Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-7551 (GCVE-0-2015-7551)
Vulnerability from cvelistv5 – Published: 2016-03-24 01:00 – Updated: 2024-08-06 07:51
VLAI?
EPSS
Summary
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2015-12-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/ruby-dec-2015-security-fixes"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "76060",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206167"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/ruby-dec-2015-security-fixes"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "76060",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-03-21-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html"
},
{
"name": "https://support.apple.com/HT206167",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206167"
},
{
"name": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a",
"refsource": "CONFIRM",
"url": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344"
},
{
"name": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://puppet.com/security/cve/ruby-dec-2015-security-fixes",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/ruby-dec-2015-security-fixes"
},
{
"name": "RHSA-2018:0583",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "76060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7551",
"datePublished": "2016-03-24T01:00:00.000Z",
"dateReserved": "2015-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:51:28.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2015-7551",
"date": "2026-05-09",
"epss": "0.00166",
"percentile": "0.37245"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.11.3\", \"matchCriteriaId\": \"D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.0.0-p647\", \"matchCriteriaId\": \"F7B036EA-235A-41A7-9CEB-3FA9C49FFDA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85A846FF-DD34-4DD6-BD61-09124C145E97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DF046E4-503B-4A10-BEAB-3144BD86EA49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FCA45F1-3038-413A-B8C3-EE366A4E6248\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF6AF5E3-4EB8-48A3-B8E9-C79C08C38994\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AE2B154-8126-4A38-BAB6-915207764FC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"808FA8BE-71FC-4ADD-BDEA-637E8DF4E899\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"523417A8-F62B-48AF-B60B-CE9A200D4A9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAB1E0F8-F9B0-40E9-892E-C62729525CE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8F103B7-0E70-4490-9802-2CD6034E240B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35D36707-03B7-437C-B21D-A27D5C530117\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FCCD8F3-E667-42F2-9861-14EDFB16583A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F3CEF46-C95D-493B-A99B-7C90FDF27B47\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n Fiddle::Handle en ext/fiddle/handle.c en Ruby en versiones anteriores a 2.0.0-p648, 2.1 en versiones anteriores a 2.1.8 y 2.2 en versiones anteriores a 2.2.4, seg\\u00fan se distribuye en Apple OS X en versiones anteriores a 10.11.4 y otros productos, no maneja correctamente el tainting, lo que permite a atacantes dependientes del contexto ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio (ca\\u00edda de aplicaci\\u00f3n) a trav\\u00e9s de una cadena manipulada, relacionado con el m\\u00f3dulo DL y la librer\\u00eda libffi. NOTA: esta vulnerabilidad existe por una regresi\\u00f3n de CVE-2009-5147.\"}]",
"id": "CVE-2015-7551",
"lastModified": "2024-11-21T02:36:58.063",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.5, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false}]}",
"published": "2016-03-24T01:59:03.370",
"references": "[{\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/76060\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0583\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://puppet.com/security/cve/ruby-dec-2015-security-fixes\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://support.apple.com/HT206167\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/76060\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0583\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://puppet.com/security/cve/ruby-dec-2015-security-fixes\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT206167\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-7551\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-03-24T01:59:03.370\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n Fiddle::Handle en ext/fiddle/handle.c en Ruby en versiones anteriores a 2.0.0-p648, 2.1 en versiones anteriores a 2.1.8 y 2.2 en versiones anteriores a 2.2.4, seg\u00fan se distribuye en Apple OS X en versiones anteriores a 10.11.4 y otros productos, no maneja correctamente el tainting, lo que permite a atacantes dependientes del contexto ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una cadena manipulada, relacionado con el m\u00f3dulo DL y la librer\u00eda libffi. NOTA: esta vulnerabilidad existe por una regresi\u00f3n de CVE-2009-5147.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.11.3\",\"matchCriteriaId\":\"D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.0-p647\",\"matchCriteriaId\":\"F7B036EA-235A-41A7-9CEB-3FA9C49FFDA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85A846FF-DD34-4DD6-BD61-09124C145E97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DF046E4-503B-4A10-BEAB-3144BD86EA49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FCA45F1-3038-413A-B8C3-EE366A4E6248\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF6AF5E3-4EB8-48A3-B8E9-C79C08C38994\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AE2B154-8126-4A38-BAB6-915207764FC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"808FA8BE-71FC-4ADD-BDEA-637E8DF4E899\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"523417A8-F62B-48AF-B60B-CE9A200D4A9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAB1E0F8-F9B0-40E9-892E-C62729525CE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8F103B7-0E70-4490-9802-2CD6034E240B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35D36707-03B7-437C-B21D-A27D5C530117\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FCCD8F3-E667-42F2-9861-14EDFB16583A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F3CEF46-C95D-493B-A99B-7C90FDF27B47\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/76060\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0583\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://puppet.com/security/cve/ruby-dec-2015-security-fixes\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/HT206167\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/76060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0583\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://puppet.com/security/cve/ruby-dec-2015-security-fixes\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT206167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2016-AVI-106
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | OS X Mavericks versions 10.9.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | N/A | tvOS versions antérieures à 9.2 pour Apple TV (4ème génération) | ||
| Apple | N/A | OS X El Capitan 10.11.x versions antérieures à 10.11.4 | ||
| Apple | N/A | iOS versions antérieures à 9.3 pour iPhones 4s, iPod touch (5ème génération), iPad 2 et leurs modèles respectifs plus récents | ||
| Apple | N/A | watchOS versions antérieures à 2.2 | ||
| Apple | N/A | OS X Server versions antérieures à 5.1 pour OS X Yosemite versions 10.10.5 et ultérieures | ||
| Apple | N/A | Xcode versions antérieures à 7.3 pour OS X El Capitan versions 10.11 et ultérieures | ||
| Apple | N/A | OS X Yosemite versions 10.10.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | Safari | Safari versions antérieures à 9.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OS X Mavericks versions 10.9.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 9.2 pour Apple TV (4\u00e8me g\u00e9n\u00e9ration)",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X El Capitan 10.11.x versions ant\u00e9rieures \u00e0 10.11.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 9.3 pour iPhones 4s, iPod touch (5\u00e8me g\u00e9n\u00e9ration), iPad 2 et leurs mod\u00e8les respectifs plus r\u00e9cents",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Server versions ant\u00e9rieures \u00e0 5.1 pour OS X Yosemite versions 10.10.5 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 7.3 pour OS X El Capitan versions 10.11 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Yosemite versions 10.10.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 9.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1753"
},
{
"name": "CVE-2016-1781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1781"
},
{
"name": "CVE-2016-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1736"
},
{
"name": "CVE-2016-1750",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1750"
},
{
"name": "CVE-2016-1779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1779"
},
{
"name": "CVE-2016-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1748"
},
{
"name": "CVE-2016-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1766"
},
{
"name": "CVE-2016-1758",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1758"
},
{
"name": "CVE-2016-1735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1735"
},
{
"name": "CVE-2016-1763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1763"
},
{
"name": "CVE-2016-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1767"
},
{
"name": "CVE-2016-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1720"
},
{
"name": "CVE-2016-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1771"
},
{
"name": "CVE-2016-1719",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1719"
},
{
"name": "CVE-2015-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
},
{
"name": "CVE-2016-1727",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1727"
},
{
"name": "CVE-2016-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
},
{
"name": "CVE-2015-3184",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3184"
},
{
"name": "CVE-2015-1819",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1819"
},
{
"name": "CVE-2016-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0801"
},
{
"name": "CVE-2016-1950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
},
{
"name": "CVE-2016-1768",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1768"
},
{
"name": "CVE-2016-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0802"
},
{
"name": "CVE-2016-1744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1744"
},
{
"name": "CVE-2016-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1775"
},
{
"name": "CVE-2016-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1787"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1788"
},
{
"name": "CVE-2015-3187",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3187"
},
{
"name": "CVE-2016-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1786"
},
{
"name": "CVE-2016-1717",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1717"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2016-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1776"
},
{
"name": "CVE-2009-2197",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2197"
},
{
"name": "CVE-2016-1785",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1785"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1755"
},
{
"name": "CVE-2016-1733",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1733"
},
{
"name": "CVE-2016-1772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1772"
},
{
"name": "CVE-2016-1723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1723"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1754"
},
{
"name": "CVE-2016-1783",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1783"
},
{
"name": "CVE-2016-1756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1756"
},
{
"name": "CVE-2016-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1745"
},
{
"name": "CVE-2016-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1752"
},
{
"name": "CVE-2014-9495",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9495"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
},
{
"name": "CVE-2015-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5333"
},
{
"name": "CVE-2015-8126",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8126"
},
{
"name": "CVE-2016-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1725"
},
{
"name": "CVE-2016-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1761"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2016-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1740"
},
{
"name": "CVE-2016-1764",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1764"
},
{
"name": "CVE-2016-1757",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1757"
},
{
"name": "CVE-2016-1769",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1769"
},
{
"name": "CVE-2016-1743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1743"
},
{
"name": "CVE-2016-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1746"
},
{
"name": "CVE-2016-1724",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1724"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-8659",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8659"
},
{
"name": "CVE-2016-1770",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1770"
},
{
"name": "CVE-2016-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1749"
},
{
"name": "CVE-2016-1732",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1732"
},
{
"name": "CVE-2016-1773",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1773"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2016-1765",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1765"
},
{
"name": "CVE-2016-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1741"
},
{
"name": "CVE-2016-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1737"
},
{
"name": "CVE-2016-1784",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1784"
},
{
"name": "CVE-2016-1759",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1759"
},
{
"name": "CVE-2016-1778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1778"
},
{
"name": "CVE-2015-5334",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5334"
},
{
"name": "CVE-2016-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1722"
},
{
"name": "CVE-2015-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0973"
},
{
"name": "CVE-2016-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1738"
},
{
"name": "CVE-2016-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1747"
},
{
"name": "CVE-2015-7551",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
},
{
"name": "CVE-2016-1780",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1780"
},
{
"name": "CVE-2016-1774",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1774"
},
{
"name": "CVE-2016-1721",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1721"
},
{
"name": "CVE-2015-8472",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8472"
},
{
"name": "CVE-2016-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1782"
},
{
"name": "CVE-2016-1726",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1726"
},
{
"name": "CVE-2016-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1751"
},
{
"name": "CVE-2016-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
},
{
"name": "CVE-2016-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1734"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-106",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206173 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206173"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206169 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206169"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206168 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206168"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206171 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206171"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206166 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206166"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206172 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206172"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206167 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206167"
}
]
}
CERTFR-2016-AVI-106
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | OS X Mavericks versions 10.9.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | N/A | tvOS versions antérieures à 9.2 pour Apple TV (4ème génération) | ||
| Apple | N/A | OS X El Capitan 10.11.x versions antérieures à 10.11.4 | ||
| Apple | N/A | iOS versions antérieures à 9.3 pour iPhones 4s, iPod touch (5ème génération), iPad 2 et leurs modèles respectifs plus récents | ||
| Apple | N/A | watchOS versions antérieures à 2.2 | ||
| Apple | N/A | OS X Server versions antérieures à 5.1 pour OS X Yosemite versions 10.10.5 et ultérieures | ||
| Apple | N/A | Xcode versions antérieures à 7.3 pour OS X El Capitan versions 10.11 et ultérieures | ||
| Apple | N/A | OS X Yosemite versions 10.10.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | Safari | Safari versions antérieures à 9.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OS X Mavericks versions 10.9.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 9.2 pour Apple TV (4\u00e8me g\u00e9n\u00e9ration)",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X El Capitan 10.11.x versions ant\u00e9rieures \u00e0 10.11.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 9.3 pour iPhones 4s, iPod touch (5\u00e8me g\u00e9n\u00e9ration), iPad 2 et leurs mod\u00e8les respectifs plus r\u00e9cents",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Server versions ant\u00e9rieures \u00e0 5.1 pour OS X Yosemite versions 10.10.5 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 7.3 pour OS X El Capitan versions 10.11 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Yosemite versions 10.10.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 9.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1753"
},
{
"name": "CVE-2016-1781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1781"
},
{
"name": "CVE-2016-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1736"
},
{
"name": "CVE-2016-1750",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1750"
},
{
"name": "CVE-2016-1779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1779"
},
{
"name": "CVE-2016-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1748"
},
{
"name": "CVE-2016-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1766"
},
{
"name": "CVE-2016-1758",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1758"
},
{
"name": "CVE-2016-1735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1735"
},
{
"name": "CVE-2016-1763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1763"
},
{
"name": "CVE-2016-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1767"
},
{
"name": "CVE-2016-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1720"
},
{
"name": "CVE-2016-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1771"
},
{
"name": "CVE-2016-1719",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1719"
},
{
"name": "CVE-2015-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
},
{
"name": "CVE-2016-1727",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1727"
},
{
"name": "CVE-2016-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
},
{
"name": "CVE-2015-3184",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3184"
},
{
"name": "CVE-2015-1819",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1819"
},
{
"name": "CVE-2016-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0801"
},
{
"name": "CVE-2016-1950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
},
{
"name": "CVE-2016-1768",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1768"
},
{
"name": "CVE-2016-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0802"
},
{
"name": "CVE-2016-1744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1744"
},
{
"name": "CVE-2016-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1775"
},
{
"name": "CVE-2016-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1787"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1788"
},
{
"name": "CVE-2015-3187",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3187"
},
{
"name": "CVE-2016-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1786"
},
{
"name": "CVE-2016-1717",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1717"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2016-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1776"
},
{
"name": "CVE-2009-2197",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2197"
},
{
"name": "CVE-2016-1785",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1785"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1755"
},
{
"name": "CVE-2016-1733",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1733"
},
{
"name": "CVE-2016-1772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1772"
},
{
"name": "CVE-2016-1723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1723"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1754"
},
{
"name": "CVE-2016-1783",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1783"
},
{
"name": "CVE-2016-1756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1756"
},
{
"name": "CVE-2016-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1745"
},
{
"name": "CVE-2016-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1752"
},
{
"name": "CVE-2014-9495",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9495"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
},
{
"name": "CVE-2015-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5333"
},
{
"name": "CVE-2015-8126",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8126"
},
{
"name": "CVE-2016-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1725"
},
{
"name": "CVE-2016-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1761"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2016-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1740"
},
{
"name": "CVE-2016-1764",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1764"
},
{
"name": "CVE-2016-1757",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1757"
},
{
"name": "CVE-2016-1769",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1769"
},
{
"name": "CVE-2016-1743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1743"
},
{
"name": "CVE-2016-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1746"
},
{
"name": "CVE-2016-1724",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1724"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-8659",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8659"
},
{
"name": "CVE-2016-1770",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1770"
},
{
"name": "CVE-2016-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1749"
},
{
"name": "CVE-2016-1732",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1732"
},
{
"name": "CVE-2016-1773",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1773"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2016-1765",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1765"
},
{
"name": "CVE-2016-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1741"
},
{
"name": "CVE-2016-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1737"
},
{
"name": "CVE-2016-1784",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1784"
},
{
"name": "CVE-2016-1759",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1759"
},
{
"name": "CVE-2016-1778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1778"
},
{
"name": "CVE-2015-5334",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5334"
},
{
"name": "CVE-2016-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1722"
},
{
"name": "CVE-2015-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0973"
},
{
"name": "CVE-2016-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1738"
},
{
"name": "CVE-2016-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1747"
},
{
"name": "CVE-2015-7551",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
},
{
"name": "CVE-2016-1780",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1780"
},
{
"name": "CVE-2016-1774",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1774"
},
{
"name": "CVE-2016-1721",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1721"
},
{
"name": "CVE-2015-8472",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8472"
},
{
"name": "CVE-2016-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1782"
},
{
"name": "CVE-2016-1726",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1726"
},
{
"name": "CVE-2016-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1751"
},
{
"name": "CVE-2016-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
},
{
"name": "CVE-2016-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1734"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-106",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206173 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206173"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206169 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206169"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206168 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206168"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206171 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206171"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206166 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206166"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206172 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206172"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206167 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206167"
}
]
}
RHSA-2026:8838
Vulnerability from csaf_redhat - Published: 2026-04-17 23:15 - Updated: 2026-05-08 14:59Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Moderate
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
ruby4.0:
* ruby4.0-4.0.0-33.3.hum1 (aarch64, x86_64)
* ruby4.0-bundled-gems-4.0.0-33.3.hum1 (aarch64, x86_64)
* ruby4.0-default-gems-4.0.0-33.3.hum1 (noarch)
* ruby4.0-devel-4.0.0-33.3.hum1 (aarch64, x86_64)
* ruby4.0-doc-4.0.0-33.3.hum1 (noarch)
* ruby4.0-libs-4.0.0-33.3.hum1 (aarch64, x86_64)
* rubygem4.0-bigdecimal-4.0.1-33.3.hum1 (aarch64, x86_64)
* rubygem4.0-bundler-4.0.3-33.3.hum1 (noarch)
* rubygem4.0-devel-4.0.3-33.3.hum1 (noarch)
* rubygem4.0-io-console-0.8.2-33.3.hum1 (aarch64, x86_64)
* rubygem4.0-irb-1.16.0-33.3.hum1 (noarch)
* rubygem4.0-json-2.18.0-33.3.hum1 (aarch64, x86_64)
* rubygem4.0-minitest-6.0.0-33.3.hum1 (noarch)
* rubygem4.0-power_assert-3.0.1-33.3.hum1 (noarch)
* rubygem4.0-psych-5.3.1-33.3.hum1 (aarch64, x86_64)
* rubygem4.0-racc-1.8.1-33.3.hum1 (aarch64, x86_64)
* rubygem4.0-rake-13.3.1-33.3.hum1 (noarch)
* rubygem4.0-rbs-3.10.0-33.3.hum1 (aarch64, x86_64)
* rubygem4.0-rdoc-7.0.3-33.3.hum1 (noarch)
* rubygem4.0-rexml-3.4.4-33.3.hum1 (noarch)
* rubygem4.0-rss-0.3.2-33.3.hum1 (noarch)
* rubygem4.0-rubygems-4.0.3-33.3.hum1 (noarch)
* rubygem4.0-test-unit-3.7.5-33.3.hum1 (noarch)
* rubygem4.0-typeprof-0.31.1-33.3.hum1 (noarch)
* ruby4.0-4.0.0-33.3.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.
5.0 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
2.6 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
5.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.
2.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
2.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.
2.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
5.0 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
5.0 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
4.3 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.
2.6 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
4.3 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
4.3 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
2.6 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session in order to facilitate phishing attacks or spam campaigns.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Workaround
It is possible to test for presence of the NULL byte manually prior to call a Dir method with an untrusted string.
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in applications using REXML that parse XML documents, write data back to XML, and re-parse them again.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from systems not accessible from the FTP server.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read.
6.2 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service (ReDoS).
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings.
6.6 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in zlib, a Ruby interface for the zlib compression/decompression library. The Zlib::GzipReader component contains a buffer overflow vulnerability. This occurs because the zstream_buffer_ungets function does not ensure sufficient memory capacity before moving existing data, which can lead to memory corruption. An attacker could potentially exploit this to cause unexpected behavior or system instability.
