ruby:2.5 security update

エラータID: AXSA:2022-3087:01

Release date: 
Friday, February 25, 2022 - 07:08
Subject: 
ruby:2.5 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

* rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799)
* ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810)
* ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
CVE-2021-31810
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

Modularity name: ruby
Stream name: 2.5

Solution: 

Update packages.

CVEs: 
CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
CVE-2021-31810
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
Additional Info: 

N/A

Download: 

SRPMS
  1. rubygem-abrt-0.3.0-4.module+el8+1399+2709a808.src.rpm
    MD5: e09c2c72de5b9705c623edda05e500e2
    SHA-256: 248908847a8538f65129ffadcbd082f8794d303052e09402f450184c44ad01d6
    Size: 16.03 kB
  2. rubygem-bson-4.3.0-2.module+el8+1399+2709a808.src.rpm
    MD5: 159da341fe57adf7dc7ada56c573a362
    SHA-256: 81ea9d2320f833f7c2b6b62ada98ecfe6e8790ed59746e946737210b65df42cf
    Size: 90.08 kB
  3. rubygem-bundler-1.16.1-4.module+el8+1399+2709a808.src.rpm
    MD5: fe8d6414061aff982e1d21632c18c114
    SHA-256: f5cba3c58e135adaf824f0e08829dc0cd7306363c805e1a329f402e8def38002
    Size: 14.64 MB
  4. rubygem-mongo-2.5.1-2.module+el8+1399+2709a808.src.rpm
    MD5: 5d8c4f41a3729ca5b642f93f1dbab726
    SHA-256: 70dccd9f0b18b6344d702c6eebee74d32e270368a97b9274a7843645c902150f
    Size: 338.58 kB
  5. rubygem-mysql2-0.4.10-4.module+el8+1399+2709a808.src.rpm
    MD5: bdf71c6e9d4bc450d089bb4219bf3d2e
    SHA-256: 2f848c63ee2b366c8da71de80b4bc231951a1f09f994767de39646bd7401750c
    Size: 108.16 kB
  6. rubygem-pg-1.0.0-2.0.1.module+el8+1399+2709a808.src.rpm
    MD5: c356baad46f0cc4653b0a13a1e8cccec
    SHA-256: 554b0fb44a08b1f76b73053ae6ad963808a16dc78c8d9a1a80c69fdf7ab0927d
    Size: 218.64 kB
  7. ruby-2.5.9-109.module+el8+1399+2709a808.src.rpm
    MD5: 80d15010116b2e31975ba8c8bad822a7
    SHA-256: 5f26d2cedc6516d60edd46bd37bb52734e881d5b15caf018886fbb6225af166c
    Size: 10.92 MB

