ruby:2.7 security, bug fix, and enhancement update

エラータID: AXSA:2021-2391:01

Release date: 
Tuesday, August 31, 2021 - 05:40
Subject: 
ruby:2.7 security, bug fix, and enhancement update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby (2.7.3).

Security Fix(es):

* ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
* ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Resolv::DNS: ruby:2.7/ruby: timeouts if multiple IPv6 name servers are given and address contains leading zero

CVE-2020-25613
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
CVE-2021-28965
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

Modularity name:ruby
Stream name: 2.7

Solution: 

Update packages.

CVEs: 
CVE-2020-25613
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
CVE-2021-28965
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
Additional Info: 

N/A

Download: 

SRPMS
  1. rubygem-abrt-0.4.0-1.module+el8+1289+76896822.src.rpm
    MD5: 6d46f921f5d9cf4c6bf231d108319b4c
    SHA-256: 853a30eefe92548d2d4f1bcf084868c141522e42a57f26f83724e377b230dcab
    Size: 16.63 kB
  2. rubygem-bson-4.8.1-1.module+el8+1289+76896822.src.rpm
    MD5: 5e11b51a2e922d68c073797ad5498313
    SHA-256: 456eaff49c742036a0c2109d3643e1369c5820ed191a47f9239514921ffbd24c
    Size: 130.27 kB
  3. rubygem-mongo-2.11.3-1.module+el8+1289+76896822.src.rpm
    MD5: 469ed093ca082c63c39552ddd48a4bed
    SHA-256: 4c4e73b79ace7040d4eec9eb66d5b8ffa0b926e56b25e8b8d3b310c1519c32c0
    Size: 648.34 kB
  4. rubygem-mysql2-0.5.3-1.module+el8+1289+76896822.src.rpm
    MD5: 5c317b42fdcdb7c0a95a234dc53c7899
    SHA-256: 182a896564061db2e9c190dd812feb732756dd934662d801f1a2a2dae8901ae7
    Size: 109.14 kB
  5. rubygem-pg-1.2.3-1.module+el8+1289+76896822.src.rpm
    MD5: 12a46508865fc0d1a65039430d70481f
    SHA-256: e05220802fa2ddedb09adb17c18a8ca68b270b14bfd402905762cc0c1b4897e5
    Size: 201.29 kB
  6. ruby-2.7.3-136.module+el8+1289+76896822.src.rpm
    MD5: 17246897fbd89bd40caaf1c0d5ca0b6d
    SHA-256: bbd36a7eff60d58a5ffda0187aec5185605ba77fc45010d0323228c7313c0c0b
    Size: 11.62 MB