5.6 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:8838
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
Acknowledgments
Apple Product Security team
Drew Yao
oCERT
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nruby4.0:\n * ruby4.0-4.0.0-33.3.hum1 (aarch64, x86_64)\n * ruby4.0-bundled-gems-4.0.0-33.3.hum1 (aarch64, x86_64)\n * ruby4.0-default-gems-4.0.0-33.3.hum1 (noarch)\n * ruby4.0-devel-4.0.0-33.3.hum1 (aarch64, x86_64)\n * ruby4.0-doc-4.0.0-33.3.hum1 (noarch)\n * ruby4.0-libs-4.0.0-33.3.hum1 (aarch64, x86_64)\n * rubygem4.0-bigdecimal-4.0.1-33.3.hum1 (aarch64, x86_64)\n * rubygem4.0-bundler-4.0.3-33.3.hum1 (noarch)\n * rubygem4.0-devel-4.0.3-33.3.hum1 (noarch)\n * rubygem4.0-io-console-0.8.2-33.3.hum1 (aarch64, x86_64)\n * rubygem4.0-irb-1.16.0-33.3.hum1 (noarch)\n * rubygem4.0-json-2.18.0-33.3.hum1 (aarch64, x86_64)\n * rubygem4.0-minitest-6.0.0-33.3.hum1 (noarch)\n * rubygem4.0-power_assert-3.0.1-33.3.hum1 (noarch)\n * rubygem4.0-psych-5.3.1-33.3.hum1 (aarch64, x86_64)\n * rubygem4.0-racc-1.8.1-33.3.hum1 (aarch64, x86_64)\n * rubygem4.0-rake-13.3.1-33.3.hum1 (noarch)\n * rubygem4.0-rbs-3.10.0-33.3.hum1 (aarch64, x86_64)\n * rubygem4.0-rdoc-7.0.3-33.3.hum1 (noarch)\n * rubygem4.0-rexml-3.4.4-33.3.hum1 (noarch)\n * rubygem4.0-rss-0.3.2-33.3.hum1 (noarch)\n * rubygem4.0-rubygems-4.0.3-33.3.hum1 (noarch)\n * rubygem4.0-test-unit-3.7.5-33.3.hum1 (noarch)\n * rubygem4.0-typeprof-0.31.1-33.3.hum1 (noarch)\n * ruby4.0-4.0.0-33.3.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:8838",
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27820",
"url": "https://access.redhat.com/security/cve/CVE-2026-27820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-3905",
"url": "https://access.redhat.com/security/cve/CVE-2008-3905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-3657",
"url": "https://access.redhat.com/security/cve/CVE-2008-3657"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-3656",
"url": "https://access.redhat.com/security/cve/CVE-2008-3656"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-3655",
"url": "https://access.redhat.com/security/cve/CVE-2008-3655"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-27282",
"url": "https://access.redhat.com/security/cve/CVE-2024-27282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-31810",
"url": "https://access.redhat.com/security/cve/CVE-2021-31810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2019-16254",
"url": "https://access.redhat.com/security/cve/CVE-2019-16254"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2018-8780",
"url": "https://access.redhat.com/security/cve/CVE-2018-8780"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2017-14064",
"url": "https://access.redhat.com/security/cve/CVE-2017-14064"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2017-10784",
"url": "https://access.redhat.com/security/cve/CVE-2017-10784"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2015-9096",
"url": "https://access.redhat.com/security/cve/CVE-2015-9096"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2014-8090",
"url": "https://access.redhat.com/security/cve/CVE-2014-8090"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2014-8080",
"url": "https://access.redhat.com/security/cve/CVE-2014-8080"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2014-6438",
"url": "https://access.redhat.com/security/cve/CVE-2014-6438"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2014-4975",
"url": "https://access.redhat.com/security/cve/CVE-2014-4975"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2013-1821",
"url": "https://access.redhat.com/security/cve/CVE-2013-1821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2012-5371",
"url": "https://access.redhat.com/security/cve/CVE-2012-5371"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-4815",
"url": "https://access.redhat.com/security/cve/CVE-2011-4815"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-1891",
"url": "https://access.redhat.com/security/cve/CVE-2008-1891"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-28756",
"url": "https://access.redhat.com/security/cve/CVE-2023-28756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-28739",
"url": "https://access.redhat.com/security/cve/CVE-2022-28739"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-41819",
"url": "https://access.redhat.com/security/cve/CVE-2021-41819"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-28965",
"url": "https://access.redhat.com/security/cve/CVE-2021-28965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2020-25613",
"url": "https://access.redhat.com/security/cve/CVE-2020-25613"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-0188",
"url": "https://access.redhat.com/security/cve/CVE-2011-0188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2662",
"url": "https://access.redhat.com/security/cve/CVE-2008-2662"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2725",
"url": "https://access.redhat.com/security/cve/CVE-2008-2725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2726",
"url": "https://access.redhat.com/security/cve/CVE-2008-2726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2663",
"url": "https://access.redhat.com/security/cve/CVE-2008-2663"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2664",
"url": "https://access.redhat.com/security/cve/CVE-2008-2664"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-3009",
"url": "https://access.redhat.com/security/cve/CVE-2011-3009"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-2686",
"url": "https://access.redhat.com/security/cve/CVE-2011-2686"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-2705",
"url": "https://access.redhat.com/security/cve/CVE-2011-2705"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2009-5147",
"url": "https://access.redhat.com/security/cve/CVE-2009-5147"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2015-7551",
"url": "https://access.redhat.com/security/cve/CVE-2015-7551"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8838.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-05-08T14:59:13+00:00",
"generator": {
"date": "2026-05-08T14:59:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2026:8838",
"initial_release_date": "2026-04-17T23:15:06+00:00",
"revision_history": [
{
"date": "2026-04-17T23:15:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-08T12:04:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-08T14:59:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4-0-main@aarch64",
"product": {
"name": "ruby4-0-main@aarch64",
"product_id": "ruby4-0-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0@4.0.0-33.3.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4-0-main@src",
"product": {
"name": "ruby4-0-main@src",
"product_id": "ruby4-0-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0@4.0.0-33.3.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4-0-main@x86_64",
"product": {
"name": "ruby4-0-main@x86_64",
"product_id": "ruby4-0-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0@4.0.0-33.3.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4-0-main@noarch",
"product": {
"name": "ruby4-0-main@noarch",
"product_id": "ruby4-0-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-default-gems@4.0.0-33.3.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4-0-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby4-0-main@aarch64"
},
"product_reference": "ruby4-0-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4-0-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby4-0-main@noarch"
},
"product_reference": "ruby4-0-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4-0-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby4-0-main@src"
},
"product_reference": "ruby4-0-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4-0-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby4-0-main@x86_64"
},
"product_reference": "ruby4-0-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1891",
"discovery_date": "2008-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "443829"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: WEBrick CGI source disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1891\n\nThe risks associated with fixing this flaw outweigh the benefits of the fix. Red Hat does not plan to fix this flaw in Red Hat Enterprise Linux.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1891"
},
{
"category": "external",
"summary": "RHBZ#443829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1891"
}
],
"release_date": "2008-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: WEBrick CGI source disclosure"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2662",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450821"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Integer overflows in rb_str_buf_append()",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2662"
},
{
"category": "external",
"summary": "RHBZ#450821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450821"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2662",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2662"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2662",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2662"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Integer overflows in rb_str_buf_append()"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2663",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450825"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Integer overflows in rb_ary_store()",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2663"
},
{
"category": "external",
"summary": "RHBZ#450825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2663"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2663",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2663"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Integer overflows in rb_ary_store()"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2664",
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450834"
}
],
"notes": [
{
"category": "description",
"text": "The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Unsafe use of alloca in rb_str_format()",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2664"
},
{
"category": "external",
"summary": "RHBZ#450834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2664",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2664"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Unsafe use of alloca in rb_str_format()"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2725",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451821"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the \"REALLOC_N\" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2725"
},
{
"category": "external",
"summary": "RHBZ#451821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451821"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2725",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2725"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2726",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451828"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the \"beg + rlen\" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2726"
},
{
"category": "external",
"summary": "RHBZ#451828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451828"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2726",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2726"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen"
},
{
"cve": "CVE-2008-3655",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458948"
}
],
"notes": [
{
"category": "description",
"text": "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: multiple insufficient safe mode restrictions",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3655"
},
{
"category": "external",
"summary": "RHBZ#458948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3655",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3655"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3655"
}
],
"release_date": "2008-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: multiple insufficient safe mode restrictions"
},
{
"cve": "CVE-2008-3656",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458953"
}
],
"notes": [
{
"category": "description",
"text": "Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: WEBrick DoS vulnerability (CPU consumption)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3656"
},
{
"category": "external",
"summary": "RHBZ#458953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458953"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3656",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3656"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3656"
}
],
"release_date": "2008-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: WEBrick DoS vulnerability (CPU consumption)"
},
{
"cve": "CVE-2008-3657",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458966"
}
],
"notes": [
{
"category": "description",
"text": "The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check \"taintness\" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: missing \"taintness\" checks in dl module",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3657"
},
{
"category": "external",
"summary": "RHBZ#458966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3657"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3657",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3657"
}
],
"release_date": "2008-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: missing \"taintness\" checks in dl module"
},
{
"cve": "CVE-2008-3905",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "461495"
}
],
"notes": [
{
"category": "description",
"text": "resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3905"
},
{
"category": "external",
"summary": "RHBZ#461495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3905"
}
],
"release_date": "2008-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module"
},
{
"cve": "CVE-2009-5147",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2015-07-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1248935"
}
],
"notes": [
{
"category": "description",
"text": "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: dlopen could open a library with tainted library name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future updates. \n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-5147"
},
{
"category": "external",
"summary": "RHBZ#1248935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-5147",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5147"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-5147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5147"
}
],
"release_date": "2009-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: dlopen could open a library with tainted library name"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2011-0188",
"discovery_date": "2011-02-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "682332"
}
],
"notes": [
{
"category": "description",
"text": "The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an \"integer truncation issue.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: memory corruption in BigDecimal on 64bit platforms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0188"
},
{
"category": "external",
"summary": "RHBZ#682332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=682332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0188",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0188"
}
],
"release_date": "2011-03-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: memory corruption in BigDecimal on 64bit platforms"
},
{
"cve": "CVE-2011-2686",
"discovery_date": "2011-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "722415"
}
],
"notes": [
{
"category": "description",
"text": "Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Properly initialize the random number generator when forking new process",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-2686"
},
{
"category": "external",
"summary": "RHBZ#722415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722415"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2686"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2686",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2686"
}
],
"release_date": "2011-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Properly initialize the random number generator when forking new process"
},
{
"cve": "CVE-2011-2705",
"discovery_date": "2011-07-07T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Properly initialize the random number generator when forking new process",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-2705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-2705",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2705"
}
],
"release_date": "2011-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Properly initialize the random number generator when forking new process"
},
{
"cve": "CVE-2011-3009",
"discovery_date": "2011-07-07T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Properly initialize the random number generator when forking new process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 4 and 5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-3009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-3009",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3009"
}
],
"release_date": "2011-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Properly initialize the random number generator when forking new process"
},
{
"acknowledgments": [
{
"names": [
"oCERT"
]
}
],
"cve": "CVE-2011-4815",
"discovery_date": "2011-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "750564"
}
],
"notes": [
{
"category": "description",
"text": "Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: hash table collisions CPU usage DoS (oCERT-2011-003)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-4815"
},
{
"category": "external",
"summary": "RHBZ#750564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750564"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-4815",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4815"
}
],
"release_date": "2011-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: hash table collisions CPU usage DoS (oCERT-2011-003)"
},
{
"cve": "CVE-2012-5371",
"discovery_date": "2012-11-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "875236"
}
],
"notes": [
{
"category": "description",
"text": "Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Not vulnerable. This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-5371"
},
{
"category": "external",
"summary": "RHBZ#875236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875236"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-5371",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5371"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5371",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5371"
}
],
"release_date": "2012-11-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)"
},
{
"cve": "CVE-2013-1821",
"discovery_date": "2013-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "914716"
}
],
"notes": [
{
"category": "description",
"text": "lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: entity expansion DoS vulnerability in REXML",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1821"
},
{
"category": "external",
"summary": "RHBZ#914716",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914716"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1821",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1821"
},
{
"category": "external",
"summary": "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/",
"url": "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/"
}
],
"release_date": "2013-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: entity expansion DoS vulnerability in REXML"
},
{
"cve": "CVE-2014-4975",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1118158"
}
],
"notes": [
{
"category": "description",
"text": "Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: off-by-one stack-based buffer overflow in the encodes() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4975"
},
{
"category": "external",
"summary": "RHBZ#1118158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4975",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4975"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4975",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4975"
}
],
"release_date": "2014-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: off-by-one stack-based buffer overflow in the encodes() function"
},
{
"cve": "CVE-2014-6438",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490845"
}
],
"notes": [
{
"category": "description",
"text": "The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Unsafe parsing of long strings via decode_www_form_component method",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6438"
},
{
"category": "external",
"summary": "RHBZ#1490845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490845"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6438",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6438"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6438",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6438"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/",
"url": "https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/"
}
],
"release_date": "2014-08-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Unsafe parsing of long strings via decode_www_form_component method"
},
{
"cve": "CVE-2014-8080",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2014-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1157709"
}
],
"notes": [
{
"category": "description",
"text": "The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: REXML billion laughs attack via parameter entity expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat JBoss SOA Platform 5 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes; and Red Hat JBoss SOA Platform 4.3 is now in Extended Life Support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware Product Life Cycle: https://access.redhat.com/support/policy/updates/jboss_notes/",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-8080"
},
{
"category": "external",
"summary": "RHBZ#1157709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1157709"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-8080",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8080"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/",
"url": "https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/"
}
],
"release_date": "2014-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: REXML billion laughs attack via parameter entity expansion"
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-8090",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2014-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1159927"
}
],
"notes": [
{
"category": "description",
"text": "The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: REXML incomplete fix for CVE-2014-8080",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat JBoss SOA Platform 5 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes; and Red Hat JBoss SOA Platform 4.3 is now in Extended Life Support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware Product Life Cycle: https://access.redhat.com/support/policy/updates/jboss_notes/",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-8090"
},
{
"category": "external",
"summary": "RHBZ#1159927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1159927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-8090",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8090"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8090",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8090"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/",
"url": "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/"
}
],
"release_date": "2014-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: REXML incomplete fix for CVE-2014-8080"
},
{
"cve": "CVE-2015-7551",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2015-07-28T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: dlopen could open a library with tainted library name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future updates. \n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7551"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7551",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7551",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7551"
}
],
"release_date": "2009-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: dlopen could open a library with tainted library name"
},
{
"cve": "CVE-2015-9096",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2017-06-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1461846"
}
],
"notes": [
{
"category": "description",
"text": "A SMTP command injection flaw was found in the way Ruby\u0027s Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session in order to facilitate phishing attacks or spam campaigns.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9096"
},
{
"category": "external",
"summary": "RHBZ#1461846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9096",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9096"
}
],
"release_date": "2017-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP"
},
{
"cve": "CVE-2017-10784",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2017-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1492012"
}
],
"notes": [
{
"category": "description",
"text": "It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6, and 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-10784"
},
{
"category": "external",
"summary": "RHBZ#1492012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492012"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10784"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/"
}
],
"release_date": "2017-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick"
},
{
"cve": "CVE-2017-14064",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2017-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1487552"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter\u0027s heap memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Arbitrary heap exposure during a JSON.generate call",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5, and 6. These versions do not include the JSON module.\n\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-14064"
},
{
"category": "external",
"summary": "RHBZ#1487552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487552"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14064"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/"
}
],
"release_date": "2017-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Arbitrary heap exposure during a JSON.generate call"
},
{
"cve": "CVE-2018-8780",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1561949"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Unintentional directory traversal by poisoned NULL byte in Dir",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nThis issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-8780"
},
{
"category": "external",
"summary": "RHBZ#1561949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8780"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/"
}
],
"release_date": "2018-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
},
{
"category": "workaround",
"details": "It is possible to test for presence of the NULL byte manually prior to call a Dir method with an untrusted string.",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Unintentional directory traversal by poisoned NULL byte in Dir"
},
{
"cve": "CVE-2019-16254",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2020-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1789556"
}
],
"notes": [
{
"category": "description",
"text": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: HTTP response splitting in WEBrick",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16254"
},
{
"category": "external",
"summary": "RHBZ#1789556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789556"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16254",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16254"
}
],
"release_date": "2019-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: HTTP response splitting in WEBrick"
},
{
"cve": "CVE-2020-25613",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-09-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1883623"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Potential HTTP request smuggling in WEBrick",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25613"
},
{
"category": "external",
"summary": "RHBZ#1883623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25613",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25613"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/",
"url": "https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/"
}
],
"release_date": "2020-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Potential HTTP request smuggling in WEBrick"
},
{
"cve": "CVE-2021-28965",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2021-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1947526"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in applications using REXML that parse XML documents, write data back to XML, and re-parse them again.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: XML round-trip vulnerability in REXML",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28965"
},
{
"category": "external",
"summary": "RHBZ#1947526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28965",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28965"
}
],
"release_date": "2021-04-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: XML round-trip vulnerability in REXML"
},
{
"cve": "CVE-2021-31810",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1980126"
}
],
"notes": [
{
"category": "description",
"text": "Ruby\u0027s Net::FTP module trusted the IP address included in the FTP server\u0027s response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from systems not accessible from the FTP server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 5.11 does not ship Ruby or RubyGem net-ftp and thus not affected by the flaw. RubyGem net-sftp (Ruby implementation of Secure File Transfer Protocol) which product ship is different library component from the affected package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31810"
},
{
"category": "external",
"summary": "RHBZ#1980126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980126"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31810",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31810"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/",
"url": "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/"
}
],
"release_date": "2021-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host"
},
{
"cve": "CVE-2021-41819",
"discovery_date": "2021-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2026757"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Cookie prefix spoofing in CGI::Cookie.parse",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41819"
},
{
"category": "external",
"summary": "RHBZ#2026757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026757"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41819",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41819"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41819",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41819"
}
],
"release_date": "2021-11-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Cookie prefix spoofing in CGI::Cookie.parse"
},
{
"cve": "CVE-2022-28739",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2075687"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Buffer overrun in String-to-Float conversion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28739"
},
{
"category": "external",
"summary": "RHBZ#2075687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28739"
},
{
"category": "external",
"summary": "http://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/",
"url": "http://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/"
}
],
"release_date": "2022-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Buffer overrun in String-to-Float conversion"
},
{
"cve": "CVE-2023-28756",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184061"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service (ReDoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: ReDoS vulnerability in Time",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28756"
},
{
"category": "external",
"summary": "RHBZ#2184061",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184061"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28756"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/",
"url": "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/"
}
],
"release_date": "2023-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: ReDoS vulnerability in Time"
},
{
"cve": "CVE-2024-27282",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-04-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2276810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Arbitrary memory address read vulnerability with Regex search",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The CVE-2024-27282 vulnerability in Ruby is classified as a Moderate severity issue due to its potential to expose arbitrary heap data relative to the start of the text through the Ruby regex compiler. While the vulnerability allows the extraction of pointers and sensitive strings from memory, its exploitation requires attacker-supplied data to be provided to the regex compiler. This means that an attacker would need to craft specific input to exploit the issue, limiting the ease of exploitation compared to vulnerabilities that might be remotely exploitable without user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27282"
},
{
"category": "external",
"summary": "RHBZ#2276810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27282"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/",
"url": "https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/"
}
],
"release_date": "2024-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Arbitrary memory address read vulnerability with Regex search"
},
{
"cve": "CVE-2026-27820",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-16T18:00:53.206650+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2459002"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in zlib, a Ruby interface for the zlib compression/decompression library. The Zlib::GzipReader component contains a buffer overflow vulnerability. This occurs because the zstream_buffer_ungets function does not ensure sufficient memory capacity before moving existing data, which can lead to memory corruption. An attacker could potentially exploit this to cause unexpected behavior or system instability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "zlib: zlib: Memory corruption via buffer overflow in Zlib::GzipReader",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A buffer overflow vulnerability exists in the Zlib::GzipReader component of the Ruby zlib interface. This flaw, caused by insufficient memory capacity during data manipulation, could lead to memory corruption and system instability. This vulnerability is considered of a Moderate severity this happens because the high complexity to exploit, additionally the attacker may have not full control over the data is being corrupted or exfiltrated.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27820"
},
{
"category": "external",
"summary": "RHBZ#2459002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27820"
},
{
"category": "external",
"summary": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w",
"url": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3467067",
"url": "https://hackerone.com/reports/3467067"
}
],
"release_date": "2026-04-16T17:27:48.944000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-17T23:15:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8838"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "zlib: zlib: Memory corruption via buffer overflow in Zlib::GzipReader"
}
]
}
RHSA-2026:7305
Vulnerability from csaf_redhat - Published: 2026-04-09 12:35 - Updated: 2026-05-08 14:59Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Moderate
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.