Asianux Server 8 for x86_64
  1. rubygem-abrt-0.3.0-4.module+el8+1399+2709a808.noarch.rpm
    MD5: 3847912a40a270266011d367c864c1ab
    SHA-256: 7b4ea75003453ad009529c903946241516f7161d79ef8bb5e9eda31265c61cd9
    Size: 12.49 kB
  2. rubygem-abrt-doc-0.3.0-4.module+el8+1399+2709a808.noarch.rpm
    MD5: a0ba3168ebc1235355054a31a99c853b
    SHA-256: fcee521907b38ef2e92e82d9ba8a579fa87dd51404c966a3e27c67c941996ae5
    Size: 198.15 kB
  3. rubygem-bson-4.3.0-2.module+el8+1399+2709a808.x86_64.rpm
    MD5: a488be14f99341608788bb07bc0c9ea1
    SHA-256: 5ad09007486644c3854b1d7feead6ddb697598dc75358709fd3563c3a200b551
    Size: 53.37 kB
  4. rubygem-bson-debugsource-4.3.0-2.module+el8+1399+2709a808.x86_64.rpm
    MD5: b0c21953050231167b82f26b478fcd39
    SHA-256: a645bd2552d1702b5b6bcbb92443517ad343432968bfdba3c1f685d1e9fc8805
    Size: 19.73 kB
  5. rubygem-bson-doc-4.3.0-2.module+el8+1399+2709a808.noarch.rpm
    MD5: 3a6c487cd5de76694dc66308c2a1087c
    SHA-256: 801c50a87bb97110b5a3758d12552b337d48e07a39e255850e0d8226693e787a
    Size: 373.78 kB
  6. rubygem-bundler-1.16.1-4.module+el8+1399+2709a808.noarch.rpm
    MD5: b06c808f1c27d7f3404242920da60128
    SHA-256: 652d43189b8d59d12e93c69ef1b97e035333d76b6719043aff2dbc1c047df919
    Size: 351.86 kB
  7. rubygem-bundler-doc-1.16.1-4.module+el8+1399+2709a808.noarch.rpm
    MD5: 51f31f14341b40ce5ece423ae7672637
    SHA-256: 7093a1c9a2e4e48c1678527d4c4f733432d3d29e4c222538d0f968dc453399a7
    Size: 1.23 MB
  8. rubygem-mongo-2.5.1-2.module+el8+1399+2709a808.noarch.rpm
    MD5: d7dac5b675bf4e10adc4ebdd1c6772f8
    SHA-256: 1bf64fd4ff29d9eadeca05cf1aeb0b210b1da7410e9997b80cd4599d95336622
    Size: 184.40 kB
  9. rubygem-mongo-doc-2.5.1-2.module+el8+1399+2709a808.noarch.rpm
    MD5: 5c33ca4a0b9504a31d221c12aecf5a58
    SHA-256: 24eb126a264dd7a28dd4ef360d3a23beac2a3d9884f664d4153f555d9e10a8c1
    Size: 1.20 MB
  10. rubygem-mysql2-0.4.10-4.module+el8+1399+2709a808.x86_64.rpm
    MD5: 74e9d5d5affd94c43bb6043b8e0941a4
    SHA-256: 45d2efe64875992577631a2de24e060783a0a3db56c0e21f0752c23c7234eb81
    Size: 44.13 kB
  11. rubygem-mysql2-debugsource-0.4.10-4.module+el8+1399+2709a808.x86_64.rpm
    MD5: 96cd15e194e22dd1d12dbfe01ecd55f9
    SHA-256: ef8125b923a02cb76d63cd9309f2a56bc6cd2940277a1f888195ef7ee08454cc
    Size: 35.86 kB
  12. rubygem-mysql2-doc-0.4.10-4.module+el8+1399+2709a808.noarch.rpm
    MD5: 8f89dfa356a70df11c03bf1225a263d7
    SHA-256: b7862bd5dbde0335313185e019bc0834ac24cff224ef066bc839d64b831b9749
    Size: 275.23 kB
  13. rubygem-pg-1.0.0-2.0.1.module+el8+1399+2709a808.x86_64.rpm
    MD5: cdcbe1d9864a591b969cb30cf86cdad1
