ruby:2.7 security, bug fix, and enhancement update
エラータID: AXSA:2021-2391:01
リリース日:
2021/08/31 Tuesday - 05:40
題名:
ruby:2.7 security, bug fix, and enhancement update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Ruby にバンドルされているシンプルな HTTP サーバー WEBrick には、transfer-encoding ヘッダー値を
厳密にチェックしない問題があるため、攻撃者はこの問題を悪用し、同じくヘッダー値のチェックが
不十分なリバースプロキシーを回避し、HTTP リクエストスマグリング攻撃が発生する脆弱性があります。
(CVE-2020-25613)
- Ruby の REXML gem には XML ラウンドトリップ問題に対して適切に対処していない問題があるため、
解析やシリアライズの後に間違った ドキュメントが生成される脆弱性があります。(CVE-2021-28965)
Modularity name:ruby
Stream name: 2.7
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-25613
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
CVE-2021-28965
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
追加情報:
N/A
ダウンロード:
SRPMS
- rubygem-abrt-0.4.0-1.module+el8+1289+76896822.src.rpm
MD5: 6d46f921f5d9cf4c6bf231d108319b4c
SHA-256: 853a30eefe92548d2d4f1bcf084868c141522e42a57f26f83724e377b230dcab
Size: 16.63 kB - rubygem-bson-4.8.1-1.module+el8+1289+76896822.src.rpm
MD5: 5e11b51a2e922d68c073797ad5498313
SHA-256: 456eaff49c742036a0c2109d3643e1369c5820ed191a47f9239514921ffbd24c
Size: 130.27 kB - rubygem-mongo-2.11.3-1.module+el8+1289+76896822.src.rpm
MD5: 469ed093ca082c63c39552ddd48a4bed
SHA-256: 4c4e73b79ace7040d4eec9eb66d5b8ffa0b926e56b25e8b8d3b310c1519c32c0
Size: 648.34 kB - rubygem-mysql2-0.5.3-1.module+el8+1289+76896822.src.rpm
MD5: 5c317b42fdcdb7c0a95a234dc53c7899
SHA-256: 182a896564061db2e9c190dd812feb732756dd934662d801f1a2a2dae8901ae7
Size: 109.14 kB - rubygem-pg-1.2.3-1.module+el8+1289+76896822.src.rpm
MD5: 12a46508865fc0d1a65039430d70481f
SHA-256: e05220802fa2ddedb09adb17c18a8ca68b270b14bfd402905762cc0c1b4897e5
Size: 201.29 kB - ruby-2.7.3-136.module+el8+1289+76896822.src.rpm
MD5: 17246897fbd89bd40caaf1c0d5ca0b6d
SHA-256: bbd36a7eff60d58a5ffda0187aec5185605ba77fc45010d0323228c7313c0c0b
Size: 11.62 MB
Asianux Server 8 for x86_64
- rubygem-abrt-0.4.0-1.module+el8+1289+76896822.noarch.rpm
MD5: 0837c7ed2b8d0a886ac1e8387f2c94cd
SHA-256: 86a6ec4fa254efb8980107b730bc42992a895f63f67c9253aeadd4d149c202bf
Size: 12.55 kB - rubygem-abrt-doc-0.4.0-1.module+el8+1289+76896822.noarch.rpm
MD5: 24e548a06c03c39de8ab2628443737fe
SHA-256: 93bf8fa0d878ce06241666f3eb5bff0e1e918d9331bc9adb6e613183f035ea4c
Size: 198.15 kB - rubygem-bson-4.8.1-1.module+el8+1289+76896822.x86_64.rpm
MD5: c28458ed70fc023e796a33d175cd0b1f
SHA-256: a906fc601041ad028c38668fb1311b80278b5da1a556f191841f7f0eb39fa6c4
Size: 66.19 kB - rubygem-bson-debugsource-4.8.1-1.module+el8+1289+76896822.x86_64.rpm
MD5: 8283294d8d5c73fb699c02680fc0bbd9