5.0 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
2.6 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
5.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.
2.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
2.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.
2.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
5.0 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
5.0 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
4.3 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.
2.6 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
4.3 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
4.3 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
2.6 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session in order to facilitate phishing attacks or spam campaigns.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Workaround
It is possible to test for presence of the NULL byte manually prior to call a Dir method with an untrusted string.
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in applications using REXML that parse XML documents, write data back to XML, and re-parse them again.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from systems not accessible from the FTP server.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read.
6.2 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service (ReDoS).
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings.
6.6 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in zlib, a Ruby interface for the zlib compression/decompression library. The Zlib::GzipReader component contains a buffer overflow vulnerability. This occurs because the zstream_buffer_ungets function does not ensure sufficient memory capacity before moving existing data, which can lead to memory corruption. An attacker could potentially exploit this to cause unexpected behavior or system instability.
5.6 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7305
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
Apple Product Security team
Drew Yao
oCERT
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7305",
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27820",
"url": "https://access.redhat.com/security/cve/CVE-2026-27820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-3905",
"url": "https://access.redhat.com/security/cve/CVE-2008-3905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-3657",
"url": "https://access.redhat.com/security/cve/CVE-2008-3657"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-3656",
"url": "https://access.redhat.com/security/cve/CVE-2008-3656"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-3655",
"url": "https://access.redhat.com/security/cve/CVE-2008-3655"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-27282",
"url": "https://access.redhat.com/security/cve/CVE-2024-27282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-31810",
"url": "https://access.redhat.com/security/cve/CVE-2021-31810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2019-16254",
"url": "https://access.redhat.com/security/cve/CVE-2019-16254"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2018-8780",
"url": "https://access.redhat.com/security/cve/CVE-2018-8780"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2017-14064",
"url": "https://access.redhat.com/security/cve/CVE-2017-14064"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2017-10784",
"url": "https://access.redhat.com/security/cve/CVE-2017-10784"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2015-9096",
"url": "https://access.redhat.com/security/cve/CVE-2015-9096"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2014-8090",
"url": "https://access.redhat.com/security/cve/CVE-2014-8090"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2014-8080",
"url": "https://access.redhat.com/security/cve/CVE-2014-8080"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2014-6438",
"url": "https://access.redhat.com/security/cve/CVE-2014-6438"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2014-4975",
"url": "https://access.redhat.com/security/cve/CVE-2014-4975"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2013-1821",
"url": "https://access.redhat.com/security/cve/CVE-2013-1821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2012-5371",
"url": "https://access.redhat.com/security/cve/CVE-2012-5371"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-4815",
"url": "https://access.redhat.com/security/cve/CVE-2011-4815"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-1891",
"url": "https://access.redhat.com/security/cve/CVE-2008-1891"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-28756",
"url": "https://access.redhat.com/security/cve/CVE-2023-28756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-28739",
"url": "https://access.redhat.com/security/cve/CVE-2022-28739"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-41819",
"url": "https://access.redhat.com/security/cve/CVE-2021-41819"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-28965",
"url": "https://access.redhat.com/security/cve/CVE-2021-28965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2020-25613",
"url": "https://access.redhat.com/security/cve/CVE-2020-25613"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2725",
"url": "https://access.redhat.com/security/cve/CVE-2008-2725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2663",
"url": "https://access.redhat.com/security/cve/CVE-2008-2663"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2726",
"url": "https://access.redhat.com/security/cve/CVE-2008-2726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2662",
"url": "https://access.redhat.com/security/cve/CVE-2008-2662"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-0188",
"url": "https://access.redhat.com/security/cve/CVE-2011-0188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2664",
"url": "https://access.redhat.com/security/cve/CVE-2008-2664"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-3009",
"url": "https://access.redhat.com/security/cve/CVE-2011-3009"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-2686",
"url": "https://access.redhat.com/security/cve/CVE-2011-2686"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-2705",
"url": "https://access.redhat.com/security/cve/CVE-2011-2705"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2009-5147",
"url": "https://access.redhat.com/security/cve/CVE-2009-5147"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2015-7551",
"url": "https://access.redhat.com/security/cve/CVE-2015-7551"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7305.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-05-08T14:59:12+00:00",
"generator": {
"date": "2026-05-08T14:59:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2026:7305",
"initial_release_date": "2026-04-09T12:35:20+00:00",
"revision_history": [
{
"date": "2026-04-09T12:35:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-08T12:04:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-08T14:59:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-3-main@aarch64",
"product": {
"name": "ruby3-3-main@aarch64",
"product_id": "ruby3-3-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.3@3.3.10-23.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-3-main@src",
"product": {
"name": "ruby3-3-main@src",
"product_id": "ruby3-3-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.3@3.3.10-23.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-3-main@x86_64",
"product": {
"name": "ruby3-3-main@x86_64",
"product_id": "ruby3-3-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.3@3.3.10-23.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-3-main@noarch",
"product": {
"name": "ruby3-3-main@noarch",
"product_id": "ruby3-3-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.3-default-gems@3.3.10-23.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-3-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-3-main@aarch64"
},
"product_reference": "ruby3-3-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-3-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-3-main@noarch"
},
"product_reference": "ruby3-3-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-3-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-3-main@src"
},
"product_reference": "ruby3-3-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-3-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-3-main@x86_64"
},
"product_reference": "ruby3-3-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1891",
"discovery_date": "2008-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "443829"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: WEBrick CGI source disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1891\n\nThe risks associated with fixing this flaw outweigh the benefits of the fix. Red Hat does not plan to fix this flaw in Red Hat Enterprise Linux.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1891"
},
{
"category": "external",
"summary": "RHBZ#443829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1891"
}
],
"release_date": "2008-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: WEBrick CGI source disclosure"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2662",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450821"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Integer overflows in rb_str_buf_append()",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2662"
},
{
"category": "external",
"summary": "RHBZ#450821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450821"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2662",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2662"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2662",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2662"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Integer overflows in rb_str_buf_append()"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2663",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450825"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Integer overflows in rb_ary_store()",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2663"
},
{
"category": "external",
"summary": "RHBZ#450825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2663"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2663",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2663"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Integer overflows in rb_ary_store()"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2664",
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450834"
}
],
"notes": [
{
"category": "description",
"text": "The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Unsafe use of alloca in rb_str_format()",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2664"
},
{
"category": "external",
"summary": "RHBZ#450834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2664",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2664"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Unsafe use of alloca in rb_str_format()"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2725",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451821"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the \"REALLOC_N\" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2725"
},
{
"category": "external",
"summary": "RHBZ#451821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451821"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2725",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2725"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2726",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451828"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the \"beg + rlen\" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2726"
},
{
"category": "external",
"summary": "RHBZ#451828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451828"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2726",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2726"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen"
},
{
"cve": "CVE-2008-3655",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458948"
}
],
"notes": [
{
"category": "description",
"text": "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: multiple insufficient safe mode restrictions",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3655"
},
{
"category": "external",
"summary": "RHBZ#458948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3655",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3655"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3655"
}
],
"release_date": "2008-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: multiple insufficient safe mode restrictions"
},
{
"cve": "CVE-2008-3656",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458953"
}
],
"notes": [
{
"category": "description",
"text": "Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: WEBrick DoS vulnerability (CPU consumption)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3656"
},
{
"category": "external",
"summary": "RHBZ#458953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458953"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3656",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3656"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3656"
}
],
"release_date": "2008-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: WEBrick DoS vulnerability (CPU consumption)"
},
{
"cve": "CVE-2008-3657",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458966"
}
],
"notes": [
{
"category": "description",
"text": "The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check \"taintness\" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: missing \"taintness\" checks in dl module",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3657"
},
{
"category": "external",
"summary": "RHBZ#458966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3657"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3657",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3657"
}
],
"release_date": "2008-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: missing \"taintness\" checks in dl module"
},
{
"cve": "CVE-2008-3905",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "461495"
}
],
"notes": [
{
"category": "description",
"text": "resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3905"
},
{
"category": "external",
"summary": "RHBZ#461495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3905"
}
],
"release_date": "2008-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module"
},
{
"cve": "CVE-2009-5147",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2015-07-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1248935"
}
],
"notes": [
{
"category": "description",
"text": "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: dlopen could open a library with tainted library name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future updates. \n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-5147"
},
{
"category": "external",
"summary": "RHBZ#1248935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-5147",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5147"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-5147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5147"
}
],
"release_date": "2009-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: dlopen could open a library with tainted library name"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2011-0188",
"discovery_date": "2011-02-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "682332"
}
],
"notes": [
{
"category": "description",
"text": "The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an \"integer truncation issue.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: memory corruption in BigDecimal on 64bit platforms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0188"
},
{
"category": "external",
"summary": "RHBZ#682332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=682332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0188",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0188"
}
],
"release_date": "2011-03-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: memory corruption in BigDecimal on 64bit platforms"
},
{
"cve": "CVE-2011-2686",
"discovery_date": "2011-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "722415"
}
],
"notes": [
{
"category": "description",
"text": "Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Properly initialize the random number generator when forking new process",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-2686"
},
{
"category": "external",
"summary": "RHBZ#722415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722415"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2686"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2686",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2686"
}
],
"release_date": "2011-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Properly initialize the random number generator when forking new process"
},
{
"cve": "CVE-2011-2705",
"discovery_date": "2011-07-07T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Properly initialize the random number generator when forking new process",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-2705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-2705",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2705"
}
],
"release_date": "2011-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Properly initialize the random number generator when forking new process"
},
{
"cve": "CVE-2011-3009",
"discovery_date": "2011-07-07T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Properly initialize the random number generator when forking new process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 4 and 5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-3009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-3009",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3009"
}
],
"release_date": "2011-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Properly initialize the random number generator when forking new process"
},
{
"acknowledgments": [
{
"names": [
"oCERT"
]
}
],
"cve": "CVE-2011-4815",
"discovery_date": "2011-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "750564"
}
],
"notes": [
{
"category": "description",
"text": "Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: hash table collisions CPU usage DoS (oCERT-2011-003)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-4815"
},
{
"category": "external",
"summary": "RHBZ#750564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750564"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-4815",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4815"
}
],
"release_date": "2011-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: hash table collisions CPU usage DoS (oCERT-2011-003)"
},
{
"cve": "CVE-2012-5371",
"discovery_date": "2012-11-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "875236"
}
],
"notes": [
{
"category": "description",
"text": "Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Not vulnerable. This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-5371"
},
{
"category": "external",
"summary": "RHBZ#875236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875236"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-5371",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5371"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5371",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5371"
}
],
"release_date": "2012-11-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)"
},
{
"cve": "CVE-2013-1821",
"discovery_date": "2013-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "914716"
}
],
"notes": [
{
"category": "description",
"text": "lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: entity expansion DoS vulnerability in REXML",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1821"
},
{
"category": "external",
"summary": "RHBZ#914716",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914716"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1821",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1821"
},
{
"category": "external",
"summary": "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/",
"url": "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/"
}
],
"release_date": "2013-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: entity expansion DoS vulnerability in REXML"
},
{
"cve": "CVE-2014-4975",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1118158"
}
],
"notes": [
{
"category": "description",
"text": "Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: off-by-one stack-based buffer overflow in the encodes() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4975"
},
{
"category": "external",
"summary": "RHBZ#1118158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4975",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4975"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4975",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4975"
}
],
"release_date": "2014-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: off-by-one stack-based buffer overflow in the encodes() function"
},
{
"cve": "CVE-2014-6438",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490845"
}
],
"notes": [
{
"category": "description",
"text": "The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Unsafe parsing of long strings via decode_www_form_component method",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6438"
},
{
"category": "external",
"summary": "RHBZ#1490845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490845"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6438",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6438"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6438",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6438"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/",
"url": "https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/"
}
],
"release_date": "2014-08-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Unsafe parsing of long strings via decode_www_form_component method"
},
{
"cve": "CVE-2014-8080",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2014-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1157709"
}
],
"notes": [
{
"category": "description",
"text": "The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: REXML billion laughs attack via parameter entity expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat JBoss SOA Platform 5 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes; and Red Hat JBoss SOA Platform 4.3 is now in Extended Life Support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware Product Life Cycle: https://access.redhat.com/support/policy/updates/jboss_notes/",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-8080"
},
{
"category": "external",
"summary": "RHBZ#1157709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1157709"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-8080",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8080"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/",
"url": "https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/"
}
],
"release_date": "2014-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: REXML billion laughs attack via parameter entity expansion"
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-8090",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2014-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1159927"
}
],
"notes": [
{
"category": "description",
"text": "The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: REXML incomplete fix for CVE-2014-8080",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat JBoss SOA Platform 5 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes; and Red Hat JBoss SOA Platform 4.3 is now in Extended Life Support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware Product Life Cycle: https://access.redhat.com/support/policy/updates/jboss_notes/",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-8090"
},
{
"category": "external",
"summary": "RHBZ#1159927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1159927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-8090",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8090"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8090",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8090"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/",
"url": "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/"
}
],
"release_date": "2014-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: REXML incomplete fix for CVE-2014-8080"
},
{
"cve": "CVE-2015-7551",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2015-07-28T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: dlopen could open a library with tainted library name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future updates. \n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7551"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7551",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7551",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7551"
}
],
"release_date": "2009-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: dlopen could open a library with tainted library name"
},
{
"cve": "CVE-2015-9096",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2017-06-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1461846"
}
],
"notes": [
{
"category": "description",
"text": "A SMTP command injection flaw was found in the way Ruby\u0027s Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session in order to facilitate phishing attacks or spam campaigns.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9096"
},
{
"category": "external",
"summary": "RHBZ#1461846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9096",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9096"
}
],
"release_date": "2017-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP"
},
{
"cve": "CVE-2017-10784",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2017-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1492012"
}
],
"notes": [
{
"category": "description",
"text": "It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6, and 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-10784"
},
{
"category": "external",
"summary": "RHBZ#1492012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492012"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10784"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/"
}
],
"release_date": "2017-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick"
},
{
"cve": "CVE-2017-14064",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2017-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1487552"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter\u0027s heap memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Arbitrary heap exposure during a JSON.generate call",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5, and 6. These versions do not include the JSON module.\n\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-14064"
},
{
"category": "external",
"summary": "RHBZ#1487552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487552"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14064"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/"
}
],
"release_date": "2017-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Arbitrary heap exposure during a JSON.generate call"
},
{
"cve": "CVE-2018-8780",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1561949"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Unintentional directory traversal by poisoned NULL byte in Dir",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nThis issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-8780"
},
{
"category": "external",
"summary": "RHBZ#1561949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8780"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/"
}
],
"release_date": "2018-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
},
{
"category": "workaround",
"details": "It is possible to test for presence of the NULL byte manually prior to call a Dir method with an untrusted string.",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Unintentional directory traversal by poisoned NULL byte in Dir"
},
{
"cve": "CVE-2019-16254",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2020-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1789556"
}
],
"notes": [
{
"category": "description",
"text": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: HTTP response splitting in WEBrick",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16254"
},
{
"category": "external",
"summary": "RHBZ#1789556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789556"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16254",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16254"
}
],
"release_date": "2019-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: HTTP response splitting in WEBrick"
},
{
"cve": "CVE-2020-25613",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-09-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1883623"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Potential HTTP request smuggling in WEBrick",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25613"
},
{
"category": "external",
"summary": "RHBZ#1883623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25613",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25613"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/",
"url": "https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/"
}
],
"release_date": "2020-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Potential HTTP request smuggling in WEBrick"
},
{
"cve": "CVE-2021-28965",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2021-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1947526"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in applications using REXML that parse XML documents, write data back to XML, and re-parse them again.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: XML round-trip vulnerability in REXML",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28965"
},
{
"category": "external",
"summary": "RHBZ#1947526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28965",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28965"
}
],
"release_date": "2021-04-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: XML round-trip vulnerability in REXML"
},
{
"cve": "CVE-2021-31810",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1980126"
}
],
"notes": [
{
"category": "description",
"text": "Ruby\u0027s Net::FTP module trusted the IP address included in the FTP server\u0027s response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from systems not accessible from the FTP server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 5.11 does not ship Ruby or RubyGem net-ftp and thus not affected by the flaw. RubyGem net-sftp (Ruby implementation of Secure File Transfer Protocol) which product ship is different library component from the affected package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31810"
},
{
"category": "external",
"summary": "RHBZ#1980126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980126"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31810",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31810"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/",
"url": "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/"
}
],
"release_date": "2021-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host"
},
{
"cve": "CVE-2021-41819",
"discovery_date": "2021-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2026757"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Cookie prefix spoofing in CGI::Cookie.parse",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41819"
},
{
"category": "external",
"summary": "RHBZ#2026757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026757"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41819",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41819"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41819",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41819"
}
],
"release_date": "2021-11-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Cookie prefix spoofing in CGI::Cookie.parse"
},
{
"cve": "CVE-2022-28739",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2075687"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Buffer overrun in String-to-Float conversion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28739"
},
{
"category": "external",
"summary": "RHBZ#2075687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28739"
},
{
"category": "external",
"summary": "http://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/",
"url": "http://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/"
}
],
"release_date": "2022-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Buffer overrun in String-to-Float conversion"
},
{
"cve": "CVE-2023-28756",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184061"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service (ReDoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: ReDoS vulnerability in Time",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28756"
},
{
"category": "external",
"summary": "RHBZ#2184061",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184061"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28756"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/",
"url": "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/"
}
],
"release_date": "2023-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: ReDoS vulnerability in Time"
},
{
"cve": "CVE-2024-27282",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-04-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2276810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Arbitrary memory address read vulnerability with Regex search",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The CVE-2024-27282 vulnerability in Ruby is classified as a Moderate severity issue due to its potential to expose arbitrary heap data relative to the start of the text through the Ruby regex compiler. While the vulnerability allows the extraction of pointers and sensitive strings from memory, its exploitation requires attacker-supplied data to be provided to the regex compiler. This means that an attacker would need to craft specific input to exploit the issue, limiting the ease of exploitation compared to vulnerabilities that might be remotely exploitable without user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27282"
},
{
"category": "external",
"summary": "RHBZ#2276810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27282"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/",
"url": "https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/"
}
],
"release_date": "2024-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Arbitrary memory address read vulnerability with Regex search"
},
{
"cve": "CVE-2026-27820",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-16T18:00:53.206650+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2459002"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in zlib, a Ruby interface for the zlib compression/decompression library. The Zlib::GzipReader component contains a buffer overflow vulnerability. This occurs because the zstream_buffer_ungets function does not ensure sufficient memory capacity before moving existing data, which can lead to memory corruption. An attacker could potentially exploit this to cause unexpected behavior or system instability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "zlib: zlib: Memory corruption via buffer overflow in Zlib::GzipReader",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A buffer overflow vulnerability exists in the Zlib::GzipReader component of the Ruby zlib interface. This flaw, caused by insufficient memory capacity during data manipulation, could lead to memory corruption and system instability. This vulnerability is considered of a Moderate severity this happens because the high complexity to exploit, additionally the attacker may have not full control over the data is being corrupted or exfiltrated.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27820"
},
{
"category": "external",
"summary": "RHBZ#2459002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27820"
},
{
"category": "external",
"summary": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w",
"url": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3467067",
"url": "https://hackerone.com/reports/3467067"
}
],
"release_date": "2026-04-16T17:27:48.944000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:35:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7305"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "zlib: zlib: Memory corruption via buffer overflow in Zlib::GzipReader"
}
]
}
RHSA-2018_0583
Vulnerability from csaf_redhat - Published: 2018-03-26 09:39 - Updated: 2024-11-22 11:43Summary
Red Hat Security Advisory: rh-ruby22-ruby security, bug fix, and enhancement update
Severity
Important
Notes
Topic: An update for rh-ruby22-ruby is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: rh-ruby22-ruby (2.2.9), rh-ruby22-rubygems (2.4.5.4), rh-ruby22-rubygem-psych (2.0.8.1), rh-ruby22-rubygem-json (1.8.1.1). (BZ#1549646)
Security Fix(es):
* ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405)
* ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898)
* rubygems: Arbitrary file overwrite due to incorrect validation of specification name (CVE-2017-0901)
* rubygems: DNS hijacking vulnerability (CVE-2017-0902)
* rubygems: Unsafe object deserialization through YAML formatted gem specifications (CVE-2017-0903)
* ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick (CVE-2017-10784)
* ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033)
* ruby: DL::dlopen could open a library with tainted library name (CVE-2009-5147, CVE-2015-7551)
* rubygems: Escape sequence in the "summary" field of gemspec (CVE-2017-0899)
* rubygems: No size limit in summary length of gem spec (CVE-2017-0900)
* ruby: Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064)
* ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution (CVE-2017-17790)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
2.6 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
2.6 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter.