Asianux Server 8 for x86_64
  1. rubygem-abrt-0.4.0-1.module+el8+1289+76896822.noarch.rpm
    MD5: 0837c7ed2b8d0a886ac1e8387f2c94cd
    SHA-256: 86a6ec4fa254efb8980107b730bc42992a895f63f67c9253aeadd4d149c202bf
    Size: 12.55 kB
  2. rubygem-abrt-doc-0.4.0-1.module+el8+1289+76896822.noarch.rpm
    MD5: 24e548a06c03c39de8ab2628443737fe
    SHA-256: 93bf8fa0d878ce06241666f3eb5bff0e1e918d9331bc9adb6e613183f035ea4c
    Size: 198.15 kB
  3. rubygem-bson-4.8.1-1.module+el8+1289+76896822.x86_64.rpm
    MD5: c28458ed70fc023e796a33d175cd0b1f
    SHA-256: a906fc601041ad028c38668fb1311b80278b5da1a556f191841f7f0eb39fa6c4
    Size: 66.19 kB
  4. rubygem-bson-debugsource-4.8.1-1.module+el8+1289+76896822.x86_64.rpm
    MD5: 8283294d8d5c73fb699c02680fc0bbd9
    SHA-256: eec61241e9cb9beb2287833f7fc1a985937e9137f3317b5e90d260ce1738d04f
    Size: 24.87 kB
  5. rubygem-bson-doc-4.8.1-1.module+el8+1289+76896822.noarch.rpm
    MD5: 0bbcc033880e091389ae616b27c9b262
    SHA-256: dc6939aee8177866696325b7b493003caa7fd6409e34a996739029381f516c71
    Size: 421.58 kB
  6. rubygem-mongo-2.11.3-1.module+el8+1289+76896822.noarch.rpm
    MD5: 177dca3086787005132c97038e5f0947
    SHA-256: c775c9f7254f9d196624f5d1446c10bc53b672f0423941e953bf6f585f2ba512
    Size: 296.85 kB
  7. rubygem-mongo-doc-2.11.3-1.module+el8+1289+76896822.noarch.rpm
    MD5: cc669610ddec32fabdfd8f421c637928
    SHA-256: 8e7eea1c5c446b25418b813e8e59caedbfb192485d53f8e78d5e3769bc4cc9f1
    Size: 1.65 MB
  8. rubygem-mysql2-0.5.3-1.module+el8+1289+76896822.x86_64.rpm
    MD5: 88e1b3c2ccf0182d5901c2c6db516330
    SHA-256: 5501c781eeeb11332aad70121c2a14821350fd08ce180f97f063b7f7d823e139
    Size: 46.54 kB
  9. rubygem-mysql2-debugsource-0.5.3-1.module+el8+1289+76896822.x86_64.rpm
    MD5: 91717d22407e5e3c12909cd3bcb47675
    SHA-256: 0a29a0f1fbbf2e127f3315029353e7c9e436e784ccf9e7542e72c3e91218e59e
    Size: 36.71 kB
  10. rubygem-mysql2-doc-0.5.3-1.module+el8+1289+76896822.noarch.rpm
    MD5: aa697dc8bc647989766976ded4da49e0
    SHA-256: 5bae0f52a44d5d4516408d525d39f665924c30945b71563a98d639dd3724bdd7
    Size: 247.20 kB
  11. rubygem-pg-1.2.3-1.module+el8+1289+76896822.x86_64.rpm
    MD5: 9508292022c6fb0d332c8a6e38305999
    SHA-256: b03379c5984919392818c7e09a9b4b57591afcb0c72907829573b30f9cf46713
    Size: 99.88 kB
  12. rubygem-pg-debugsource-1.2.3-1.module+el8+1289+76896822.x86_64.rpm
    MD5: 6edb2e6eb135935c2eb79abeb31f90ef
    SHA-256: c1e5d22b47bf05ac02bd082346ca591ded7e36e03453068f52c8a7a97ebbb09a
    Size: 98.11 kB
  13. rubygem-pg-doc-1.2.3-1.module+el8+1289+76896822.noarch.rpm
    MD5: 77f68b223d1dc8934502e39bff26d348
    SHA-256: 70ca0b3362d1c3ac10bad0a10fc9308bf7b3df3afb4274e2863f1b699405ca6b
    Size: 525.96 kB
  14. ruby-2.7.3-136.module+el8+1289+76896822.x86_64.rpm
    MD5: 48afd1f79108b6c5938e5e64fe8645f0
    SHA-256: d82c9fd58ecce219fbcb6aceceb25135ea280b028683284b3d22253dca230d2e
    Size: 86.97 kB
  15. ruby-debugsource-2.7.3-136.module+el8+1289+76896822.x86_64.rpm
    MD5: 3cff94c0d72165a6c07b9334ea95710b