SHA-256: eec61241e9cb9beb2287833f7fc1a985937e9137f3317b5e90d260ce1738d04f
Size: 24.87 kB - rubygem-bson-doc-4.8.1-1.module+el8+1289+76896822.noarch.rpm
MD5: 0bbcc033880e091389ae616b27c9b262
SHA-256: dc6939aee8177866696325b7b493003caa7fd6409e34a996739029381f516c71
Size: 421.58 kB - rubygem-mongo-2.11.3-1.module+el8+1289+76896822.noarch.rpm
MD5: 177dca3086787005132c97038e5f0947
SHA-256: c775c9f7254f9d196624f5d1446c10bc53b672f0423941e953bf6f585f2ba512
Size: 296.85 kB - rubygem-mongo-doc-2.11.3-1.module+el8+1289+76896822.noarch.rpm
MD5: cc669610ddec32fabdfd8f421c637928
SHA-256: 8e7eea1c5c446b25418b813e8e59caedbfb192485d53f8e78d5e3769bc4cc9f1
Size: 1.65 MB - rubygem-mysql2-0.5.3-1.module+el8+1289+76896822.x86_64.rpm
MD5: 88e1b3c2ccf0182d5901c2c6db516330
SHA-256: 5501c781eeeb11332aad70121c2a14821350fd08ce180f97f063b7f7d823e139
Size: 46.54 kB - rubygem-mysql2-debugsource-0.5.3-1.module+el8+1289+76896822.x86_64.rpm
MD5: 91717d22407e5e3c12909cd3bcb47675
SHA-256: 0a29a0f1fbbf2e127f3315029353e7c9e436e784ccf9e7542e72c3e91218e59e
Size: 36.71 kB - rubygem-mysql2-doc-0.5.3-1.module+el8+1289+76896822.noarch.rpm
MD5: aa697dc8bc647989766976ded4da49e0
SHA-256: 5bae0f52a44d5d4516408d525d39f665924c30945b71563a98d639dd3724bdd7
Size: 247.20 kB - rubygem-pg-1.2.3-1.module+el8+1289+76896822.x86_64.rpm
MD5: 9508292022c6fb0d332c8a6e38305999
SHA-256: b03379c5984919392818c7e09a9b4b57591afcb0c72907829573b30f9cf46713
Size: 99.88 kB - rubygem-pg-debugsource-1.2.3-1.module+el8+1289+76896822.x86_64.rpm
MD5: 6edb2e6eb135935c2eb79abeb31f90ef
SHA-256: c1e5d22b47bf05ac02bd082346ca591ded7e36e03453068f52c8a7a97ebbb09a
Size: 98.11 kB - rubygem-pg-doc-1.2.3-1.module+el8+1289+76896822.noarch.rpm
MD5: 77f68b223d1dc8934502e39bff26d348
SHA-256: 70ca0b3362d1c3ac10bad0a10fc9308bf7b3df3afb4274e2863f1b699405ca6b
Size: 525.96 kB - ruby-2.7.3-136.module+el8+1289+76896822.x86_64.rpm
MD5: 48afd1f79108b6c5938e5e64fe8645f0
SHA-256: d82c9fd58ecce219fbcb6aceceb25135ea280b028683284b3d22253dca230d2e
Size: 86.97 kB - ruby-debugsource-2.7.3-136.module+el8+1289+76896822.x86_64.rpm
MD5: 3cff94c0d72165a6c07b9334ea95710b
SHA-256: 1ae995e952585d9a78ec55216648930468772e2ed92097194443beeaa1250d7a
Size: 3.93 MB - ruby-default-gems-2.7.3-136.module+el8+1289+76896822.noarch.rpm
MD5: 3d338285fac51e5b5284459763600cd8
SHA-256: 38e04f04fcd8fab797487971b103704c44d2665a0ccd430db132d36a63d29f60
Size: 71.76 kB - ruby-devel-2.7.3-136.module+el8+1289+76896822.x86_64.rpm
MD5: dd936d81f3f46f60278257942d652495
SHA-256: 8d804ff964e6eb15d37a55e9c472ccf2a1b18488cc01f1a81dbe3758f9cbd425
