-ruby27-rubygem-racc-1.4.16-129.el7.x86_64.rpm
MD5: 8de4894c0ccd8c833a39183e2d45e010
SHA-256: 04e14e9797ec0f0c60f9d780234da72538689ef65a53edfe6d06412f0f297af3
Size: 93.28 kB - rh-ruby27-rubygem-rake-13.0.1-129.el7.noarch.rpm
MD5: 3adcb013407a8a07d51e3d6d7b9e2ff6
SHA-256: 364703935b2a8d1e7a007daf8c011c161a9cb3ab754ad7ea7a56e6adaacfb472
Size: 134.46 kB - rh-ruby27-rubygem-rdoc-6.2.1-129.el7.noarch.rpm
MD5: 01250c06a8ad7f9c8535629590218cbd
SHA-256: fb72c1949488ca7b9a3e4682fe5e9a02a99d64f3c331ee04c8d463282ff937fe
Size: 447.64 kB - rh-ruby27-rubygems-3.1.6-129.el7.noarch.rpm
MD5: 9b9e229c3e898312bb49e581b6e7f298
SHA-256: 04c53b50b638120a30b431689dfd8665a4b55ce3a3bdf300630a00c9d16b6681
Size: 313.71 kB - rh-ruby27-rubygems-devel-3.1.6-129.el7.noarch.rpm
MD5: 67aed3e1a885e2d49c8c3a29c464e0f0
SHA-256: 73494a0b2eb8f05925f1228daccacc09a3884a71751048c70417af5ee5d6dd9f
Size: 50.07 kB - rh-ruby27-rubygem-test-unit-3.3.4-129.el7.noarch.rpm
MD5: 9807af6cc3d351ea332e3f224d774e02
SHA-256: f435e3a53497f4881f928d075b7255cc3a97a3d8e3c57e4ff78e639c7e6ec295
Size: 179.84 kB - rh-ruby27-rubygem-xmlrpc-0.3.0-129.el7.noarch.rpm
MD5: 89c5644bdedbd0f8ba6a7f737266a0ce
SHA-256: c06d890c555a66454636b79e89516f2a3bd1b525ae593886926b6f99d908a243
Size: 74.35 kB - rh-ruby27-ruby-libs-2.7.3-129.el7.x86_64.rpm
MD5: 91fface2fec9a89b960d511727e6938d
SHA-256: 8f602137e5bff47374e9e1ddb1c6faff0b1868cdd40f615fe38e91edf5104c10
Size: 3.03 MB