5.6 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.
6.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
The "lazy_initialize" function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-ruby22-ruby is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nThe following packages have been upgraded to a later upstream version: rh-ruby22-ruby (2.2.9), rh-ruby22-rubygems (2.4.5.4), rh-ruby22-rubygem-psych (2.0.8.1), rh-ruby22-rubygem-json (1.8.1.1). (BZ#1549646)\n\nSecurity Fix(es):\n\n* ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405)\n\n* ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898)\n\n* rubygems: Arbitrary file overwrite due to incorrect validation of specification name (CVE-2017-0901)\n\n* rubygems: DNS hijacking vulnerability (CVE-2017-0902)\n\n* rubygems: Unsafe object deserialization through YAML formatted gem specifications (CVE-2017-0903)\n\n* ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick (CVE-2017-10784)\n\n* ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033)\n\n* ruby: DL::dlopen could open a library with tainted library name (CVE-2009-5147, CVE-2015-7551)\n\n* rubygems: Escape sequence in the \"summary\" field of gemspec (CVE-2017-0899)\n\n* rubygems: No size limit in summary length of gem spec (CVE-2017-0900)\n\n* ruby: Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064)\n\n* ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution (CVE-2017-17790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:0583",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1248935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"
},
{
"category": "external",
"summary": "1487552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487552"
},
{
"category": "external",
"summary": "1487587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487587"
},
{
"category": "external",
"summary": "1487588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487588"
},
{
"category": "external",
"summary": "1487589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487589"
},
{
"category": "external",
"summary": "1487590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487590"
},
{
"category": "external",
"summary": "1491866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491866"
},
{
"category": "external",
"summary": "1492012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492012"
},
{
"category": "external",
"summary": "1492015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492015"
},
{
"category": "external",
"summary": "1500488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500488"
},
{
"category": "external",
"summary": "1526189",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1526189"
},
{
"category": "external",
"summary": "1528218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528218"
},
{
"category": "external",
"summary": "1549646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549646"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0583.json"
}
],
"title": "Red Hat Security Advisory: rh-ruby22-ruby security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T11:43:24+00:00",
"generator": {
"date": "2024-11-22T11:43:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:0583",
"initial_release_date": "2018-03-26T09:39:32+00:00",
"revision_history": [
{
"date": "2018-03-26T09:39:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-03-26T09:39:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T11:43:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"product": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"product_id": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-debuginfo@2.2.9-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"product": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"product_id": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-psych@2.0.8.1-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"product": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"product_id": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygems@2.4.5.4-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"product": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"product_id": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-bigdecimal@1.2.6-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"product": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"product_id": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-libs@2.2.9-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"product": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"product_id": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-io-console@0.4.3-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"product": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"product_id": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-devel@2.2.9-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"product": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"product_id": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-json@1.8.1.1-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"product": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"product_id": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby@2.2.9-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"product": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"product_id": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-tcltk@2.2.9-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"product": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"product_id": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygems@2.4.5.4-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"product": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"product_id": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-io-console@0.4.3-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"product": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"product_id": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-bigdecimal@1.2.6-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"product": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"product_id": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-libs@2.2.9-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"product": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"product_id": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby@2.2.9-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"product": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"product_id": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-json@1.8.1.1-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"product": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"product_id": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-devel@2.2.9-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"product": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"product_id": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-psych@2.0.8.1-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"product": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"product_id": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-debuginfo@2.2.9-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"product": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"product_id": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-tcltk@2.2.9-19.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"product": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"product_id": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-doc@2.2.9-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"product": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"product_id": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-rdoc@4.2.0-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"product": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"product_id": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-power_assert@0.2.2-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"product": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"product_id": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-minitest@5.4.3-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"product": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"product_id": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-rake@10.4.2-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"product": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"product_id": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygems-devel@2.4.5.4-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"product": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"product_id": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-irb@2.2.9-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"product": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"product_id": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-test-unit@3.0.8-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"product": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"product_id": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-rake@10.4.2-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"product": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"product_id": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-power_assert@0.2.2-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"product": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"product_id": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-doc@2.2.9-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"product": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"product_id": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-minitest@5.4.3-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"product": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"product_id": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygems-devel@2.4.5.4-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"product": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"product_id": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-test-unit@3.0.8-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"product": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"product_id": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-rdoc@4.2.0-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"product": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"product_id": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-irb@2.2.9-19.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.src",
"product": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.src",
"product_id": "rh-ruby22-ruby-0:2.2.9-19.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby@2.2.9-19.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"product": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"product_id": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby@2.2.9-19.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el6.src",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el6.src",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-5147",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2015-07-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1248935"
}
],
"notes": [
{
"category": "description",
"text": "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: DL:: dlopen could open a library with tainted library name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future updates. \n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-5147"
},
{
"category": "external",
"summary": "RHBZ#1248935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-5147",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5147"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-5147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5147"
}
],
"release_date": "2009-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: DL:: dlopen could open a library with tainted library name"
},
{
"cve": "CVE-2015-7551",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2015-07-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1248935"
}
],
"notes": [
{
"category": "description",
"text": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: DL:: dlopen could open a library with tainted library name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future updates. \n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7551"
},
{
"category": "external",
"summary": "RHBZ#1248935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7551",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7551",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7551"
}
],
"release_date": "2009-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: DL:: dlopen could open a library with tainted library name"
},
{
"cve": "CVE-2017-0898",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2017-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1492015"
}
],
"notes": [
{
"category": "description",
"text": "A buffer underflow was found in ruby\u0027s sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Buffer underrun vulnerability in Kernel.sprintf",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-0898"
},
{
"category": "external",
"summary": "RHBZ#1492015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492015"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-0898",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0898"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/"
}
],
"release_date": "2017-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Buffer underrun vulnerability in Kernel.sprintf"
},
{
"cve": "CVE-2017-0899",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2017-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1487590"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found where rubygems did not properly sanitize gems\u0027 specification text. A specially crafted gem could interact with the terminal via the use of escape sequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygems: Escape sequence in the \"summary\" field of gemspec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-0899"
},
{
"category": "external",
"summary": "RHBZ#1487590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487590"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-0899",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0899"
},
{
"category": "external",
"summary": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html",
"url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html"
}
],
"release_date": "2017-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rubygems: Escape sequence in the \"summary\" field of gemspec"
},
{
"cve": "CVE-2017-0900",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2017-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1487588"
}
],
"notes": [
{
"category": "description",
"text": "It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygems: No size limit in summary length of gem spec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-0900"
},
{
"category": "external",
"summary": "RHBZ#1487588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-0900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0900"
},
{
"category": "external",
"summary": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html",
"url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html"
}
],
"release_date": "2017-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rubygems: No size limit in summary length of gem spec"
},
{
"cve": "CVE-2017-0901",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2017-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1487587"
}
],
"notes": [
{
"category": "description",
"text": "It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygems: Arbitrary file overwrite due to incorrect validation of specification name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-0901"
},
{
"category": "external",
"summary": "RHBZ#1487587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487587"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-0901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0901"
},
{
"category": "external",
"summary": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html",
"url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html"
}
],
"release_date": "2017-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygems: Arbitrary file overwrite due to incorrect validation of specification name"
},
{
"cve": "CVE-2017-0902",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2017-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1487589"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygems: DNS hijacking vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-0902"
},
{
"category": "external",
"summary": "RHBZ#1487589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487589"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-0902",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0902"
},
{
"category": "external",
"summary": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html",
"url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html"
}
],
"release_date": "2017-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygems: DNS hijacking vulnerability"
},
{
"cve": "CVE-2017-0903",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1500488"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygems: Unsafe object deserialization through YAML formatted gem specifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of rubygems as shipped with Red Hat Enterprise Linux 6.\n\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-0903"
},
{
"category": "external",
"summary": "RHBZ#1500488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-0903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0903"
},
{
"category": "external",
"summary": "http://blog.rubygems.org/2017/10/09/2.6.14-released.html",
"url": "http://blog.rubygems.org/2017/10/09/2.6.14-released.html"
}
],
"release_date": "2017-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygems: Unsafe object deserialization through YAML formatted gem specifications"
},
{
"cve": "CVE-2017-10784",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2017-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1492012"
}
],
"notes": [
{
"category": "description",
"text": "It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6, and 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-10784"
},
{
"category": "external",
"summary": "RHBZ#1492012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492012"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10784"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/"
}
],
"release_date": "2017-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick"
},
{
"cve": "CVE-2017-14033",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2017-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1491866"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Buffer underrun in OpenSSL ASN1 decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of rh-ruby24-ruby.\n\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-14033"
},
{
"category": "external",
"summary": "RHBZ#1491866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491866"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14033"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/"
}
],
"release_date": "2017-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Buffer underrun in OpenSSL ASN1 decode"
},
{
"cve": "CVE-2017-14064",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2017-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1487552"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter\u0027s heap memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Arbitrary heap exposure during a JSON.generate call",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5, and 6. These versions do not include the JSON module.\n\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-14064"
},
{
"category": "external",
"summary": "RHBZ#1487552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487552"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14064"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/"
}
],
"release_date": "2017-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Arbitrary heap exposure during a JSON.generate call"
},
{
"cve": "CVE-2017-17405",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1526189"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Command injection vulnerability in Net::FTP",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1 and CloudForms 5. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-17405"
},
{
"category": "external",
"summary": "RHBZ#1526189",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1526189"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17405",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17405"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/",
"url": "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/"
}
],
"release_date": "2017-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ruby: Command injection vulnerability in Net::FTP"
},
{
"cve": "CVE-2017-17790",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2017-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1528218"
}
],
"notes": [
{
"category": "description",
"text": "The \"lazy_initialize\" function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-17790"
},
{
"category": "external",
"summary": "RHBZ#1528218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528218"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-17790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17790"
}
],
"release_date": "2017-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution"
}
]
}
RHSA-2018:0583
Vulnerability from csaf_redhat - Published: 2018-03-26 09:39 - Updated: 2026-05-08 14:44Summary
Red Hat Security Advisory: rh-ruby22-ruby security, bug fix, and enhancement update
Severity
Important
Notes
Topic: An update for rh-ruby22-ruby is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: rh-ruby22-ruby (2.2.9), rh-ruby22-rubygems (2.4.5.4), rh-ruby22-rubygem-psych (2.0.8.1), rh-ruby22-rubygem-json (1.8.1.1). (BZ#1549646)
Security Fix(es):
* ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405)
* ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898)
* rubygems: Arbitrary file overwrite due to incorrect validation of specification name (CVE-2017-0901)
* rubygems: DNS hijacking vulnerability (CVE-2017-0902)
* rubygems: Unsafe object deserialization through YAML formatted gem specifications (CVE-2017-0903)
* ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick (CVE-2017-10784)
* ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033)
* ruby: DL::dlopen could open a library with tainted library name (CVE-2009-5147, CVE-2015-7551)
* rubygems: Escape sequence in the "summary" field of gemspec (CVE-2017-0899)
* rubygems: No size limit in summary length of gem spec (CVE-2017-0900)
* ruby: Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064)
* ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution (CVE-2017-17790)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
2.6 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
2.6 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter.
5.6 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.
