[El-errata] ELSA-2019-1235 Important: Oracle Linux 7 ruby security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed May 15 18:14:44 PDT 2019


Oracle Linux Security Advisory ELSA-2019-1235

http://linux.oracle.com/errata/ELSA-2019-1235.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
ruby-2.0.0.648-35.el7_6.x86_64.rpm
ruby-devel-2.0.0.648-35.el7_6.x86_64.rpm
ruby-doc-2.0.0.648-35.el7_6.noarch.rpm
ruby-irb-2.0.0.648-35.el7_6.noarch.rpm
ruby-libs-2.0.0.648-35.el7_6.i686.rpm
ruby-libs-2.0.0.648-35.el7_6.x86_64.rpm
ruby-tcltk-2.0.0.648-35.el7_6.x86_64.rpm
rubygem-bigdecimal-1.2.0-35.el7_6.x86_64.rpm
rubygem-io-console-0.4.2-35.el7_6.x86_64.rpm
rubygem-json-1.7.7-35.el7_6.x86_64.rpm
rubygem-minitest-4.3.2-35.el7_6.noarch.rpm
rubygem-psych-2.0.0-35.el7_6.x86_64.rpm
rubygem-rake-0.9.6-35.el7_6.noarch.rpm
rubygem-rdoc-4.0.0-35.el7_6.noarch.rpm
rubygems-2.0.14.1-35.el7_6.noarch.rpm
rubygems-devel-2.0.14.1-35.el7_6.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/ruby-2.0.0.648-35.el7_6.src.rpm



Description of changes:

[2.0.0.648-35]
- Introduce `Gem::UserInteraction#verbose` method as precondition to fix
   CVE-2019-8321.
   * rubygems-2.3.0-refactor-checking-really_verbose.patch
- Fix escape sequence injection vulnerability in verbose.
- Fix escape sequence injection vulnerability in gem owner.
- Fix escape sequence injection vulnerability in API response handling.
- Prohibit arbitrary code execution when installing a malicious gem.
- Fix escape sequence injection vulnerability in errors.
   * ruby-2.4.6-Applied-security-patches-for-RubyGems.patch
   Resolves: rhbz#1699283

[2.0.0.648-35]
- Refresh expired certificates.




More information about the El-errata mailing list