Size: 260.30 kB - ruby-doc-2.7.3-136.module+el8+1289+76896822.noarch.rpm
MD5: 17a2faabda65ca54833dfb459a95e99b
SHA-256: c89b0fa886c3f3e7692991f7faefe0435222f13125797b6dae2117d9224fce25
Size: 6.43 MB - ruby-libs-2.7.3-136.module+el8+1289+76896822.x86_64.rpm
MD5: 07601723ca661735567258bd7f91c942
SHA-256: 6ac2382dc04ef1a66fa0ae850dd2f2c1e8dba63f771484310a43ddff7f2af30b
Size: 3.18 MB - rubygem-bigdecimal-2.0.0-136.module+el8+1289+76896822.x86_64.rpm
MD5: 8db53567bfc5d7aceb455765cd453e80
SHA-256: ca7a6dfa274ed39c81e165729c68e900b3777650c9b40ad599df9d20b9987c87
Size: 99.04 kB - rubygem-bundler-2.1.4-136.module+el8+1289+76896822.noarch.rpm
MD5: 128da001a748571284eabdbe6498b64c
SHA-256: fc551b8480f0ced66d96d2305b5afc941e005d39b864a240df3fe0ab52a5234f
Size: 386.28 kB - rubygem-io-console-0.5.6-136.module+el8+1289+76896822.x86_64.rpm
MD5: bc565d95d6e19dc59bcc34648bbb3569
SHA-256: ca3e1378a5c95b15582f35d290ae3a164900da6a568d766cb0d355849a414fe7
Size: 69.75 kB - rubygem-irb-1.2.6-136.module+el8+1289+76896822.noarch.rpm
MD5: 4fbe3cfb362405a92a2f7c7adec538da
SHA-256: d450ea40d32177e46495935a73c33b37dbcc3c838fc143be08194ff89c56ab9e
Size: 114.47 kB - rubygem-json-2.3.0-136.module+el8+1289+76896822.x86_64.rpm
MD5: 33ec20dac19b6e5d4ab17cd841d81d12
SHA-256: 93fb02da6a3ed367ce1f969fd15d00e7cac789dffded476424380da479db917c
Size: 91.28 kB - rubygem-minitest-5.13.0-136.module+el8+1289+76896822.noarch.rpm
MD5: f3c96d22919a97a17990400addbc787b
SHA-256: c0ffbafa8138dac324bca64502253ea5ae20eafb7c646b2fd5b6196340086ad2
Size: 128.67 kB - rubygem-net-telnet-0.2.0-136.module+el8+1289+76896822.noarch.rpm
MD5: 3b283cf091b132193e474ebba08c95fc
SHA-256: e0979f3db1b6ad984fba7a9771bb8114f965d2e8c3417d99c6e67519872c1026
Size: 69.94 kB - rubygem-openssl-2.1.2-136.module+el8+1289+76896822.x86_64.rpm
MD5: c854090334e29404aaf8f2cc6f8fc56c
SHA-256: 92c752f686197decab05d5c556ff2ebbc5f1da5199c326ca9eab3379db21e30f
Size: 194.76 kB - rubygem-power_assert-1.1.7-136.module+el8+1289+76896822.noarch.rpm
MD5: ac8ce711f495d72a39ef39510bea798f
SHA-256: 4ad0a04770487a14c3d76891411c65b082785714d87b760ecd4e5e9bef168385
Size: 69.31 kB - rubygem-psych-3.1.0-136.module+el8+1289+76896822.x86_64.rpm
MD5: f99f606845685c1b0a2ef8f8779aae9a
SHA-256: 491288a8b113cd7dfdaa4701345f2919b95aaf80b1d45e5489fb64185b009949
Size: 95.35 kB - rubygem-rake-13.0.1-136.module+el8+1289+76896822.noarch.rpm
MD5: cb0e37ca1c4d35c664572bc00f5d4958
SHA-256: ffa2861a467adaad4918209959da0f629a2702a665e5c6840bec503bf42b049a
Size: 140.97 kB - rubygem-rdoc-6.2.1-136.module+el8+1289+76896822.noarch.rpm