6.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
The "lazy_initialize" function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:0583
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-ruby22-ruby is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nThe following packages have been upgraded to a later upstream version: rh-ruby22-ruby (2.2.9), rh-ruby22-rubygems (2.4.5.4), rh-ruby22-rubygem-psych (2.0.8.1), rh-ruby22-rubygem-json (1.8.1.1). (BZ#1549646)\n\nSecurity Fix(es):\n\n* ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405)\n\n* ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898)\n\n* rubygems: Arbitrary file overwrite due to incorrect validation of specification name (CVE-2017-0901)\n\n* rubygems: DNS hijacking vulnerability (CVE-2017-0902)\n\n* rubygems: Unsafe object deserialization through YAML formatted gem specifications (CVE-2017-0903)\n\n* ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick (CVE-2017-10784)\n\n* ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033)\n\n* ruby: DL::dlopen could open a library with tainted library name (CVE-2009-5147, CVE-2015-7551)\n\n* rubygems: Escape sequence in the \"summary\" field of gemspec (CVE-2017-0899)\n\n* rubygems: No size limit in summary length of gem spec (CVE-2017-0900)\n\n* ruby: Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064)\n\n* ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution (CVE-2017-17790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:0583",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1248935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"
},
{
"category": "external",
"summary": "1487552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487552"
},
{
"category": "external",
"summary": "1487587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487587"
},
{
"category": "external",
"summary": "1487588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487588"
},
{
"category": "external",
"summary": "1487589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487589"
},
{
"category": "external",
"summary": "1487590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487590"
},
{
"category": "external",
"summary": "1491866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491866"
},
{
"category": "external",
"summary": "1492012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492012"
},
{
"category": "external",
"summary": "1492015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492015"
},
{
"category": "external",
"summary": "1500488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500488"
},
{
"category": "external",
"summary": "1526189",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1526189"
},
{
"category": "external",
"summary": "1528218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528218"
},
{
"category": "external",
"summary": "1549646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549646"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0583.json"
}
],
"title": "Red Hat Security Advisory: rh-ruby22-ruby security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-05-08T14:44:58+00:00",
"generator": {
"date": "2026-05-08T14:44:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2018:0583",
"initial_release_date": "2018-03-26T09:39:32+00:00",
"revision_history": [
{
"date": "2018-03-26T09:39:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-03-26T09:39:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-08T14:44:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"product": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"product_id": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-debuginfo@2.2.9-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"product": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"product_id": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-psych@2.0.8.1-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"product": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"product_id": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygems@2.4.5.4-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"product": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"product_id": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-bigdecimal@1.2.6-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"product": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"product_id": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-libs@2.2.9-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"product": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"product_id": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-io-console@0.4.3-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"product": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"product_id": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-devel@2.2.9-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"product": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"product_id": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-json@1.8.1.1-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"product": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"product_id": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby@2.2.9-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"product": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"product_id": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-tcltk@2.2.9-19.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"product": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"product_id": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygems@2.4.5.4-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"product": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"product_id": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-io-console@0.4.3-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"product": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"product_id": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-bigdecimal@1.2.6-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"product": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"product_id": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-libs@2.2.9-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"product": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"product_id": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby@2.2.9-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"product": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"product_id": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-json@1.8.1.1-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"product": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"product_id": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-devel@2.2.9-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"product": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"product_id": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-psych@2.0.8.1-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"product": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"product_id": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-debuginfo@2.2.9-19.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"product": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"product_id": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-tcltk@2.2.9-19.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"product": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"product_id": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-doc@2.2.9-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"product": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"product_id": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-rdoc@4.2.0-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"product": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"product_id": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-power_assert@0.2.2-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"product": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"product_id": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-minitest@5.4.3-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"product": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"product_id": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-rake@10.4.2-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"product": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"product_id": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygems-devel@2.4.5.4-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"product": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"product_id": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-irb@2.2.9-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"product": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"product_id": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-test-unit@3.0.8-19.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"product": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"product_id": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-rake@10.4.2-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"product": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"product_id": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-power_assert@0.2.2-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"product": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"product_id": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-doc@2.2.9-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"product": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"product_id": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-minitest@5.4.3-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"product": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"product_id": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygems-devel@2.4.5.4-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"product": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"product_id": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-test-unit@3.0.8-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"product": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"product_id": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-rubygem-rdoc@4.2.0-19.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"product": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"product_id": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby-irb@2.2.9-19.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.src",
"product": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.src",
"product_id": "rh-ruby22-ruby-0:2.2.9-19.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby@2.2.9-19.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"product": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"product_id": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ruby22-ruby@2.2.9-19.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el6.src",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el6.src",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch"
},
"product_reference": "rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64"
},
"product_reference": "rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64"
},
"product_reference": "rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
},
"product_reference": "rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-5147",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2015-07-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1248935"
}
],
"notes": [
{
"category": "description",
"text": "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: dlopen could open a library with tainted library name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future updates. \n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-5147"
},
{
"category": "external",
"summary": "RHBZ#1248935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-5147",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5147"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-5147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5147"
}
],
"release_date": "2009-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: dlopen could open a library with tainted library name"
},
{
"cve": "CVE-2015-7551",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2015-07-28T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: dlopen could open a library with tainted library name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future updates. \n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7551"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7551",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7551",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7551"
}
],
"release_date": "2009-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: dlopen could open a library with tainted library name"
},
{
"cve": "CVE-2017-0898",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2017-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1492015"
}
],
"notes": [
{
"category": "description",
"text": "A buffer underflow was found in ruby\u0027s sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Buffer underrun vulnerability in Kernel.sprintf",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-0898"
},
{
"category": "external",
"summary": "RHBZ#1492015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492015"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-0898",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0898"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/"
}
],
"release_date": "2017-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Buffer underrun vulnerability in Kernel.sprintf"
},
{
"cve": "CVE-2017-0899",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2017-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1487590"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found where rubygems did not properly sanitize gems\u0027 specification text. A specially crafted gem could interact with the terminal via the use of escape sequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygems: Escape sequence in the \"summary\" field of gemspec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-0899"
},
{
"category": "external",
"summary": "RHBZ#1487590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487590"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-0899",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0899"
},
{
"category": "external",
"summary": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html",
"url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html"
}
],
"release_date": "2017-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rubygems: Escape sequence in the \"summary\" field of gemspec"
},
{
"cve": "CVE-2017-0900",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2017-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1487588"
}
],
"notes": [
{
"category": "description",
"text": "It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygems: No size limit in summary length of gem spec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-0900"
},
{
"category": "external",
"summary": "RHBZ#1487588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-0900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0900"
},
{
"category": "external",
"summary": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html",
"url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html"
}
],
"release_date": "2017-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rubygems: No size limit in summary length of gem spec"
},
{
"cve": "CVE-2017-0901",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2017-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1487587"
}
],
"notes": [
{
"category": "description",
"text": "It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygems: Arbitrary file overwrite due to incorrect validation of specification name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-0901"
},
{
"category": "external",
"summary": "RHBZ#1487587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487587"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-0901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0901"
},
{
"category": "external",
"summary": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html",
"url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html"
}
],
"release_date": "2017-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygems: Arbitrary file overwrite due to incorrect validation of specification name"
},
{
"cve": "CVE-2017-0902",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2017-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1487589"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygems: DNS hijacking vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-0902"
},
{
"category": "external",
"summary": "RHBZ#1487589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487589"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-0902",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0902"
},
{
"category": "external",
"summary": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html",
"url": "http://blog.rubygems.org/2017/08/27/2.6.13-released.html"
}
],
"release_date": "2017-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygems: DNS hijacking vulnerability"
},
{
"cve": "CVE-2017-0903",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1500488"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygems: Unsafe object deserialization through YAML formatted gem specifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of rubygems as shipped with Red Hat Enterprise Linux 6.\n\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-0903"
},
{
"category": "external",
"summary": "RHBZ#1500488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-0903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0903"
},
{
"category": "external",
"summary": "http://blog.rubygems.org/2017/10/09/2.6.14-released.html",
"url": "http://blog.rubygems.org/2017/10/09/2.6.14-released.html"
}
],
"release_date": "2017-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygems: Unsafe object deserialization through YAML formatted gem specifications"
},
{
"cve": "CVE-2017-10784",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2017-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1492012"
}
],
"notes": [
{
"category": "description",
"text": "It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6, and 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-10784"
},
{
"category": "external",
"summary": "RHBZ#1492012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492012"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10784"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/"
}
],
"release_date": "2017-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick"
},
{
"cve": "CVE-2017-14033",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2017-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1491866"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Buffer underrun in OpenSSL ASN1 decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of rh-ruby24-ruby.\n\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-14033"
},
{
"category": "external",
"summary": "RHBZ#1491866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491866"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14033"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/"
}
],
"release_date": "2017-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Buffer underrun in OpenSSL ASN1 decode"
},
{
"cve": "CVE-2017-14064",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2017-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1487552"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter\u0027s heap memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Arbitrary heap exposure during a JSON.generate call",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5, and 6. These versions do not include the JSON module.\n\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-14064"
},
{
"category": "external",
"summary": "RHBZ#1487552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487552"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14064"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/"
}
],
"release_date": "2017-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Arbitrary heap exposure during a JSON.generate call"
},
{
"cve": "CVE-2017-17405",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1526189"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Command injection vulnerability in Net::FTP",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1 and CloudForms 5. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-17405"
},
{
"category": "external",
"summary": "RHBZ#1526189",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1526189"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17405",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17405"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/",
"url": "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/"
}
],
"release_date": "2017-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ruby: Command injection vulnerability in Net::FTP"
},
{
"cve": "CVE-2017-17790",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2017-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1528218"
}
],
"notes": [
{
"category": "description",
"text": "The \"lazy_initialize\" function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-17790"
},
{
"category": "external",
"summary": "RHBZ#1528218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528218"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-17790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17790"
}
],
"release_date": "2017-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-26T09:39:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.src",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el6.noarch",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el6.x86_64",
"6Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el6.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Server-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Server-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.src",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-debuginfo-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-devel-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-doc-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-irb-0:2.2.9-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-libs-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-ruby-tcltk-0:2.2.9-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-bigdecimal-0:1.2.6-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-io-console-0:0.4.3-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-json-0:1.8.1.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-minitest-0:5.4.3-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-power_assert-0:0.2.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-psych-0:2.0.8.1-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rake-0:10.4.2-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-rdoc-0:4.2.0-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygem-test-unit-0:3.0.8-19.el7.noarch",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-0:2.4.5.4-19.el7.x86_64",
"7Workstation-RHSCL-3.0:rh-ruby22-rubygems-devel-0:2.4.5.4-19.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution"
}
]
}
RHSA-2026:7307
Vulnerability from csaf_redhat - Published: 2026-04-09 12:37 - Updated: 2026-05-08 14:59Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Moderate
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.
5.0 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
2.6 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
5.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.
2.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
2.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.
2.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
5.0 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
5.0 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
4.3 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.
2.6 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
4.3 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
4.3 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
2.6 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session in order to facilitate phishing attacks or spam campaigns.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Workaround
It is possible to test for presence of the NULL byte manually prior to call a Dir method with an untrusted string.
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in applications using REXML that parse XML documents, write data back to XML, and re-parse them again.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from systems not accessible from the FTP server.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read.
6.2 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service (ReDoS).
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings.
6.6 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in zlib, a Ruby interface for the zlib compression/decompression library. The Zlib::GzipReader component contains a buffer overflow vulnerability. This occurs because the zstream_buffer_ungets function does not ensure sufficient memory capacity before moving existing data, which can lead to memory corruption. An attacker could potentially exploit this to cause unexpected behavior or system instability.
5.6 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7307
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
Apple Product Security team
Drew Yao
oCERT
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7307",
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27820",
"url": "https://access.redhat.com/security/cve/CVE-2026-27820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-3905",
"url": "https://access.redhat.com/security/cve/CVE-2008-3905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-3657",
"url": "https://access.redhat.com/security/cve/CVE-2008-3657"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-3656",
"url": "https://access.redhat.com/security/cve/CVE-2008-3656"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-3655",
"url": "https://access.redhat.com/security/cve/CVE-2008-3655"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-27282",
"url": "https://access.redhat.com/security/cve/CVE-2024-27282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-31810",
"url": "https://access.redhat.com/security/cve/CVE-2021-31810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2019-16254",
"url": "https://access.redhat.com/security/cve/CVE-2019-16254"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2018-8780",
"url": "https://access.redhat.com/security/cve/CVE-2018-8780"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2017-14064",
"url": "https://access.redhat.com/security/cve/CVE-2017-14064"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2017-10784",
"url": "https://access.redhat.com/security/cve/CVE-2017-10784"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2015-9096",
"url": "https://access.redhat.com/security/cve/CVE-2015-9096"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2014-8090",
"url": "https://access.redhat.com/security/cve/CVE-2014-8090"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2014-8080",
"url": "https://access.redhat.com/security/cve/CVE-2014-8080"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2014-6438",
"url": "https://access.redhat.com/security/cve/CVE-2014-6438"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2014-4975",
"url": "https://access.redhat.com/security/cve/CVE-2014-4975"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2013-1821",
"url": "https://access.redhat.com/security/cve/CVE-2013-1821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2012-5371",
"url": "https://access.redhat.com/security/cve/CVE-2012-5371"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-4815",
"url": "https://access.redhat.com/security/cve/CVE-2011-4815"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-1891",
"url": "https://access.redhat.com/security/cve/CVE-2008-1891"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-28756",
"url": "https://access.redhat.com/security/cve/CVE-2023-28756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-28739",
"url": "https://access.redhat.com/security/cve/CVE-2022-28739"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-41819",
"url": "https://access.redhat.com/security/cve/CVE-2021-41819"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-28965",
"url": "https://access.redhat.com/security/cve/CVE-2021-28965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2020-25613",
"url": "https://access.redhat.com/security/cve/CVE-2020-25613"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2662",
"url": "https://access.redhat.com/security/cve/CVE-2008-2662"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2726",
"url": "https://access.redhat.com/security/cve/CVE-2008-2726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2663",
"url": "https://access.redhat.com/security/cve/CVE-2008-2663"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2725",
"url": "https://access.redhat.com/security/cve/CVE-2008-2725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-0188",
"url": "https://access.redhat.com/security/cve/CVE-2011-0188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2008-2664",
"url": "https://access.redhat.com/security/cve/CVE-2008-2664"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-2686",
"url": "https://access.redhat.com/security/cve/CVE-2011-2686"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-3009",
"url": "https://access.redhat.com/security/cve/CVE-2011-3009"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2011-2705",
"url": "https://access.redhat.com/security/cve/CVE-2011-2705"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2009-5147",
"url": "https://access.redhat.com/security/cve/CVE-2009-5147"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2015-7551",
"url": "https://access.redhat.com/security/cve/CVE-2015-7551"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7307.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-05-08T14:59:11+00:00",
"generator": {
"date": "2026-05-08T14:59:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2026:7307",
"initial_release_date": "2026-04-09T12:37:08+00:00",
"revision_history": [
{
"date": "2026-04-09T12:37:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-08T12:04:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-08T14:59:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-4-main@aarch64",
"product": {
"name": "ruby3-4-main@aarch64",
"product_id": "ruby3-4-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.4@3.4.8-31.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-4-main@src",
"product": {
"name": "ruby3-4-main@src",
"product_id": "ruby3-4-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.4@3.4.8-31.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-4-main@x86_64",
"product": {
"name": "ruby3-4-main@x86_64",
"product_id": "ruby3-4-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.4@3.4.8-31.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-4-main@noarch",
"product": {
"name": "ruby3-4-main@noarch",
"product_id": "ruby3-4-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.4-default-gems@3.4.8-31.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-4-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-4-main@aarch64"
},
"product_reference": "ruby3-4-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-4-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-4-main@noarch"
},
"product_reference": "ruby3-4-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-4-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-4-main@src"
},
"product_reference": "ruby3-4-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-4-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-4-main@x86_64"
},
"product_reference": "ruby3-4-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1891",
"discovery_date": "2008-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "443829"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: WEBrick CGI source disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1891\n\nThe risks associated with fixing this flaw outweigh the benefits of the fix. Red Hat does not plan to fix this flaw in Red Hat Enterprise Linux.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1891"
},
{
"category": "external",
"summary": "RHBZ#443829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1891"
}
],
"release_date": "2008-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: WEBrick CGI source disclosure"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2662",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450821"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Integer overflows in rb_str_buf_append()",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2662"
},
{
"category": "external",
"summary": "RHBZ#450821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450821"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2662",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2662"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2662",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2662"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Integer overflows in rb_str_buf_append()"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2663",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450825"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Integer overflows in rb_ary_store()",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2663"
},
{
"category": "external",
"summary": "RHBZ#450825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2663"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2663",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2663"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Integer overflows in rb_ary_store()"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2664",
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450834"
}
],
"notes": [
{
"category": "description",
"text": "The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Unsafe use of alloca in rb_str_format()",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2664"
},
{
"category": "external",