    SHA-256: a5b7eff4f00bfb4ad95f69b0d5ee6b383637dd031cdaf5056beb67375722d30b
    Size: 86.21 kB
  14. rubygem-pg-debugsource-1.0.0-2.0.1.module+el8+1399+2709a808.x86_64.rpm
    MD5: b11b70ac4271c1eab86c28f1b00a9351
    SHA-256: 6c9bc32a6424e80cda681675f74c68f95827685cb52d177882515fe72f0a52db
    Size: 81.29 kB
  15. rubygem-pg-doc-1.0.0-2.0.1.module+el8+1399+2709a808.noarch.rpm
    MD5: 6bbb7731fa9f17fe645420eb5e65e51f
    SHA-256: ce05804e25dba57e9099d0a410f3588b5908c8bd6750526538f3ed00917a8119
    Size: 522.82 kB
  16. ruby-2.5.9-109.module+el8+1399+2709a808.x86_64.rpm
    MD5: b5966f8b27af8605603b1d6d517cd443
    SHA-256: 966ee603727a340deace50e548e2f7cc381f6d080fe49f84d030ebb58141e72c
    Size: 85.85 kB
  17. ruby-debugsource-2.5.9-109.module+el8+1399+2709a808.x86_64.rpm
    MD5: 75c6d47e6208316c8d5338e7bdba5852
    SHA-256: a8609d10206a820e1b205aaec85425f6cb08e4d3ea92fbc8a305d77dee1cd9f9
    Size: 3.68 MB
  18. ruby-devel-2.5.9-109.module+el8+1399+2709a808.x86_64.rpm
    MD5: fe91878d136e98d6696eb0b2f4a53fb3
    SHA-256: b3013ffbcc9f626236b0be2a62dee0f735e40bbfc569aff65cfa9579d15ca110
    Size: 125.26 kB
  19. ruby-doc-2.5.9-109.module+el8+1399+2709a808.noarch.rpm
    MD5: 7b7acca597fbc5f14a7c46c7cc528763
    SHA-256: 48054b32787e261d6a376fc18318169f563f8d7b790fcc777608edad3cf0f7ba
    Size: 5.33 MB
  20. ruby-irb-2.5.9-109.module+el8+1399+2709a808.noarch.rpm
    MD5: 65140455f9ff41ea3e5d22d73a59d97f
    SHA-256: 52871d9b00a32a002232df013412a8e0c3f7ec82d5a88f202ac2bc78d5567a9e
    Size: 101.35 kB
  21. ruby-libs-2.5.9-109.module+el8+1399+2709a808.x86_64.rpm
    MD5: 03763323da8be34812e88ed5a6422751
    SHA-256: 64c573dc9fa481f617041f7edbe6cb8a64aecf9ba63f66f7af03423e7398ae19
    Size: 2.92 MB
  22. rubygem-bigdecimal-1.3.4-109.module+el8+1399+2709a808.x86_64.rpm
    MD5: 08bb43cce2ba6b429cb0af78dd1346ba
    SHA-256: 6d168ffc0e58e5e5e2c23941356ff4d13c3b7366fb86626793457dba16b11e62
    Size: 96.50 kB
  23. rubygem-did_you_mean-1.2.0-109.module+el8+1399+2709a808.noarch.rpm
    MD5: 44b8d82b27999a2f5d7996c279c7dbfe
    SHA-256: 9e5e78e2b46d46adb76bac6e743bc0256aab6b0ce39e014c385f3b46e899eed0
    Size: 80.48 kB
  24. rubygem-io-console-0.4.6-109.module+el8+1399+2709a808.x86_64.rpm
    MD5: 1f7826d5a989f4d48bdb1bdd8f3b13d1
    SHA-256: 1d16d53713a9ef5805bba8fb6ced6230db1d6b633ac344a4522452400d5f84bf
    Size: 65.87 kB
  25. rubygem-json-2.1.0-109.module+el8+1399+2709a808.x86_64.rpm
    MD5: 489d85413c0628b1301e22512c5b62f6
    SHA-256: 773989aaaa7c02adbc30d1c34710c64374c602f6c93ab966f0c3f119b0b5bc0f
    Size: 89.78 kB
  26. rubygem-minitest-5.10.3-109.module+el8+1399+2709a808.noarch.rpm