    SHA-256: 1ae995e952585d9a78ec55216648930468772e2ed92097194443beeaa1250d7a
    Size: 3.93 MB
  16. ruby-default-gems-2.7.3-136.module+el8+1289+76896822.noarch.rpm
    MD5: 3d338285fac51e5b5284459763600cd8
    SHA-256: 38e04f04fcd8fab797487971b103704c44d2665a0ccd430db132d36a63d29f60
    Size: 71.76 kB
  17. ruby-devel-2.7.3-136.module+el8+1289+76896822.x86_64.rpm
    MD5: dd936d81f3f46f60278257942d652495
    SHA-256: 8d804ff964e6eb15d37a55e9c472ccf2a1b18488cc01f1a81dbe3758f9cbd425
    Size: 260.30 kB
  18. ruby-doc-2.7.3-136.module+el8+1289+76896822.noarch.rpm
    MD5: 17a2faabda65ca54833dfb459a95e99b
    SHA-256: c89b0fa886c3f3e7692991f7faefe0435222f13125797b6dae2117d9224fce25
    Size: 6.43 MB
  19. ruby-libs-2.7.3-136.module+el8+1289+76896822.x86_64.rpm
    MD5: 07601723ca661735567258bd7f91c942
    SHA-256: 6ac2382dc04ef1a66fa0ae850dd2f2c1e8dba63f771484310a43ddff7f2af30b
    Size: 3.18 MB
  20. rubygem-bigdecimal-2.0.0-136.module+el8+1289+76896822.x86_64.rpm
    MD5: 8db53567bfc5d7aceb455765cd453e80
    SHA-256: ca7a6dfa274ed39c81e165729c68e900b3777650c9b40ad599df9d20b9987c87
    Size: 99.04 kB
  21. rubygem-bundler-2.1.4-136.module+el8+1289+76896822.noarch.rpm
    MD5: 128da001a748571284eabdbe6498b64c
    SHA-256: fc551b8480f0ced66d96d2305b5afc941e005d39b864a240df3fe0ab52a5234f
    Size: 386.28 kB
  22. rubygem-io-console-0.5.6-136.module+el8+1289+76896822.x86_64.rpm
    MD5: bc565d95d6e19dc59bcc34648bbb3569
    SHA-256: ca3e1378a5c95b15582f35d290ae3a164900da6a568d766cb0d355849a414fe7
    Size: 69.75 kB
  23. rubygem-irb-1.2.6-136.module+el8+1289+76896822.noarch.rpm
    MD5: 4fbe3cfb362405a92a2f7c7adec538da
    SHA-256: d450ea40d32177e46495935a73c33b37dbcc3c838fc143be08194ff89c56ab9e
    Size: 114.47 kB
  24. rubygem-json-2.3.0-136.module+el8+1289+76896822.x86_64.rpm
    MD5: 33ec20dac19b6e5d4ab17cd841d81d12
    SHA-256: 93fb02da6a3ed367ce1f969fd15d00e7cac789dffded476424380da479db917c
    Size: 91.28 kB
  25. rubygem-minitest-5.13.0-136.module+el8+1289+76896822.noarch.rpm
    MD5: f3c96d22919a97a17990400addbc787b
    SHA-256: c0ffbafa8138dac324bca64502253ea5ae20eafb7c646b2fd5b6196340086ad2
    Size: 128.67 kB
  26. rubygem-net-telnet-0.2.0-136.module+el8+1289+76896822.noarch.rpm
    MD5: 3b283cf091b132193e474ebba08c95fc
    SHA-256: e0979f3db1b6ad984fba7a9771bb8114f965d2e8c3417d99c6e67519872c1026
    Size: 69.94 kB
  27. rubygem-openssl-2.1.2-136.module+el8+1289+76896822.x86_64.rpm
    MD5: c854090334e29404aaf8f2cc6f8fc56c
    SHA-256: 92c752f686197decab05d5c556ff2ebbc5f1da5199c326ca9eab3379db21e30f
    Size: 194.76 kB
  28. rubygem-power_assert-1.1.7-136.module+el8+1289+76896822.noarch.rpm
    MD5: ac8ce711f495d72a39ef39510bea798f
    SHA-256: 4ad0a04770487a14c3d76891411c65b082785714d87b760ecd4e5e9bef168385
    Size: 69.31 kB
  29. rubygem-psych-3.1.0-136.module+el8+1289+76896822.x86_64.rpm
    MD5: f99f606845685c1b0a2ef8f8779aae9a
    SHA-256: 491288a8b113cd7dfdaa4701345f2919b95aaf80b1d45e5489fb64185b009949
    Size: 95.35 kB
  30. rubygem-rake-13.0.1-136.module+el8+1289+76896822.noarch.rpm