"summary": "RHBZ#450834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2664",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2664"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Unsafe use of alloca in rb_str_format()"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2725",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451821"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the \"REALLOC_N\" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2725"
},
{
"category": "external",
"summary": "RHBZ#451821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451821"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2725",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2725"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2008-2726",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2008-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451828"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the \"beg + rlen\" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2726"
},
{
"category": "external",
"summary": "RHBZ#451828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451828"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2726",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2726"
}
],
"release_date": "2008-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen"
},
{
"cve": "CVE-2008-3655",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458948"
}
],
"notes": [
{
"category": "description",
"text": "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: multiple insufficient safe mode restrictions",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3655"
},
{
"category": "external",
"summary": "RHBZ#458948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3655",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3655"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3655"
}
],
"release_date": "2008-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: multiple insufficient safe mode restrictions"
},
{
"cve": "CVE-2008-3656",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458953"
}
],
"notes": [
{
"category": "description",
"text": "Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: WEBrick DoS vulnerability (CPU consumption)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3656"
},
{
"category": "external",
"summary": "RHBZ#458953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458953"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3656",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3656"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3656"
}
],
"release_date": "2008-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: WEBrick DoS vulnerability (CPU consumption)"
},
{
"cve": "CVE-2008-3657",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458966"
}
],
"notes": [
{
"category": "description",
"text": "The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check \"taintness\" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: missing \"taintness\" checks in dl module",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3657"
},
{
"category": "external",
"summary": "RHBZ#458966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3657"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3657",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3657"
}
],
"release_date": "2008-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: missing \"taintness\" checks in dl module"
},
{
"cve": "CVE-2008-3905",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "461495"
}
],
"notes": [
{
"category": "description",
"text": "resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3905"
},
{
"category": "external",
"summary": "RHBZ#461495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3905"
}
],
"release_date": "2008-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module"
},
{
"cve": "CVE-2009-5147",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2015-07-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1248935"
}
],
"notes": [
{
"category": "description",
"text": "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: dlopen could open a library with tainted library name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future updates. \n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-5147"
},
{
"category": "external",
"summary": "RHBZ#1248935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-5147",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5147"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-5147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5147"
}
],
"release_date": "2009-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: dlopen could open a library with tainted library name"
},
{
"acknowledgments": [
{
"names": [
"Drew Yao"
],
"organization": "Apple Product Security team"
}
],
"cve": "CVE-2011-0188",
"discovery_date": "2011-02-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "682332"
}
],
"notes": [
{
"category": "description",
"text": "The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an \"integer truncation issue.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: memory corruption in BigDecimal on 64bit platforms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0188"
},
{
"category": "external",
"summary": "RHBZ#682332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=682332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0188",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0188"
}
],
"release_date": "2011-03-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: memory corruption in BigDecimal on 64bit platforms"
},
{
"cve": "CVE-2011-2686",
"discovery_date": "2011-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "722415"
}
],
"notes": [
{
"category": "description",
"text": "Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Properly initialize the random number generator when forking new process",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-2686"
},
{
"category": "external",
"summary": "RHBZ#722415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722415"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2686"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2686",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2686"
}
],
"release_date": "2011-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Properly initialize the random number generator when forking new process"
},
{
"cve": "CVE-2011-2705",
"discovery_date": "2011-07-07T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Properly initialize the random number generator when forking new process",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-2705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-2705",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2705"
}
],
"release_date": "2011-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Properly initialize the random number generator when forking new process"
},
{
"cve": "CVE-2011-3009",
"discovery_date": "2011-07-07T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Properly initialize the random number generator when forking new process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 4 and 5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-3009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-3009",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3009"
}
],
"release_date": "2011-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Properly initialize the random number generator when forking new process"
},
{
"acknowledgments": [
{
"names": [
"oCERT"
]
}
],
"cve": "CVE-2011-4815",
"discovery_date": "2011-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "750564"
}
],
"notes": [
{
"category": "description",
"text": "Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: hash table collisions CPU usage DoS (oCERT-2011-003)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-4815"
},
{
"category": "external",
"summary": "RHBZ#750564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750564"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-4815",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4815"
}
],
"release_date": "2011-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: hash table collisions CPU usage DoS (oCERT-2011-003)"
},
{
"cve": "CVE-2012-5371",
"discovery_date": "2012-11-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "875236"
}
],
"notes": [
{
"category": "description",
"text": "Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Not vulnerable. This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-5371"
},
{
"category": "external",
"summary": "RHBZ#875236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875236"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-5371",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5371"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5371",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5371"
}
],
"release_date": "2012-11-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)"
},
{
"cve": "CVE-2013-1821",
"discovery_date": "2013-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "914716"
}
],
"notes": [
{
"category": "description",
"text": "lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: entity expansion DoS vulnerability in REXML",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1821"
},
{
"category": "external",
"summary": "RHBZ#914716",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914716"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1821",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1821"
},
{
"category": "external",
"summary": "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/",
"url": "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/"
}
],
"release_date": "2013-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: entity expansion DoS vulnerability in REXML"
},
{
"cve": "CVE-2014-4975",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2014-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1118158"
}
],
"notes": [
{
"category": "description",
"text": "Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: off-by-one stack-based buffer overflow in the encodes() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4975"
},
{
"category": "external",
"summary": "RHBZ#1118158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4975",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4975"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4975",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4975"
}
],
"release_date": "2014-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: off-by-one stack-based buffer overflow in the encodes() function"
},
{
"cve": "CVE-2014-6438",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490845"
}
],
"notes": [
{
"category": "description",
"text": "The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Unsafe parsing of long strings via decode_www_form_component method",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-6438"
},
{
"category": "external",
"summary": "RHBZ#1490845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490845"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-6438",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6438"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6438",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6438"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/",
"url": "https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/"
}
],
"release_date": "2014-08-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Unsafe parsing of long strings via decode_www_form_component method"
},
{
"cve": "CVE-2014-8080",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2014-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1157709"
}
],
"notes": [
{
"category": "description",
"text": "The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: REXML billion laughs attack via parameter entity expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat JBoss SOA Platform 5 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes; and Red Hat JBoss SOA Platform 4.3 is now in Extended Life Support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware Product Life Cycle: https://access.redhat.com/support/policy/updates/jboss_notes/",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-8080"
},
{
"category": "external",
"summary": "RHBZ#1157709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1157709"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-8080",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8080"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/",
"url": "https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/"
}
],
"release_date": "2014-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: REXML billion laughs attack via parameter entity expansion"
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-8090",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2014-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1159927"
}
],
"notes": [
{
"category": "description",
"text": "The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: REXML incomplete fix for CVE-2014-8080",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat JBoss SOA Platform 5 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes; and Red Hat JBoss SOA Platform 4.3 is now in Extended Life Support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware Product Life Cycle: https://access.redhat.com/support/policy/updates/jboss_notes/",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-8090"
},
{
"category": "external",
"summary": "RHBZ#1159927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1159927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-8090",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8090"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8090",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8090"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/",
"url": "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/"
}
],
"release_date": "2014-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: REXML incomplete fix for CVE-2014-8080"
},
{
"cve": "CVE-2015-7551",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2015-07-28T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: dlopen could open a library with tainted library name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future updates. \n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7551"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7551",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7551",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7551"
}
],
"release_date": "2009-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: dlopen could open a library with tainted library name"
},
{
"cve": "CVE-2015-9096",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2017-06-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1461846"
}
],
"notes": [
{
"category": "description",
"text": "A SMTP command injection flaw was found in the way Ruby\u0027s Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session in order to facilitate phishing attacks or spam campaigns.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9096"
},
{
"category": "external",
"summary": "RHBZ#1461846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9096",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9096"
}
],
"release_date": "2017-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP"
},
{
"cve": "CVE-2017-10784",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2017-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1492012"
}
],
"notes": [
{
"category": "description",
"text": "It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6, and 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-10784"
},
{
"category": "external",
"summary": "RHBZ#1492012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492012"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10784"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/"
}
],
"release_date": "2017-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick"
},
{
"cve": "CVE-2017-14064",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2017-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1487552"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter\u0027s heap memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Arbitrary heap exposure during a JSON.generate call",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5, and 6. These versions do not include the JSON module.\n\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-14064"
},
{
"category": "external",
"summary": "RHBZ#1487552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487552"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14064"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/"
}
],
"release_date": "2017-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: Arbitrary heap exposure during a JSON.generate call"
},
{
"cve": "CVE-2018-8780",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2018-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1561949"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Unintentional directory traversal by poisoned NULL byte in Dir",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of ruby as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nThis issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-8780"
},
{
"category": "external",
"summary": "RHBZ#1561949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8780"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/"
}
],
"release_date": "2018-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
},
{
"category": "workaround",
"details": "It is possible to test for presence of the NULL byte manually prior to call a Dir method with an untrusted string.",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Unintentional directory traversal by poisoned NULL byte in Dir"
},
{
"cve": "CVE-2019-16254",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2020-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1789556"
}
],
"notes": [
{
"category": "description",
"text": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: HTTP response splitting in WEBrick",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16254"
},
{
"category": "external",
"summary": "RHBZ#1789556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789556"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16254",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16254"
}
],
"release_date": "2019-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ruby: HTTP response splitting in WEBrick"
},
{
"cve": "CVE-2020-25613",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-09-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1883623"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Potential HTTP request smuggling in WEBrick",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25613"
},
{
"category": "external",
"summary": "RHBZ#1883623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25613",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25613"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/",
"url": "https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/"
}
],
"release_date": "2020-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Potential HTTP request smuggling in WEBrick"
},
{
"cve": "CVE-2021-28965",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2021-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1947526"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in applications using REXML that parse XML documents, write data back to XML, and re-parse them again.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: XML round-trip vulnerability in REXML",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28965"
},
{
"category": "external",
"summary": "RHBZ#1947526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28965",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28965"
}
],
"release_date": "2021-04-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: XML round-trip vulnerability in REXML"
},
{
"cve": "CVE-2021-31810",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1980126"
}
],
"notes": [
{
"category": "description",
"text": "Ruby\u0027s Net::FTP module trusted the IP address included in the FTP server\u0027s response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from systems not accessible from the FTP server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 5.11 does not ship Ruby or RubyGem net-ftp and thus not affected by the flaw. RubyGem net-sftp (Ruby implementation of Secure File Transfer Protocol) which product ship is different library component from the affected package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31810"
},
{
"category": "external",
"summary": "RHBZ#1980126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980126"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31810",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31810"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/",
"url": "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/"
}
],
"release_date": "2021-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host"
},
{
"cve": "CVE-2021-41819",
"discovery_date": "2021-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2026757"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Cookie prefix spoofing in CGI::Cookie.parse",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41819"
},
{
"category": "external",
"summary": "RHBZ#2026757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026757"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41819",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41819"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41819",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41819"
}
],
"release_date": "2021-11-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Cookie prefix spoofing in CGI::Cookie.parse"
},
{
"cve": "CVE-2022-28739",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2075687"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Buffer overrun in String-to-Float conversion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28739"
},
{
"category": "external",
"summary": "RHBZ#2075687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28739"
},
{
"category": "external",
"summary": "http://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/",
"url": "http://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/"
}
],
"release_date": "2022-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Buffer overrun in String-to-Float conversion"
},
{
"cve": "CVE-2023-28756",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184061"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service (ReDoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: ReDoS vulnerability in Time",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28756"
},
{
"category": "external",
"summary": "RHBZ#2184061",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184061"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28756"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/",
"url": "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/"
}
],
"release_date": "2023-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: ReDoS vulnerability in Time"
},
{
"cve": "CVE-2024-27282",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-04-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2276810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: Arbitrary memory address read vulnerability with Regex search",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The CVE-2024-27282 vulnerability in Ruby is classified as a Moderate severity issue due to its potential to expose arbitrary heap data relative to the start of the text through the Ruby regex compiler. While the vulnerability allows the extraction of pointers and sensitive strings from memory, its exploitation requires attacker-supplied data to be provided to the regex compiler. This means that an attacker would need to craft specific input to exploit the issue, limiting the ease of exploitation compared to vulnerabilities that might be remotely exploitable without user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27282"
},
{
"category": "external",
"summary": "RHBZ#2276810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27282"
},
{
"category": "external",
"summary": "https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/",
"url": "https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/"
}
],
"release_date": "2024-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: Arbitrary memory address read vulnerability with Regex search"
},
{
"cve": "CVE-2026-27820",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-16T18:00:53.206650+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2459002"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in zlib, a Ruby interface for the zlib compression/decompression library. The Zlib::GzipReader component contains a buffer overflow vulnerability. This occurs because the zstream_buffer_ungets function does not ensure sufficient memory capacity before moving existing data, which can lead to memory corruption. An attacker could potentially exploit this to cause unexpected behavior or system instability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "zlib: zlib: Memory corruption via buffer overflow in Zlib::GzipReader",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A buffer overflow vulnerability exists in the Zlib::GzipReader component of the Ruby zlib interface. This flaw, caused by insufficient memory capacity during data manipulation, could lead to memory corruption and system instability. This vulnerability is considered of a Moderate severity this happens because the high complexity to exploit, additionally the attacker may have not full control over the data is being corrupted or exfiltrated.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27820"
},
{
"category": "external",
"summary": "RHBZ#2459002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27820"
},
{
"category": "external",
"summary": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w",
"url": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3467067",
"url": "https://hackerone.com/reports/3467067"
}
],
"release_date": "2026-04-16T17:27:48.944000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T12:37:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7307"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-4-main@aarch64",
"Red Hat Hardened Images:ruby3-4-main@noarch",
"Red Hat Hardened Images:ruby3-4-main@src",
"Red Hat Hardened Images:ruby3-4-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "zlib: zlib: Memory corruption via buffer overflow in Zlib::GzipReader"
}
]
}
FKIE_CVE-2015-7551
Vulnerability from fkie_nvd - Published: 2016-03-24 01:59 - Updated: 2026-05-06 22:30
Severity ?
Summary
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344 | ||
| secalert@redhat.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551 | ||
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | ||
| secalert@redhat.com | http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/76060 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:0583 | ||
| secalert@redhat.com | https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a | ||
| secalert@redhat.com | https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html | ||
| secalert@redhat.com | https://puppet.com/security/cve/ruby-dec-2015-security-fixes | ||
| secalert@redhat.com | https://support.apple.com/HT206167 | Vendor Advisory | |
| secalert@redhat.com | https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/76060 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:0583 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://puppet.com/security/cve/ruby-dec-2015-security-fixes | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT206167 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.1.0 | |
| ruby-lang | ruby | 2.1.1 | |
| ruby-lang | ruby | 2.1.2 | |
| ruby-lang | ruby | 2.1.3 | |
| ruby-lang | ruby | 2.1.4 | |
| ruby-lang | ruby | 2.1.5 | |
| ruby-lang | ruby | 2.1.6 | |
| ruby-lang | ruby | 2.1.7 | |
| ruby-lang | ruby | 2.2.0 | |
| ruby-lang | ruby | 2.2.1 | |
| ruby-lang | ruby | 2.2.2 | |
| ruby-lang | ruby | 2.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82",
"versionEndIncluding": "10.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B036EA-235A-41A7-9CEB-3FA9C49FFDA8",
"versionEndIncluding": "2.0.0-p647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85A846FF-DD34-4DD6-BD61-09124C145E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF046E4-503B-4A10-BEAB-3144BD86EA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCA45F1-3038-413A-B8C3-EE366A4E6248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6AF5E3-4EB8-48A3-B8E9-C79C08C38994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE2B154-8126-4A38-BAB6-915207764FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "808FA8BE-71FC-4ADD-BDEA-637E8DF4E899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "523417A8-F62B-48AF-B60B-CE9A200D4A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB1E0F8-F9B0-40E9-892E-C62729525CE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F103B7-0E70-4490-9802-2CD6034E240B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35D36707-03B7-437C-B21D-A27D5C530117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCCD8F3-E667-42F2-9861-14EDFB16583A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3CEF46-C95D-493B-A99B-7C90FDF27B47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression."
},
{
"lang": "es",
"value": "La implementaci\u00f3n Fiddle::Handle en ext/fiddle/handle.c en Ruby en versiones anteriores a 2.0.0-p648, 2.1 en versiones anteriores a 2.1.8 y 2.2 en versiones anteriores a 2.2.4, seg\u00fan se distribuye en Apple OS X en versiones anteriores a 10.11.4 y otros productos, no maneja correctamente el tainting, lo que permite a atacantes dependientes del contexto ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una cadena manipulada, relacionado con el m\u00f3dulo DL y la librer\u00eda libffi. NOTA: esta vulnerabilidad existe por una regresi\u00f3n de CVE-2009-5147."
}
],
"id": "CVE-2015-7551",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-24T01:59:03.370",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344"
},
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/76060"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a"
},
{
"source": "secalert@redhat.com",
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html"
},
{
"source": "secalert@redhat.com",
"url": "https://puppet.com/security/cve/ruby-dec-2015-security-fixes"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://puppet.com/security/cve/ruby-dec-2015-security-fixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
SUSE-SU-2017:1067-1
Vulnerability from csaf_suse - Published: 2017-04-20 06:35 - Updated: 2017-04-20 06:35Summary
Security update for ruby2.1
Severity
Important
Notes
Title of the patch: Security update for ruby2.1
Description of the patch:
This ruby2.1 update to version 2.1.9 fixes the following issues:
Security issues fixed:
- CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' (bsc#1018808)
- CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495)
- CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032)
- CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of
hostnames (bsc#926974)
- CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877)
Bugfixes:
- SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863)
- Segmentation fault after pack & ioctl & unpack (bsc#909695)
- Ruby:HTTP Header injection in 'net/http' (bsc#986630)
ChangeLog:
- http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog
Patchnames: SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-624,SUSE-SLE-DESKTOP-12-SP1-2017-624,SUSE-SLE-DESKTOP-12-SP2-2017-624,SUSE-SLE-RPI-12-SP2-2017-624,SUSE-SLE-SDK-12-SP1-2017-624,SUSE-SLE-SDK-12-SP2-2017-624,SUSE-SLE-SERVER-12-SP1-2017-624,SUSE-SLE-SERVER-12-SP2-2017-624
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ruby2.1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis ruby2.1 update to version 2.1.9 fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new\u0027initialize\u0027 (bsc#1018808)\n- CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495)\n- CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032)\n- CVE-2015-1855: Ruby\u0027a OpenSSL extension suffers a vulnerability through overly permissive matching of\n hostnames (bsc#926974)\n- CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877)\n\nBugfixes:\n- SUSEconnect doesn\u0027t handle domain wildcards in no_proxy environment variable properly (bsc#1014863)\n- Segmentation fault after pack \u0026 ioctl \u0026 unpack (bsc#909695)\n- Ruby:HTTP Header injection in \u0027net/http\u0027 (bsc#986630)\n\nChangeLog:\n- http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-624,SUSE-SLE-DESKTOP-12-SP1-2017-624,SUSE-SLE-DESKTOP-12-SP2-2017-624,SUSE-SLE-RPI-12-SP2-2017-624,SUSE-SLE-SDK-12-SP1-2017-624,SUSE-SLE-SDK-12-SP2-2017-624,SUSE-SLE-SERVER-12-SP1-2017-624,SUSE-SLE-SERVER-12-SP2-2017-624",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1067-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:1067-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171067-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:1067-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-April/002820.html"
},
{
"category": "self",
"summary": "SUSE Bug 1014863",
"url": "https://bugzilla.suse.com/1014863"
},
{
"category": "self",
"summary": "SUSE Bug 1018808",
"url": "https://bugzilla.suse.com/1018808"
},
{
"category": "self",
"summary": "SUSE Bug 887877",
"url": "https://bugzilla.suse.com/887877"
},
{
"category": "self",
"summary": "SUSE Bug 909695",
"url": "https://bugzilla.suse.com/909695"
},
{
"category": "self",
"summary": "SUSE Bug 926974",
"url": "https://bugzilla.suse.com/926974"
},
{
"category": "self",
"summary": "SUSE Bug 936032",
"url": "https://bugzilla.suse.com/936032"
},
{
"category": "self",
"summary": "SUSE Bug 959495",
"url": "https://bugzilla.suse.com/959495"
},
{
"category": "self",
"summary": "SUSE Bug 986630",
"url": "https://bugzilla.suse.com/986630"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4975 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-1855 page",
"url": "https://www.suse.com/security/cve/CVE-2015-1855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3900 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7551 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7551/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2339 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2339/"