    MD5: 914c0a7dcf91ce668676529e3dcfef54
    SHA-256: 4dca4aa0007d010448be3413ef4fd83a17884356d56c93fa6c4237b99f5cec7d
    Size: 121.79 kB
  27. rubygem-net-telnet-0.1.1-109.module+el8+1399+2709a808.noarch.rpm
    MD5: eb9f85b38516297ac38cdb1fa0e7e7c3
    SHA-256: 21b296ca98bf9c5acc5e7d948e4d42cb2a52b8e5806a64e90ebfe183ab466442
    Size: 69.49 kB
  28. rubygem-openssl-2.1.2-109.module+el8+1399+2709a808.x86_64.rpm
    MD5: 1b1a649bb4a05c71c2969d2ccb1c8b27
    SHA-256: 23eef7100520150264d816e067e7bf942d28bc0e214f2332024981f90ffb9c8a
    Size: 188.58 kB
  29. rubygem-power_assert-1.1.1-109.module+el8+1399+2709a808.noarch.rpm
    MD5: 53b13ce8fdd6ce888803dcf0d3108f70
    SHA-256: 8cd30f5e31bba98c2c9be05d920854e061fb8d0acc62cf09f4ee78c081203f6c
    Size: 68.57 kB
  30. rubygem-psych-3.0.2-109.module+el8+1399+2709a808.x86_64.rpm
    MD5: 8ee13031253b56a1d6398971c0ae3c58
    SHA-256: 2bdcc7c8537f4a8da623d728094f8a72e6c2abb687b2f0c82b1b54f0423c9709
    Size: 94.24 kB
  31. rubygem-rake-12.3.3-109.module+el8+1399+2709a808.noarch.rpm
    MD5: 3c5cffe60e6242c0297ce2589b940990
    SHA-256: b223e9fc7e0d39b941feb42af48bd7fffba532944a43e869e4ec150a927d83a6
    Size: 140.59 kB
  32. rubygem-rdoc-6.0.1.1-109.module+el8+1399+2709a808.noarch.rpm
    MD5: ff2116a2d7c98e96449a48a4e468edf9
    SHA-256: ab86db90ca1ceaa88fde74adcd4cc8d856c0bebd5e1602dda445bcdf1126af7d
    Size: 454.97 kB
  33. rubygem-test-unit-3.2.7-109.module+el8+1399+2709a808.noarch.rpm
    MD5: ea2b4ccc5117faf9319cf40934644973
    SHA-256: 620d75a98534f0e9894cf04e14ea6f4fc4d990c214cb28d735b6bc6f3c9f1b84
    Size: 181.38 kB
  34. rubygem-xmlrpc-0.3.0-109.module+el8+1399+2709a808.noarch.rpm
    MD5: c5a348263c8068298fa8c25e4bd1a3c0
    SHA-256: 6b5ca1a481e5a99993e023ce751e1f49aaa2f75e0d8e4bbc529e01868629c99a
    Size: 81.07 kB
  35. rubygems-2.7.6.3-109.module+el8+1399+2709a808.noarch.rpm
    MD5: f788e61cd33a290d125a4e309ea8c66f
    SHA-256: 097a8ccaec2321c63fe622aa878fa793c4bdfe260e57f4752511d2f97c92895e
    Size: 307.30 kB
  36. rubygems-devel-2.7.6.3-109.module+el8+1399+2709a808.noarch.rpm
    MD5: 509c72626b05fd978616466d8f7a3f65
    SHA-256: bfcda073bd7963d6aa9553fb2986bdccc35afcf625e65571f765731c6be39a35
    Size: 59.39 kB
  37. rubygem-bson-4.3.0-2.module+el8+1399+2709a808.i686.rpm
    MD5: 29f7bc5973b54d73cf502b0f578e957a
    SHA-256: 6009f0c9396648d700c26c95f20d7dc5487716b9cf03861c902b537dff5ab535
    Size: 53.10 kB
  38. rubygem-bson-debugsource-4.3.0-2.module+el8+1399+2709a808.i686.rpm
    MD5: 9b032010e3d396e0e95622145144cdb8
    SHA-256: c2c4b91d7106d20bf794d8039565c76b697897df927097e3cd87283f95920243
    Size: 19.75 kB
