rh-ruby27-ruby-2.7.6-131.el7

エラータID: AXSA:2022-3889:01

Release date: 
Tuesday, October 11, 2022 - 13:01
Subject: 
rh-ruby27-ruby-2.7.6-131.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: rh-ruby27-ruby (2.7.6).

Security Fix(es):

* ruby: buffer overflow in CGI.escape_html (CVE-2021-41816)
* ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)
* ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)
* Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-41816
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
CVE-2021-41819
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2022-28739
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

Solution: 

Update packages.

CVEs: 
CVE-2021-41816
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
CVE-2021-41819
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2022-28739
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
Additional Info: 

N/A

Download: 

SRPMS
  1. rh-ruby27-ruby-2.7.6-131.el7.src.rpm
    MD5: 546f4e6e5b2018ece4cfe2c17d33ef85
    SHA-256: d0ddf762ec4512c78ccc4e0aa3a6c495feae6e999f525281232ae0c910bdc4d3
    Size: 40.09 MB

Asianux Server 7 for x86_64
  1. rh-ruby27-ruby-2.7.6-131.el7.x86_64.rpm
    MD5: 1e7e50886e701286f954af766814c0ff
    SHA-256: d6a5a453589a8e4cc7f76a45b8178bd4c8ea0013fc89d1e0482e3d38e6233f92
    Size: 79.38 kB
  2. rh-ruby27-ruby-devel-2.7.6-131.el7.x86_64.rpm
    MD5: 958bd8db1b2f58b8239e62455a94a753
    SHA-256: a8cc43da5bdbc7056b6ea5160c8bcbfe8a4901aec00f8261bdf470f1f422b05e
    Size: 246.68 kB
  3. rh-ruby27-ruby-doc-2.7.6-131.el7.noarch.rpm
    MD5: 6bddbe24a7ae832e01ddee9fc3f5f87a
    SHA-256: 483dcba044aae115ddd2ee696a6fef3abf9e29fe831dbd2ae1dcac1804116707
    Size: 6.78 MB
  4. rh-ruby27-rubygem-bigdecimal-2.0.0-131.el7.x86_64.rpm
    MD5: 28e3ab4dc43caa53db2c745ce58ca3d9
    SHA-256: 71ed3ec96c55b2080c1c6714279f4dee0baeeeeeb06a3814ce2ec42f633b2cc2
    Size: 90.06 kB
  5. rh-ruby27-rubygem-bundler-2.2.24-131.el7.noarch.rpm
    MD5: b9243344b7a6e1dd4903862d37148993
    SHA-256: 3f374771fd3795dbac11046701c47a6365edd59285f7ef3d94dc784872646a2e
    Size: 440.83 kB
  6. rh-ruby27-rubygem-did_you_mean-1.4.0-131.el7.noarch.rpm
    MD5: c139291503695d815900ee20ae96e1fe
    SHA-256: f8dc36759531d9348b5ab37086801eb7ab3ecd54c78aaf5fb817a82dd866f949
    Size: 61.48 kB
  7. rh-ruby27-rubygem-io-console-0.5.6-131.el7.x86_64.rpm
    MD5: 51e734a589dfb09ecee90aa2c140efec
    SHA-256: 7356bc62cf283630b2550deb5ea454335aa77ebb444d81e249ef7d00890cef7e
    Size: 62.21 kB
  8. rh-ruby27-rubygem-irb-1.2.6-131.el7.noarch.rpm
    MD5: 9c57aa6fbb85fa9f600c25e4e4cbccc7
    SHA-256: 4c66da607fb96b0b039ab74b54675a2cf8dced31070a884e580e6d3ba12ec3a3
    Size: 102.55 kB