}
],
"title": "Security update for ruby2.1",
"tracking": {
"current_release_date": "2017-04-20T06:35:59Z",
"generator": {
"date": "2017-04-20T06:35:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:1067-1",
"initial_release_date": "2017-04-20T06:35:59Z",
"revision_history": [
{
"date": "2017-04-20T06:35:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libruby2_1-2_1-2.1.9-15.1.aarch64",
"product": {
"name": "libruby2_1-2_1-2.1.9-15.1.aarch64",
"product_id": "libruby2_1-2_1-2.1.9-15.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-2.1.9-15.1.aarch64",
"product": {
"name": "ruby2.1-2.1.9-15.1.aarch64",
"product_id": "ruby2.1-2.1.9-15.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-stdlib-2.1.9-15.1.aarch64",
"product": {
"name": "ruby2.1-stdlib-2.1.9-15.1.aarch64",
"product_id": "ruby2.1-stdlib-2.1.9-15.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-devel-2.1.9-15.1.aarch64",
"product": {
"name": "ruby2.1-devel-2.1.9-15.1.aarch64",
"product_id": "ruby2.1-devel-2.1.9-15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-devel-2.1.9-15.1.ppc64le",
"product": {
"name": "ruby2.1-devel-2.1.9-15.1.ppc64le",
"product_id": "ruby2.1-devel-2.1.9-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libruby2_1-2_1-2.1.9-15.1.ppc64le",
"product": {
"name": "libruby2_1-2_1-2.1.9-15.1.ppc64le",
"product_id": "libruby2_1-2_1-2.1.9-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-2.1.9-15.1.ppc64le",
"product": {
"name": "ruby2.1-2.1.9-15.1.ppc64le",
"product_id": "ruby2.1-2.1.9-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"product": {
"name": "ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"product_id": "ruby2.1-stdlib-2.1.9-15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-devel-2.1.9-15.1.s390x",
"product": {
"name": "ruby2.1-devel-2.1.9-15.1.s390x",
"product_id": "ruby2.1-devel-2.1.9-15.1.s390x"
}
},
{
"category": "product_version",
"name": "libruby2_1-2_1-2.1.9-15.1.s390x",
"product": {
"name": "libruby2_1-2_1-2.1.9-15.1.s390x",
"product_id": "libruby2_1-2_1-2.1.9-15.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-2.1.9-15.1.s390x",
"product": {
"name": "ruby2.1-2.1.9-15.1.s390x",
"product_id": "ruby2.1-2.1.9-15.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-stdlib-2.1.9-15.1.s390x",
"product": {
"name": "ruby2.1-stdlib-2.1.9-15.1.s390x",
"product_id": "ruby2.1-stdlib-2.1.9-15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_1-2_1-2.1.9-15.1.x86_64",
"product": {
"name": "libruby2_1-2_1-2.1.9-15.1.x86_64",
"product_id": "libruby2_1-2_1-2.1.9-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-2.1.9-15.1.x86_64",
"product": {
"name": "ruby2.1-2.1.9-15.1.x86_64",
"product_id": "ruby2.1-2.1.9-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-stdlib-2.1.9-15.1.x86_64",
"product": {
"name": "ruby2.1-stdlib-2.1.9-15.1.x86_64",
"product_id": "ruby2.1-stdlib-2.1.9-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-devel-2.1.9-15.1.x86_64",
"product": {
"name": "ruby2.1-devel-2.1.9-15.1.x86_64",
"product_id": "ruby2.1-devel-2.1.9-15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64"
},
"product_reference": "ruby2.1-2.1.9-15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-devel-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le"
},
"product_reference": "ruby2.1-devel-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-devel-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x"
},
"product_reference": "ruby2.1-devel-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-devel-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-devel-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-devel-2.1.9-15.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64"
},
"product_reference": "ruby2.1-devel-2.1.9-15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-devel-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le"
},
"product_reference": "ruby2.1-devel-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-devel-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x"
},
"product_reference": "ruby2.1-devel-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-devel-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-devel-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le"
},
"product_reference": "ruby2.1-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x"
},
"product_reference": "ruby2.1-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le"
},
"product_reference": "ruby2.1-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x"
},
"product_reference": "ruby2.1-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64"
},
"product_reference": "ruby2.1-2.1.9-15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le"
},
"product_reference": "ruby2.1-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x"
},
"product_reference": "ruby2.1-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_1-2_1-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64"
},
"product_reference": "libruby2_1-2_1-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64"
},
"product_reference": "ruby2.1-2.1.9-15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le"
},
"product_reference": "ruby2.1-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x"
},
"product_reference": "ruby2.1-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-stdlib-2.1.9-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64"
},
"product_reference": "ruby2.1-stdlib-2.1.9-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-4975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4975"
}
],
"notes": [
{
"category": "general",
"text": "Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4975",
"url": "https://www.suse.com/security/cve/CVE-2014-4975"
},
{
"category": "external",
"summary": "SUSE Bug 887877 for CVE-2014-4975",
"url": "https://bugzilla.suse.com/887877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T06:35:59Z",
"details": "moderate"
}
],
"title": "CVE-2014-4975"
},
{
"cve": "CVE-2015-1855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-1855"
}
],
"notes": [
{
"category": "general",
"text": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-1855",
"url": "https://www.suse.com/security/cve/CVE-2015-1855"
},
{
"category": "external",
"summary": "SUSE Bug 926974 for CVE-2015-1855",
"url": "https://bugzilla.suse.com/926974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T06:35:59Z",
"details": "moderate"
}
],
"title": "CVE-2015-1855"
},
{
"cve": "CVE-2015-3900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3900"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3900",
"url": "https://www.suse.com/security/cve/CVE-2015-3900"
},
{
"category": "external",
"summary": "SUSE Bug 936032 for CVE-2015-3900",
"url": "https://bugzilla.suse.com/936032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T06:35:59Z",
"details": "moderate"
}
],
"title": "CVE-2015-3900"
},
{
"cve": "CVE-2015-7551",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7551"
}
],
"notes": [
{
"category": "general",
"text": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7551",
"url": "https://www.suse.com/security/cve/CVE-2015-7551"
},
{
"category": "external",
"summary": "SUSE Bug 939860 for CVE-2015-7551",
"url": "https://bugzilla.suse.com/939860"
},
{
"category": "external",
"summary": "SUSE Bug 959495 for CVE-2015-7551",
"url": "https://bugzilla.suse.com/959495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T06:35:59Z",
"details": "moderate"
}
],
"title": "CVE-2015-7551"
},
{
"cve": "CVE-2016-2339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2339"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2339",
"url": "https://www.suse.com/security/cve/CVE-2016-2339"
},
{
"category": "external",
"summary": "SUSE Bug 1018808 for CVE-2016-2339",
"url": "https://bugzilla.suse.com/1018808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libruby2_1-2_1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ruby2.1-stdlib-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:ruby2.1-devel-2.1.9-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:ruby2.1-devel-2.1.9-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T06:35:59Z",
"details": "moderate"
}
],
"title": "CVE-2016-2339"
}
]
}
SUSE-SU-2017:0948-1
Vulnerability from csaf_suse - Published: 2017-04-06 09:39 - Updated: 2017-04-06 09:39Summary
Security update for ruby
Severity
Moderate
Notes
Title of the patch: Security update for ruby
Description of the patch:
This update for ruby fixes the following issues:
Secuirty issues fixed:
- CVE-2015-1855: Ruby OpenSSL Hostname Verification (bsc#926974)
- CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495)
Bugfixes:
- fix small mistake in the backport for (bsc#986630)
Patchnames: sdksp4-ruby-13052,sleslms13-ruby-13052,slessp4-ruby-13052,slestso13-ruby-13052,slewyst13-ruby-13052
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ruby",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for ruby fixes the following issues:\n\nSecuirty issues fixed:\n- CVE-2015-1855: Ruby OpenSSL Hostname Verification (bsc#926974)\n- CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495)\n\nBugfixes:\n- fix small mistake in the backport for (bsc#986630)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-ruby-13052,sleslms13-ruby-13052,slessp4-ruby-13052,slestso13-ruby-13052,slewyst13-ruby-13052",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0948-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:0948-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170948-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:0948-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-April/002786.html"
},
{
"category": "self",
"summary": "SUSE Bug 926974",
"url": "https://bugzilla.suse.com/926974"
},
{
"category": "self",
"summary": "SUSE Bug 959495",
"url": "https://bugzilla.suse.com/959495"
},
{
"category": "self",
"summary": "SUSE Bug 986630",
"url": "https://bugzilla.suse.com/986630"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-1855 page",
"url": "https://www.suse.com/security/cve/CVE-2015-1855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7551 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7551/"
}
],
"title": "Security update for ruby",
"tracking": {
"current_release_date": "2017-04-06T09:39:44Z",
"generator": {
"date": "2017-04-06T09:39:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:0948-1",
"initial_release_date": "2017-04-06T09:39:44Z",
"revision_history": [
{
"date": "2017-04-06T09:39:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby-devel-1.8.7.p357-0.9.19.1.i586",
"product": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.i586",
"product_id": "ruby-devel-1.8.7.p357-0.9.19.1.i586"
}
},
{
"category": "product_version",
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"product": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"product_id": "ruby-doc-html-1.8.7.p357-0.9.19.1.i586"
}
},
{
"category": "product_version",
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.i586",
"product": {
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.i586",
"product_id": "ruby-doc-ri-1.8.7.p357-0.9.19.1.i586"
}
},
{
"category": "product_version",
"name": "ruby-examples-1.8.7.p357-0.9.19.1.i586",
"product": {
"name": "ruby-examples-1.8.7.p357-0.9.19.1.i586",
"product_id": "ruby-examples-1.8.7.p357-0.9.19.1.i586"
}
},
{
"category": "product_version",
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.i586",
"product": {
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.i586",
"product_id": "ruby-test-suite-1.8.7.p357-0.9.19.1.i586"
}
},
{
"category": "product_version",
"name": "ruby-tk-1.8.7.p357-0.9.19.1.i586",
"product": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.i586",
"product_id": "ruby-tk-1.8.7.p357-0.9.19.1.i586"
}
},
{
"category": "product_version",
"name": "ruby-1.8.7.p357-0.9.19.1.i586",
"product": {
"name": "ruby-1.8.7.p357-0.9.19.1.i586",
"product_id": "ruby-1.8.7.p357-0.9.19.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"product": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"product_id": "ruby-devel-1.8.7.p357-0.9.19.1.ia64"
}
},
{
"category": "product_version",
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"product": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"product_id": "ruby-doc-html-1.8.7.p357-0.9.19.1.ia64"
}
},
{
"category": "product_version",
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.ia64",
"product": {
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.ia64",
"product_id": "ruby-doc-ri-1.8.7.p357-0.9.19.1.ia64"
}
},
{
"category": "product_version",
"name": "ruby-examples-1.8.7.p357-0.9.19.1.ia64",
"product": {
"name": "ruby-examples-1.8.7.p357-0.9.19.1.ia64",
"product_id": "ruby-examples-1.8.7.p357-0.9.19.1.ia64"
}
},
{
"category": "product_version",
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.ia64",
"product": {
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.ia64",
"product_id": "ruby-test-suite-1.8.7.p357-0.9.19.1.ia64"
}
},
{
"category": "product_version",
"name": "ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"product": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"product_id": "ruby-tk-1.8.7.p357-0.9.19.1.ia64"
}
},
{
"category": "product_version",
"name": "ruby-1.8.7.p357-0.9.19.1.ia64",
"product": {
"name": "ruby-1.8.7.p357-0.9.19.1.ia64",
"product_id": "ruby-1.8.7.p357-0.9.19.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"product": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"product_id": "ruby-devel-1.8.7.p357-0.9.19.1.ppc64"
}
},
{
"category": "product_version",
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"product": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"product_id": "ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64"
}
},
{
"category": "product_version",
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.ppc64",
"product": {
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.ppc64",
"product_id": "ruby-doc-ri-1.8.7.p357-0.9.19.1.ppc64"
}
},
{
"category": "product_version",
"name": "ruby-examples-1.8.7.p357-0.9.19.1.ppc64",
"product": {
"name": "ruby-examples-1.8.7.p357-0.9.19.1.ppc64",
"product_id": "ruby-examples-1.8.7.p357-0.9.19.1.ppc64"
}
},
{
"category": "product_version",
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.ppc64",
"product": {
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.ppc64",
"product_id": "ruby-test-suite-1.8.7.p357-0.9.19.1.ppc64"
}
},
{
"category": "product_version",
"name": "ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"product": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"product_id": "ruby-tk-1.8.7.p357-0.9.19.1.ppc64"
}
},
{
"category": "product_version",
"name": "ruby-1.8.7.p357-0.9.19.1.ppc64",
"product": {
"name": "ruby-1.8.7.p357-0.9.19.1.ppc64",
"product_id": "ruby-1.8.7.p357-0.9.19.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"product": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"product_id": "ruby-devel-1.8.7.p357-0.9.19.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"product": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"product_id": "ruby-doc-html-1.8.7.p357-0.9.19.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.s390x",
"product": {
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.s390x",
"product_id": "ruby-doc-ri-1.8.7.p357-0.9.19.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby-examples-1.8.7.p357-0.9.19.1.s390x",
"product": {
"name": "ruby-examples-1.8.7.p357-0.9.19.1.s390x",
"product_id": "ruby-examples-1.8.7.p357-0.9.19.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.s390x",
"product": {
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.s390x",
"product_id": "ruby-test-suite-1.8.7.p357-0.9.19.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"product": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"product_id": "ruby-tk-1.8.7.p357-0.9.19.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby-1.8.7.p357-0.9.19.1.s390x",
"product": {
"name": "ruby-1.8.7.p357-0.9.19.1.s390x",
"product_id": "ruby-1.8.7.p357-0.9.19.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"product": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"product_id": "ruby-devel-1.8.7.p357-0.9.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"product": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"product_id": "ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.x86_64",
"product": {
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.x86_64",
"product_id": "ruby-doc-ri-1.8.7.p357-0.9.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby-examples-1.8.7.p357-0.9.19.1.x86_64",
"product": {
"name": "ruby-examples-1.8.7.p357-0.9.19.1.x86_64",
"product_id": "ruby-examples-1.8.7.p357-0.9.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.x86_64",
"product": {
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.x86_64",
"product_id": "ruby-test-suite-1.8.7.p357-0.9.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"product": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"product_id": "ruby-tk-1.8.7.p357-0.9.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby-1.8.7.p357-0.9.19.1.x86_64",
"product": {
"name": "ruby-1.8.7.p357-0.9.19.1.x86_64",
"product_id": "ruby-1.8.7.p357-0.9.19.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Lifecycle Management Server 1.3",
"product": {
"name": "SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-slms:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE WebYast 1.3",
"product": {
"name": "SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:webyast:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.i586"
},
"product_reference": "ruby-devel-1.8.7.p357-0.9.19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ia64"
},
"product_reference": "ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ppc64"
},
"product_reference": "ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.s390x"
},
"product_reference": "ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.i586"
},
"product_reference": "ruby-doc-ri-1.8.7.p357-0.9.19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ia64"
},
"product_reference": "ruby-doc-ri-1.8.7.p357-0.9.19.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ppc64"
},
"product_reference": "ruby-doc-ri-1.8.7.p357-0.9.19.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.s390x"
},
"product_reference": "ruby-doc-ri-1.8.7.p357-0.9.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-ri-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-doc-ri-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-examples-1.8.7.p357-0.9.19.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.i586"
},
"product_reference": "ruby-examples-1.8.7.p357-0.9.19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-examples-1.8.7.p357-0.9.19.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ia64"
},
"product_reference": "ruby-examples-1.8.7.p357-0.9.19.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-examples-1.8.7.p357-0.9.19.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ppc64"
},
"product_reference": "ruby-examples-1.8.7.p357-0.9.19.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-examples-1.8.7.p357-0.9.19.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.s390x"
},
"product_reference": "ruby-examples-1.8.7.p357-0.9.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-examples-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-examples-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.i586"
},
"product_reference": "ruby-test-suite-1.8.7.p357-0.9.19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ia64"
},
"product_reference": "ruby-test-suite-1.8.7.p357-0.9.19.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ppc64"
},
"product_reference": "ruby-test-suite-1.8.7.p357-0.9.19.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.s390x"
},
"product_reference": "ruby-test-suite-1.8.7.p357-0.9.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-test-suite-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-test-suite-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Lifecycle Management Server 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-1.8.7.p357-0.9.19.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586"
},
"product_reference": "ruby-1.8.7.p357-0.9.19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-1.8.7.p357-0.9.19.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64"
},
"product_reference": "ruby-1.8.7.p357-0.9.19.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-1.8.7.p357-0.9.19.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64"
},
"product_reference": "ruby-1.8.7.p357-0.9.19.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-1.8.7.p357-0.9.19.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x"
},
"product_reference": "ruby-1.8.7.p357-0.9.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-1.8.7.p357-0.9.19.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586"
},
"product_reference": "ruby-1.8.7.p357-0.9.19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-1.8.7.p357-0.9.19.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64"
},
"product_reference": "ruby-1.8.7.p357-0.9.19.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-1.8.7.p357-0.9.19.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64"
},
"product_reference": "ruby-1.8.7.p357-0.9.19.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-1.8.7.p357-0.9.19.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x"
},
"product_reference": "ruby-1.8.7.p357-0.9.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-tk-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.i586 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.i586"
},
"product_reference": "ruby-devel-1.8.7.p357-0.9.19.1.i586",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.ia64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ia64"
},
"product_reference": "ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.ppc64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ppc64"
},
"product_reference": "ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.s390x as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.s390x"
},
"product_reference": "ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-1.8.7.p357-0.9.19.1.x86_64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64"
},
"product_reference": "ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"relates_to_product_reference": "SUSE WebYast 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-1855"
}
],
"notes": [
{
"category": "general",
"text": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Lifecycle Management Server 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Studio Onsite 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.i586",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-1855",
"url": "https://www.suse.com/security/cve/CVE-2015-1855"
},
{
"category": "external",
"summary": "SUSE Bug 926974 for CVE-2015-1855",
"url": "https://bugzilla.suse.com/926974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Lifecycle Management Server 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Studio Onsite 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.i586",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Lifecycle Management Server 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Studio Onsite 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.i586",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-06T09:39:44Z",
"details": "moderate"
}
],
"title": "CVE-2015-1855"
},
{
"cve": "CVE-2015-7551",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7551"
}
],
"notes": [
{
"category": "general",
"text": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Lifecycle Management Server 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Studio Onsite 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.i586",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7551",
"url": "https://www.suse.com/security/cve/CVE-2015-7551"
},
{
"category": "external",
"summary": "SUSE Bug 939860 for CVE-2015-7551",
"url": "https://bugzilla.suse.com/939860"
},
{
"category": "external",
"summary": "SUSE Bug 959495 for CVE-2015-7551",
"url": "https://bugzilla.suse.com/959495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Lifecycle Management Server 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Studio Onsite 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.i586",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Lifecycle Management Server 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-doc-ri-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-examples-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-test-suite-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:ruby-tk-1.8.7.p357-0.9.19.1.x86_64",
"SUSE Studio Onsite 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.i586",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ia64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.ppc64",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.s390x",
"SUSE WebYast 1.3:ruby-devel-1.8.7.p357-0.9.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-06T09:39:44Z",
"details": "moderate"
}
],
"title": "CVE-2015-7551"
}
]
}
GHSA-M9XR-X5MQ-4FP5
Vulnerability from github – Published: 2022-05-14 03:34 – Updated: 2025-04-12 12:57
VLAI?
Details
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
Severity ?
8.4 (High)
{
"affected": [],
"aliases": [
"CVE-2015-7551"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-03-24T01:59:00Z",
"severity": "HIGH"
},
"details": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.",
"id": "GHSA-m9xr-x5mq-4fp5",
"modified": "2025-04-12T12:57:53Z",
"published": "2022-05-14T03:34:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7551"
},
{
"type": "WEB",
"url": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"type": "WEB",
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html"
},
{
"type": "WEB",
"url": "https://puppet.com/security/cve/ruby-dec-2015-security-fixes"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206167"
},
{
"type": "WEB",
"url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/76060"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2015-7551
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-7551",
"description": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.",
"id": "GSD-2015-7551",
"references": [
"https://www.suse.com/security/cve/CVE-2015-7551.html",
"https://access.redhat.com/errata/RHSA-2018:0583",
"https://ubuntu.com/security/CVE-2015-7551",
"https://advisories.mageia.org/CVE-2015-7551.html",
"https://alas.aws.amazon.com/cve/html/CVE-2015-7551.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-7551"
],
"details": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.",
"id": "GSD-2015-7551",
"modified": "2023-12-13T01:20:01.042595Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-03-21-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html"
},
{
"name": "https://support.apple.com/HT206167",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206167"
},
{
"name": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a",
"refsource": "CONFIRM",
"url": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344"
},
{
"name": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://puppet.com/security/cve/ruby-dec-2015-security-fixes",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/ruby-dec-2015-security-fixes"
},
{
"name": "RHSA-2018:0583",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "76060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76060"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.11.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.0-p647",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7551"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551",
"refsource": "CONFIRM",
"tags": [],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html",
"refsource": "CONFIRM",
"tags": [],
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html"
},
{
"name": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344",
"refsource": "CONFIRM",
"tags": [],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344"
},
{
"name": "https://support.apple.com/HT206167",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "APPLE-SA-2016-03-21-5",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "76060",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/76060"
},
{
"name": "https://puppet.com/security/cve/ruby-dec-2015-security-fixes",
"refsource": "CONFIRM",
"tags": [],
"url": "https://puppet.com/security/cve/ruby-dec-2015-security-fixes"
},
{
"name": "RHSA-2018:0583",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM"
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-03-28T01:29Z",
"publishedDate": "2016-03-24T01:59Z"
}
}
}
VAR-201603-0003
Vulnerability from variot - Updated: 2023-12-18 11:22The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. Ruby is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Apple OS X is a dedicated operating system developed by Apple for Mac computers. The following products and versions are affected: Ruby prior to 2.0.0-p648, 2.1 prior to 2.1.8, 2.2 prior to 2.2.4, and Apple OS X prior to 10.11.4. (Note: This issue was originally fixed in the CNNVD-201508-060 patch, but reappeared after DL was implemented using Fiddle and libffi). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-ruby22-ruby security, bug fix, and enhancement update Advisory ID: RHSA-2018:0583-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:0583 Issue date: 2018-03-26 CVE Names: CVE-2009-5147 CVE-2015-7551 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17790 =====================================================================
- Summary:
An update for rh-ruby22-ruby is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: rh-ruby22-ruby (2.2.9), rh-ruby22-rubygems (2.4.5.4), rh-ruby22-rubygem-psych (2.0.8.1), rh-ruby22-rubygem-json (1.8.1.1). (BZ#1549646)
Security Fix(es):
-
ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405)
-
ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898)
-
rubygems: Arbitrary file overwrite due to incorrect validation of specification name (CVE-2017-0901)
-
rubygems: DNS hijacking vulnerability (CVE-2017-0902)
-
rubygems: Unsafe object deserialization through YAML formatted gem specifications (CVE-2017-0903)
-
ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick (CVE-2017-10784)
-
ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033)
-
ruby: DL::dlopen could open a library with tainted library name (CVE-2009-5147, CVE-2015-7551)
-
rubygems: Escape sequence in the "summary" field of gemspec (CVE-2017-0899)
-
rubygems: No size limit in summary length of gem spec (CVE-2017-0900)
-
ruby: Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064)
-
ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution (CVE-2017-17790)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1248935 - CVE-2009-5147 CVE-2015-7551 ruby: DL::dlopen could open a library with tainted library name 1487552 - CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call 1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name 1487588 - CVE-2017-0900 rubygems: No size limit in summary length of gem spec 1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability 1487590 - CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec 1491866 - CVE-2017-14033 ruby: Buffer underrun in OpenSSL ASN1 decode 1492012 - CVE-2017-10784 ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick 1492015 - CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf 1500488 - CVE-2017-0903 rubygems: Unsafe object deserialization through YAML formatted gem specifications 1526189 - CVE-2017-17405 ruby: Command injection vulnerability in Net::FTP 1528218 - CVE-2017-17790 ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution 1549646 - Rebase to the latest Ruby 2.2 point release
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-ruby22-ruby-2.2.9-19.el6.src.rpm
noarch: rh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm
x86_64: rh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-ruby22-ruby-2.2.9-19.el6.src.rpm
noarch: rh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm
x86_64: rh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-ruby22-ruby-2.2.9-19.el6.src.rpm
noarch: rh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm
x86_64: rh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-ruby22-ruby-2.2.9-19.el7.src.rpm
noarch: rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm
x86_64: rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source: rh-ruby22-ruby-2.2.9-19.el7.src.rpm
noarch: rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm
x86_64: rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-ruby22-ruby-2.2.9-19.el7.src.rpm
noarch: rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm
x86_64: rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-ruby22-ruby-2.2.9-19.el7.src.rpm
noarch: rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm
x86_64: rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2009-5147 https://access.redhat.com/security/cve/CVE-2015-7551 https://access.redhat.com/security/cve/CVE-2017-0898 https://access.redhat.com/security/cve/CVE-2017-0899 https://access.redhat.com/security/cve/CVE-2017-0900 https://access.redhat.com/security/cve/CVE-2017-0901 https://access.redhat.com/security/cve/CVE-2017-0902 https://access.redhat.com/security/cve/CVE-2017-0903 https://access.redhat.com/security/cve/CVE-2017-10784 https://access.redhat.com/security/cve/CVE-2017-14033 https://access.redhat.com/security/cve/CVE-2017-14064 https://access.redhat.com/security/cve/CVE-2017-17405 https://access.redhat.com/security/cve/CVE-2017-17790 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFauMCwXlSAg2UNWIIRAt7+AKCI6oUS1rfveUw8jicxIi6EpIyH4wCgqBO0 GhFJ0ZG9kuNetqyols+muU4= =ZJq+ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002
OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following:
apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team
AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB
Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher
dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB
FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659
Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero
IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash
IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox
NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero
OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys
OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys
OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195
Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG
Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc.