  39. rubygem-mysql2-0.4.10-4.module+el8+1399+2709a808.i686.rpm
    MD5: dfbae8453d5fc3a80516c402d5ac1007
    SHA-256: 4f10118ff057a0c5e2a250aa37bf62d95c34c4a94dfe23ce725afa6b37d6d9b3
    Size: 46.82 kB
  40. rubygem-mysql2-debugsource-0.4.10-4.module+el8+1399+2709a808.i686.rpm
    MD5: 91c42f1bc686748d3db612e426c762e9
    SHA-256: e59b326f659eb06dd9e2bd7d80327a26ef280b3782834bd0ba6cd49da4b88950
    Size: 35.87 kB
  41. rubygem-pg-1.0.0-2.0.1.module+el8+1399+2709a808.i686.rpm
    MD5: 1b3a94985c552bacca5b55d45090a945
    SHA-256: 91df62c3b6807b044af1632f1196abddaf9103e57523b37038b38a87b7db4951
    Size: 92.71 kB
  42. rubygem-pg-debugsource-1.0.0-2.0.1.module+el8+1399+2709a808.i686.rpm
    MD5: cdcd3a9fe72a9dd15562cdf6127936d6
    SHA-256: 819d7b02c8ce2268c4ba326e739f9712b671ec1072f71ff99ebd922967212f2e
    Size: 81.30 kB
  43. ruby-2.5.9-109.module+el8+1399+2709a808.i686.rpm
    MD5: a847473449117535689fce2872ee4dc0
    SHA-256: 23bbe63d48889de5f046edb676c69aa0e05e5a6f56cf9fbafc279b202db7392f
    Size: 85.96 kB
  44. ruby-debugsource-2.5.9-109.module+el8+1399+2709a808.i686.rpm
    MD5: 59c98e32c76e85b6b405a03447fbc2c4
    SHA-256: 1f38ff1e1711da1c12abc08a5d571818c6ef86250d906de4cf2e610df507283d
    Size: 3.67 MB
  45. ruby-devel-2.5.9-109.module+el8+1399+2709a808.i686.rpm
    MD5: d8b474e2afa5cd8134cd09cc7591c348
    SHA-256: bd211cadca0041aeda4e151dbc7c9ca1249da81d3813b06f90f38454396502ae
    Size: 125.29 kB
  46. ruby-libs-2.5.9-109.module+el8+1399+2709a808.i686.rpm
    MD5: c22993eb7a6d3cbdc515172d37c46041
    SHA-256: 23fa7d2581ae494ce05f86f878bd7c6d1d93860f5cac80925c283fccd64ea1c3
    Size: 3.03 MB
  47. rubygem-bigdecimal-1.3.4-109.module+el8+1399+2709a808.i686.rpm
    MD5: bcb5805795a8386e76dc41645d98e86c
    SHA-256: 3ee7ddd417886b4117df4f28c603edfc4e50b7262a87bda81f1c177ff79b06e5
    Size: 99.39 kB
  48. rubygem-io-console-0.4.6-109.module+el8+1399+2709a808.i686.rpm
    MD5: c5246261d75390fae3d0dbc85527e5db
    SHA-256: 87b45315d05db7674c1d88dcb6efb3c96ff9d1770a528a16a30f51f5e6d7c2ae
    Size: 66.80 kB
  49. rubygem-json-2.1.0-109.module+el8+1399+2709a808.i686.rpm
    MD5: 026138edb10ed41686626d227a4e8b74
    SHA-256: 593036e332440a8aff8277128eb6b2f801bba77967003b863fd3a3d290df8dc8
    Size: 90.97 kB
  50. rubygem-openssl-2.1.2-109.module+el8+1399+2709a808.i686.rpm
    MD5: e779c076cc39ec17b2d9bf98ab612a7e
    SHA-256: 1a48a0b27150e61834de84bbed1c8c5f45a38faa136a217b4f848914e7c4b127
    Size: 200.83 kB
  51. rubygem-psych-3.0.2-109.module+el8+1399+2709a808.i686.rpm
    MD5: e0f8dd62e7907c100cc0f4a05bbfa483
    SHA-256: e02ad03df76aac65aac48cc079ce80d1abcbba74497162248ea5925d5ec168f9
    Size: 95.70 kB