    MD5: cb0e37ca1c4d35c664572bc00f5d4958
    SHA-256: ffa2861a467adaad4918209959da0f629a2702a665e5c6840bec503bf42b049a
    Size: 140.97 kB
  31. rubygem-rdoc-6.2.1-136.module+el8+1289+76896822.noarch.rpm
    MD5: 34c0606dc0a8fba10c6c116847625585
    SHA-256: 58dccc72c295bad62e46d23bfe0efe51228957b81e426c229df588c9f4a8fd48
    Size: 452.91 kB
  32. rubygem-test-unit-3.3.4-136.module+el8+1289+76896822.noarch.rpm
    MD5: e847edef6fc27f66554c7a416b3c6fed
    SHA-256: 91a85366be570f9d3e6650713dc42416113614c0a5fc9c85028d81e26f5058e9
    Size: 184.90 kB
  33. rubygem-xmlrpc-0.3.0-136.module+el8+1289+76896822.noarch.rpm
    MD5: 3f69b5db24c2ef2a2d7ee669f314cca2
    SHA-256: 56193002d2546236c323d64a915d18d1e08261ac729ae8057462d95dbbc273b7
    Size: 81.43 kB
  34. rubygems-3.1.6-136.module+el8+1289+76896822.noarch.rpm
    MD5: a01ab51a073c929655374e52ec930307
    SHA-256: f4deab50705d1f2f88dc3e33c46e99ac7e69555090107f4eea5446ce26685758
    Size: 306.73 kB
  35. rubygems-devel-3.1.6-136.module+el8+1289+76896822.noarch.rpm
    MD5: ebe4a94057f1640e8595383d7423be71
    SHA-256: 6711f761f4014237460f16c40d5863095c60e3689e7dd9af59954dfc2d742394
    Size: 59.70 kB
  36. ruby-2.7.3-136.module+el8+1289+76896822.i686.rpm
    MD5: 8bf01615dd8197bcd7cc7b251622fff8
    SHA-256: 735a19c00ac03c426d21564db3cab94b811961ec25b1a8eb711fd1bc065426a6
    Size: 87.08 kB
  37. ruby-debugsource-2.7.3-136.module+el8+1289+76896822.i686.rpm
    MD5: 9d5f79855a6b4b197257ed9b03141602
    SHA-256: 4b83310cf176e567469aa6d3efe499cdc64880d035740d64ca181661ee8226fe
    Size: 3.93 MB
  38. ruby-devel-2.7.3-136.module+el8+1289+76896822.i686.rpm
    MD5: 7b3fb2665c6d55f89c08fd2487aae140
    SHA-256: 804f1d84e61108242aa4fa60bab52826d101bbe7b541015b2ba4108bd4711f02
    Size: 259.87 kB
  39. ruby-libs-2.7.3-136.module+el8+1289+76896822.i686.rpm
    MD5: 26ca4666aba5859d60236656c1e342a2
    SHA-256: b550090534a95ce4da39f876eaea9a0930b9d5e6080a8524d71bf793d62a3f77
    Size: 3.30 MB
  40. rubygem-bigdecimal-2.0.0-136.module+el8+1289+76896822.i686.rpm
    MD5: 8190089e3990dc1d5479acbfbdee4b77
    SHA-256: 1c2dd9ffc269971b543eb1b65c44c7da2ca75bcd98aa2ee4f13bb7ca56ed18ff
    Size: 102.26 kB
  41. rubygem-io-console-0.5.6-136.module+el8+1289+76896822.i686.rpm
    MD5: 8f9c1b82095d5aaf855db6e662c8e0bb
    SHA-256: d125d5cec2dc93518ef9b731c4cc75ede363c2f6a3ee9850a506fb12dc53f2a3
    Size: 71.39 kB
  42. rubygem-json-2.3.0-136.module+el8+1289+76896822.i686.rpm
    MD5: 9dabd5522932a52c811c8c5429873684
    SHA-256: 7b8e6006088c93c533a493b49fcb192aa3268d96b3889437c5db1c759ab7666d
    Size: 92.87 kB
  43. rubygem-openssl-2.1.2-136.module+el8+1289+76896822.i686.rpm
    MD5: 15f280ac7b9a19565e22e3f7ca153ebe
    SHA-256: e4973de9d191544a731a25743555d1411f8b6f5c55362167003abf7abcb994a3
    Size: 207.06 kB
  44. rubygem-psych-3.1.0-136.module+el8+1289+76896822.i686.rpm
    MD5: 98ea49e011128993fc4a92d47df497eb
    SHA-256: 8fab47c40ab55e5ddcbcf2d78eb724c1451070f0142374fe5d3c30392c009bd1
    Size: 96.67 kB