  9. rh-ruby27-rubygem-json-2.3.0-131.el7.x86_64.rpm
    MD5: 3a43c8758b8374330e38815d6844b605
    SHA-256: c17cb1d67074aae9f43c3a4383f39c299344e32e81c7df0043fbfb7497100281
    Size: 83.37 kB
  10. rh-ruby27-rubygem-minitest-5.13.0-131.el7.noarch.rpm
    MD5: 1a223035b07ff68b9a8473dcf30c4f66
    SHA-256: 2c7241c80465001ca05ac16fbcd0692f252f10d79fd859854106d3a70585ed41
    Size: 122.77 kB
  11. rh-ruby27-rubygem-net-telnet-0.2.0-131.el7.noarch.rpm
    MD5: e024a4bbc2240be7109c378dff692d2b
    SHA-256: 3a86878fe11ee0c58301e69d654e6aa4e3425c279d3eca575d925dccbe253a52
    Size: 63.72 kB
  12. rh-ruby27-rubygem-openssl-2.1.3-131.el7.x86_64.rpm
    MD5: 71deeadac8a601fec89372ad6d586ebb
    SHA-256: d71b7028c2b01b50a6c11be15a008644d409bc6244d28f74b7fc02c5d3b62615
    Size: 180.36 kB
  13. rh-ruby27-rubygem-power_assert-1.1.7-131.el7.noarch.rpm
    MD5: fb2f14fca8c674dc9d7be1886d731b2c
    SHA-256: 67d89ea726046a939946ad7d3ee18464cc6b81feddd167461e2d0b407499c44f
    Size: 63.20 kB
  14. rh-ruby27-rubygem-psych-3.1.0-131.el7.x86_64.rpm
    MD5: a1f70995e2522d6371607adf42fc0a65
    SHA-256: d36319ad7a6e7e10cc52e2ce6b778d9520565c5e500f8362d21087c832fd2441
    Size: 88.43 kB
  15. rh-ruby27-rubygem-racc-1.4.16-131.el7.x86_64.rpm
    MD5: af9d03bd750dbc9b47bd278082fcecae
    SHA-256: 946f518a66cde83f6caa686c74a3e931c1db3bb25a2d016491ff84c5413c095c
    Size: 94.19 kB
  16. rh-ruby27-rubygem-rake-13.0.1-131.el7.noarch.rpm
    MD5: a8dac8774a035dee58d2c1be7b8c5b5a
    SHA-256: ff1491d479884bf2583d7580ce7b8acd352420d7b544cd6abea8ea88d3394ee3
    Size: 135.38 kB
  17. rh-ruby27-rubygem-rdoc-6.2.1.1-131.el7.noarch.rpm
    MD5: a53c291cf5e9b4b701c3caef2dff4e24
    SHA-256: ed6095c3432315b1e2e7e834340fa78bfb04075a24c944621bc9f9b085848093
    Size: 448.62 kB
  18. rh-ruby27-rubygems-3.1.6-131.el7.noarch.rpm
    MD5: 7fdf52ba93ea1ce0495125a1913f60f2
    SHA-256: 8e21bbd8b0bf20f60da26f6f64e44166dc592f011d9916c1f5b254f65428bea8
    Size: 314.65 kB
  19. rh-ruby27-rubygems-devel-3.1.6-131.el7.noarch.rpm
    MD5: 508e22bc9dd4df72e104c0f1ab930b6c
    SHA-256: 976d74b8146bd5380b11f0a55d261b6a37b7d3a6363600c4466df8b57571ed7f
    Size: 51.00 kB
  20. rh-ruby27-rubygem-test-unit-3.3.4-131.el7.noarch.rpm
    MD5: 328c95b666718522077889ff60df8a38
    SHA-256: 15bb2f73c119603457d0d040ba84d2a1a4392895f5bdcae01841b4f00167f6a5
    Size: 180.76 kB
  21. rh-ruby27-rubygem-xmlrpc-0.3.0-131.el7.noarch.rpm
    MD5: 388ae92feda9771a5016b714e8cc23b9
    SHA-256: b412d7dd2871d93e10fbd83bb1ccb683b67cb4cb6d2f0317f83da238334788a1
    Size: 75.27 kB
  22. rh-ruby27-ruby-libs-2.7.6-131.el7.x86_64.rpm
    MD5: b376af75ea92c26b57075817a35d0ec2
    SHA-256: c26912cd0091f1a9ad5d091ed9727117ec00d01a1391bcd968302561fdd525b9
    Size: 3.04 MB