MD5: 34c0606dc0a8fba10c6c116847625585
SHA-256: 58dccc72c295bad62e46d23bfe0efe51228957b81e426c229df588c9f4a8fd48
Size: 452.91 kB - rubygem-test-unit-3.3.4-136.module+el8+1289+76896822.noarch.rpm
MD5: e847edef6fc27f66554c7a416b3c6fed
SHA-256: 91a85366be570f9d3e6650713dc42416113614c0a5fc9c85028d81e26f5058e9
Size: 184.90 kB - rubygem-xmlrpc-0.3.0-136.module+el8+1289+76896822.noarch.rpm
MD5: 3f69b5db24c2ef2a2d7ee669f314cca2
SHA-256: 56193002d2546236c323d64a915d18d1e08261ac729ae8057462d95dbbc273b7
Size: 81.43 kB - rubygems-3.1.6-136.module+el8+1289+76896822.noarch.rpm
MD5: a01ab51a073c929655374e52ec930307
SHA-256: f4deab50705d1f2f88dc3e33c46e99ac7e69555090107f4eea5446ce26685758
Size: 306.73 kB - rubygems-devel-3.1.6-136.module+el8+1289+76896822.noarch.rpm
MD5: ebe4a94057f1640e8595383d7423be71
SHA-256: 6711f761f4014237460f16c40d5863095c60e3689e7dd9af59954dfc2d742394
Size: 59.70 kB - ruby-2.7.3-136.module+el8+1289+76896822.i686.rpm
MD5: 8bf01615dd8197bcd7cc7b251622fff8
SHA-256: 735a19c00ac03c426d21564db3cab94b811961ec25b1a8eb711fd1bc065426a6
Size: 87.08 kB - ruby-debugsource-2.7.3-136.module+el8+1289+76896822.i686.rpm
MD5: 9d5f79855a6b4b197257ed9b03141602
SHA-256: 4b83310cf176e567469aa6d3efe499cdc64880d035740d64ca181661ee8226fe
Size: 3.93 MB - ruby-devel-2.7.3-136.module+el8+1289+76896822.i686.rpm
MD5: 7b3fb2665c6d55f89c08fd2487aae140
SHA-256: 804f1d84e61108242aa4fa60bab52826d101bbe7b541015b2ba4108bd4711f02
Size: 259.87 kB - ruby-libs-2.7.3-136.module+el8+1289+76896822.i686.rpm
MD5: 26ca4666aba5859d60236656c1e342a2
SHA-256: b550090534a95ce4da39f876eaea9a0930b9d5e6080a8524d71bf793d62a3f77
Size: 3.30 MB - rubygem-bigdecimal-2.0.0-136.module+el8+1289+76896822.i686.rpm
MD5: 8190089e3990dc1d5479acbfbdee4b77
SHA-256: 1c2dd9ffc269971b543eb1b65c44c7da2ca75bcd98aa2ee4f13bb7ca56ed18ff
Size: 102.26 kB - rubygem-io-console-0.5.6-136.module+el8+1289+76896822.i686.rpm
MD5: 8f9c1b82095d5aaf855db6e662c8e0bb
SHA-256: d125d5cec2dc93518ef9b731c4cc75ede363c2f6a3ee9850a506fb12dc53f2a3
Size: 71.39 kB - rubygem-json-2.3.0-136.module+el8+1289+76896822.i686.rpm
MD5: 9dabd5522932a52c811c8c5429873684
SHA-256: 7b8e6006088c93c533a493b49fcb192aa3268d96b3889437c5db1c759ab7666d
Size: 92.87 kB - rubygem-openssl-2.1.2-136.module+el8+1289+76896822.i686.rpm
MD5: 15f280ac7b9a19565e22e3f7ca153ebe
SHA-256: e4973de9d191544a731a25743555d1411f8b6f5c55362167003abf7abcb994a3
Size: 207.06 kB - rubygem-psych-3.1.0-136.module+el8+1289+76896822.i686.rpm
MD5: 98ea49e011128993fc4a92d47df497eb
SHA-256: 8fab47c40ab55e5ddcbcf2d78eb724c1451070f0142374fe5d3c30392c009bd1
Size: 96.67 kB