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
Tcl
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions
prior to 1.6.20. These were addressed by removing libpng.
CVE-ID
CVE-2015-8126 : Adam Mariš
TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)
Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171
OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE----- . =========================================================================== Ubuntu Security Notice USN-3365-1 July 25, 2017
ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Ruby. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147)
Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. This issue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855)
Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly handled certain crafted strings. This issue only applied to Ubuntu 14.04 LTS. (CVE-2015-7551)
It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A remote attacker could possibly use this issue to inject SMTP commands. (CVE-2015-9096)
Marcin Noga discovered that Ruby incorrectly handled certain arguments in a TclTkIp class method. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2337)
It was discovered that Ruby Fiddle::Function.new incorrectly handled certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339)
It was discovered that Ruby incorrectly handled the initialization vector (IV) in GCM mode. (CVE-2016-7798)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: libruby2.3 2.3.3-1ubuntu0.1 ruby2.3 2.3.3-1ubuntu0.1
Ubuntu 16.04 LTS: libruby2.3 2.3.1-2~16.04.2 ruby2.3 2.3.1-2~16.04.2
Ubuntu 14.04 LTS: libruby1.9.1 1.9.3.484-2ubuntu1.3 libruby2.0 2.0.0.484-1ubuntu2.4 ruby1.9.1 1.9.3.484-2ubuntu1.3 ruby2.0 2.0.0.484-1ubuntu2.4
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.1.3"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.1.6"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.2.1"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.2.2"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.2.0"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.1.4"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.2.3"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.1.5"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.0,
"vendor": "ruby lang",
"version": "2.1.2"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.0,
"vendor": "ruby lang",
"version": "2.1.7"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.3"
},
{
"model": "ruby",
"scope": "lte",
"trust": 1.0,
"vendor": "ruby lang",
"version": "2.0.0-p647"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.0,
"vendor": "ruby lang",
"version": "2.1.0"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.0,
"vendor": "ruby lang",
"version": "2.1.1"
},
{
"model": "ruby",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby lang",
"version": "1.9.3"
},
{
"model": "ruby",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.0.0-p648"
},
{
"model": "ruby",
"scope": "lt",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.0.0"
},
{
"model": "ruby",
"scope": "lt",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.2"
},
{
"model": "ruby",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.2.4"
},
{
"model": "ruby",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.3.0 preview 1"
},
{
"model": "ruby",
"scope": "lt",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11 to 10.11.3"
},
{
"model": "ruby",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.1.8"
},
{
"model": "ruby",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby lang",
"version": "1.9.2"
},
{
"model": "ruby",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.3.0 preview 2"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.1"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9-2"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9-1"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.0-3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.2"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "matsumoto ruby 1.9.1-p129",
"scope": "ne",
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "mac os security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x2016-0020"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.4"
}
],
"sources": [
{
"db": "BID",
"id": "76060"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007006"
},
{
"db": "NVD",
"id": "CVE-2015-7551"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-327"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.11.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.0-p647",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7551"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reed Loden",
"sources": [
{
"db": "BID",
"id": "76060"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7551",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7551",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-85512",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7551",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7551",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-327",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85512",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-7551",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85512"
},
{
"db": "VULMON",
"id": "CVE-2015-7551"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007006"
},
{
"db": "NVD",
"id": "CVE-2015-7551"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. Ruby is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Apple OS X is a dedicated operating system developed by Apple for Mac computers. The following products and versions are affected: Ruby prior to 2.0.0-p648, 2.1 prior to 2.1.8, 2.2 prior to 2.2.4, and Apple OS X prior to 10.11.4. (Note: This issue was originally fixed in the CNNVD-201508-060 patch, but reappeared after DL was implemented using Fiddle and libffi). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-ruby22-ruby security, bug fix, and enhancement update\nAdvisory ID: RHSA-2018:0583-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:0583\nIssue date: 2018-03-26\nCVE Names: CVE-2009-5147 CVE-2015-7551 CVE-2017-0898 \n CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 \n CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 \n CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 \n CVE-2017-17790 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-ruby22-ruby is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to perform system management tasks. \n\nThe following packages have been upgraded to a later upstream version:\nrh-ruby22-ruby (2.2.9), rh-ruby22-rubygems (2.4.5.4),\nrh-ruby22-rubygem-psych (2.0.8.1), rh-ruby22-rubygem-json (1.8.1.1). \n(BZ#1549646)\n\nSecurity Fix(es):\n\n* ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405)\n\n* ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898)\n\n* rubygems: Arbitrary file overwrite due to incorrect validation of\nspecification name (CVE-2017-0901)\n\n* rubygems: DNS hijacking vulnerability (CVE-2017-0902)\n\n* rubygems: Unsafe object deserialization through YAML formatted gem\nspecifications (CVE-2017-0903)\n\n* ruby: Escape sequence injection vulnerability in the Basic authentication\nof WEBrick (CVE-2017-10784)\n\n* ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033)\n\n* ruby: DL::dlopen could open a library with tainted library name\n(CVE-2009-5147, CVE-2015-7551)\n\n* rubygems: Escape sequence in the \"summary\" field of gemspec\n(CVE-2017-0899)\n\n* rubygems: No size limit in summary length of gem spec (CVE-2017-0900)\n\n* ruby: Arbitrary heap exposure during a JSON.generate call\n(CVE-2017-14064)\n\n* ruby: Command injection in lib/resolv.rb:lazy_initialize() allows\narbitrary code execution (CVE-2017-17790)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1248935 - CVE-2009-5147 CVE-2015-7551 ruby: DL::dlopen could open a library with tainted library name\n1487552 - CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call\n1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name\n1487588 - CVE-2017-0900 rubygems: No size limit in summary length of gem spec\n1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability\n1487590 - CVE-2017-0899 rubygems: Escape sequence in the \"summary\" field of gemspec\n1491866 - CVE-2017-14033 ruby: Buffer underrun in OpenSSL ASN1 decode\n1492012 - CVE-2017-10784 ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick\n1492015 - CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf\n1500488 - CVE-2017-0903 rubygems: Unsafe object deserialization through YAML formatted gem specifications\n1526189 - CVE-2017-17405 ruby: Command injection vulnerability in Net::FTP\n1528218 - CVE-2017-17790 ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution\n1549646 - Rebase to the latest Ruby 2.2 point release\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-ruby22-ruby-2.2.9-19.el6.src.rpm\n\nnoarch:\nrh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm\nrh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm\nrh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm\nrh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm\nrh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm\nrh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm\nrh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm\nrh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm\n\nx86_64:\nrh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm\nrh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm\nrh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm\nrh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm\nrh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-ruby22-ruby-2.2.9-19.el6.src.rpm\n\nnoarch:\nrh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm\nrh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm\nrh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm\nrh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm\nrh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm\nrh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm\nrh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm\nrh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm\n\nx86_64:\nrh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm\nrh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm\nrh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm\nrh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm\nrh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-ruby22-ruby-2.2.9-19.el6.src.rpm\n\nnoarch:\nrh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm\nrh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm\nrh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm\nrh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm\nrh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm\nrh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm\nrh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm\nrh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm\n\nx86_64:\nrh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm\nrh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm\nrh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm\nrh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm\nrh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm\nrh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-ruby22-ruby-2.2.9-19.el7.src.rpm\n\nnoarch:\nrh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm\nrh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm\nrh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm\nrh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm\nrh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm\nrh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm\nrh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm\nrh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm\n\nx86_64:\nrh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm\nrh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm\nrh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm\nrh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm\nrh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-ruby22-ruby-2.2.9-19.el7.src.rpm\n\nnoarch:\nrh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm\nrh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm\nrh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm\nrh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm\nrh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm\nrh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm\nrh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm\nrh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm\n\nx86_64:\nrh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm\nrh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm\nrh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm\nrh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm\nrh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-ruby22-ruby-2.2.9-19.el7.src.rpm\n\nnoarch:\nrh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm\nrh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm\nrh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm\nrh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm\nrh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm\nrh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm\nrh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm\nrh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm\n\nx86_64:\nrh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm\nrh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm\nrh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm\nrh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm\nrh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-ruby22-ruby-2.2.9-19.el7.src.rpm\n\nnoarch:\nrh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm\nrh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm\nrh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm\nrh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm\nrh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm\nrh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm\nrh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm\nrh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm\n\nx86_64:\nrh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm\nrh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm\nrh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm\nrh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm\nrh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm\nrh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2009-5147\nhttps://access.redhat.com/security/cve/CVE-2015-7551\nhttps://access.redhat.com/security/cve/CVE-2017-0898\nhttps://access.redhat.com/security/cve/CVE-2017-0899\nhttps://access.redhat.com/security/cve/CVE-2017-0900\nhttps://access.redhat.com/security/cve/CVE-2017-0901\nhttps://access.redhat.com/security/cve/CVE-2017-0902\nhttps://access.redhat.com/security/cve/CVE-2017-0903\nhttps://access.redhat.com/security/cve/CVE-2017-10784\nhttps://access.redhat.com/security/cve/CVE-2017-14033\nhttps://access.redhat.com/security/cve/CVE-2017-14064\nhttps://access.redhat.com/security/cve/CVE-2017-17405\nhttps://access.redhat.com/security/cve/CVE-2017-17790\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFauMCwXlSAg2UNWIIRAt7+AKCI6oUS1rfveUw8jicxIi6EpIyH4wCgqBO0\nGhFJ0ZG9kuNetqyols+muU4=\n=ZJq+\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update\n2016-002\n\nOS X El Capitan 10.11.4 and Security Update 2016-002 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\nAppleUSBNetworking\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the parsing of\ndata from USB devices. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\nBluetooth\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\nCVE-2016-1736 : beist and ABH of BoB\n\nCarbon\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2016-1737 : an anonymous researcher\n\ndyld\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker may tamper with code-signed applications to\nexecute arbitrary code in the application\u0027s context\nDescription: A code signing verification issue existed in dyld. This\nissue was addressed with improved validation. \nCVE-ID\nCVE-2016-1738 : beist and ABH of BoB\n\nFontParser\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1743 : Piotr Bania of Cisco Talos\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1745 : sweetchip of Grayhash\n\nIOGraphics\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nIOUSBFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of\nTrend Micro working with Trend Micro\u0027s Zero Day Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. This was addressed through improved state handling. \nCVE-ID\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\nCVE-2016-1759 : lokihardt\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1758 : Brandon Azad\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription: A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a JavaScript link can reveal sensitive user\ninformation\nDescription: An issue existed in the processing of JavaScript links. \nThis issue was addressed through improved content security policy\nchecks. \nCVE-ID\nCVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of\nBishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\nNVIDIA Graphics Drivers\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Connecting to a server may leak sensitive user information,\nsuch as a client\u0027s private keys\nDescription: Roaming, which was on by default in the OpenSSH client,\nexposed an information leak and a buffer overflow. These issues were\naddressed by disabling roaming in the client. \nCVE-ID\nCVE-2016-0777 : Qualys\nCVE-2016-0778 : Qualys\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact: Multiple vulnerabilities in LibreSSL\nDescription: Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333 : Qualys\nCVE-2015-5334 : Qualys\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory leak existed in OpenSSL versions prior to\n0.9.8zh. This issue was addressed by updating OpenSSL to version\n0.9.8zh. \nCVE-ID\nCVE-2015-3195\n\nPython\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2014-9495\nCVE-2015-0973\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1767 : Francis Provencher from COSIG\nCVE-2016-1768 : Francis Provencher from COSIG\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1769 : Francis Provencher from COSIG\n\nReminders\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a tel link can make a call without prompting the\nuser\nDescription: A user was not prompted before invoking a call. This\nwas addressed through improved entitlement checks. This issue was addressed by updating to\nversion 2.0.0-p648. \nCVE-ID\nCVE-2015-7551\n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A permissions issue existed in code signing tools. This\nwas addressed though additional ownership checks. \nCVE-ID\nCVE-2016-1773 : Mark Mentovai of Google Inc. \n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTcl\nAvailable for: \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by removing libpng. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\n\nTrueTypeScaler\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWi-Fi\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of Safari 9.1. \nhttps://support.apple.com/kb/HT206171\n\nOS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6\nARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w\nHiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l\nJy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau\n/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi\nUhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng\nO+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78\njuPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF\ni9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP\nIzo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X\nqlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q\nVZmOKa8qMxB1L/JmdCqy\n=mZR+\n-----END PGP SIGNATURE-----\n. \n===========================================================================\nUbuntu Security Notice USN-3365-1\nJuly 25, 2017\n\nruby1.9.1, ruby2.0, ruby2.3 vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Ruby. An attacker could possibly use this issue to open libraries with\ntainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147)\n\nTony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby\nOpenSSL extension incorrectly handled hostname wildcard matching. This\nissue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855)\n\nChristian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly\nhandled certain crafted strings. This issue only\napplied to Ubuntu 14.04 LTS. (CVE-2015-7551)\n\nIt was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A\nremote attacker could possibly use this issue to inject SMTP commands. \n(CVE-2015-9096)\n\nMarcin Noga discovered that Ruby incorrectly handled certain arguments in\na TclTkIp class method. An attacker could possibly use this issue to\nexecute arbitrary code. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2016-2337)\n\nIt was discovered that Ruby Fiddle::Function.new incorrectly handled\ncertain arguments. An attacker could possibly use this issue to execute\narbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339)\n\nIt was discovered that Ruby incorrectly handled the initialization vector\n(IV) in GCM mode. (CVE-2016-7798)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n libruby2.3 2.3.3-1ubuntu0.1\n ruby2.3 2.3.3-1ubuntu0.1\n\nUbuntu 16.04 LTS:\n libruby2.3 2.3.1-2~16.04.2\n ruby2.3 2.3.1-2~16.04.2\n\nUbuntu 14.04 LTS:\n libruby1.9.1 1.9.3.484-2ubuntu1.3\n libruby2.0 2.0.0.484-1ubuntu2.4\n ruby1.9.1 1.9.3.484-2ubuntu1.3\n ruby2.0 2.0.0.484-1ubuntu2.4\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7551"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007006"
},
{
"db": "BID",
"id": "76060"
},
{
"db": "VULHUB",
"id": "VHN-85512"
},
{
"db": "VULMON",
"id": "CVE-2015-7551"
},
{
"db": "PACKETSTORM",
"id": "146892"
},
{
"db": "PACKETSTORM",
"id": "136346"
},
{
"db": "PACKETSTORM",
"id": "143501"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7551",
"trust": 3.2
},
{
"db": "BID",
"id": "76060",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU97668313",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007006",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-327",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "63459",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85512",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7551",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146892",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136346",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143501",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85512"
},
{
"db": "VULMON",
"id": "CVE-2015-7551"
},
{
"db": "BID",
"id": "76060"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007006"
},
{
"db": "PACKETSTORM",
"id": "146892"
},
{
"db": "PACKETSTORM",
"id": "136346"
},
{
"db": "PACKETSTORM",
"id": "143501"
},
{
"db": "NVD",
"id": "CVE-2015-7551"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-327"
}
]
},
"id": "VAR-201603-0003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85512"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:22:56.287000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
},
{
"title": "HT206167",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206167"
},
{
"title": "HT206167",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206167"
},
{
"title": "796551",
"trust": 0.8,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551"
},
{
"title": "796344",
"trust": 0.8,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344"
},
{
"title": "merge revision(s): 53153 and 23405@ruby_1_9_1",
"trust": 0.8,
"url": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a"
},
{
"title": "CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL",
"trust": 0.8,
"url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"
},
{
"title": "CVE-2015-7551 in Ubuntu",
"trust": 0.8,
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/cve-2015-7551.html"
},
{
"title": "Apple OS X Ruby Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60653"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2015-7551",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=bfc75fa41154a90833b0b9782076d6d7"
},
{
"title": "Amazon Linux AMI: ALAS-2016-632",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-632"
},
{
"title": "Red Hat: Important: rh-ruby22-ruby security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20180583 - security advisory"
},
{
"title": "Ubuntu Security Notice: ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3365-1"
},
{
"title": "Apple: OS X El Capitan v10.11.4 and Security Update 2016-002",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ef054ba76412200e34091eb91c38c281"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
},
{
"title": "ruby_audit",
"trust": 0.1,
"url": "https://github.com/civisanalytics/ruby_audit "
},
{
"title": "CVE-2009-5147",
"trust": 0.1,
"url": "https://github.com/vpereira/cve-2009-5147 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-7551"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007006"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-327"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85512"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007006"
},
{
"db": "NVD",
"id": "CVE-2015-7551"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
},
{
"trust": 1.8,
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551"
},
{
"trust": 1.8,
"url": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a"
},
{
"trust": 1.8,
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/cve-2015-7551.html"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206167"
},
{
"trust": 1.8,
"url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"
},
{
"trust": 1.5,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/76060"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2018:0583"
},
{
"trust": 1.2,
"url": "https://puppet.com/security/cve/ruby-dec-2015-security-fixes"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7551"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97668313/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7551"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/63459"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2015/q3/220"
},
{
"trust": 0.3,
"url": "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b"
},
{
"trust": 0.3,
"url": "https://www.ruby-lang.org/en/news/2009/05/12/ruby-1-9-1-p129-released/"
},
{
"trust": 0.3,
"url": "http://www.ruby-lang.org/en/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7551"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-5147"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/civisanalytics/ruby_audit"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2016-632.html"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3365-1/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2009-5147"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14064"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-10784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-0902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-0899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14064"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-7551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-0903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14033"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-17790"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-0900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-0898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-0901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-17405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0777"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht206171"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1732"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9495"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1738"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1737"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0973"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~16.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby2.3/2.3.3-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7798"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3365-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby2.0/2.0.0.484-1ubuntu2.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9096"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.484-2ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1855"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85512"
},
{
"db": "VULMON",
"id": "CVE-2015-7551"
},
{
"db": "BID",
"id": "76060"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007006"
},
{
"db": "PACKETSTORM",
"id": "146892"
},
{
"db": "PACKETSTORM",
"id": "136346"
},
{
"db": "PACKETSTORM",
"id": "143501"
},
{
"db": "NVD",
"id": "CVE-2015-7551"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85512"
},
{
"db": "VULMON",
"id": "CVE-2015-7551"
},
{
"db": "BID",
"id": "76060"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007006"
},
{
"db": "PACKETSTORM",
"id": "146892"
},
{
"db": "PACKETSTORM",
"id": "136346"
},
{
"db": "PACKETSTORM",
"id": "143501"
},
{
"db": "NVD",
"id": "CVE-2015-7551"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-24T00:00:00",
"db": "VULHUB",
"id": "VHN-85512"
},
{
"date": "2016-03-24T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7551"
},
{
"date": "2015-07-28T00:00:00",
"db": "BID",
"id": "76060"
},
{
"date": "2016-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007006"
},
{
"date": "2018-03-27T03:29:31",
"db": "PACKETSTORM",
"id": "146892"
},
{
"date": "2016-03-22T15:18:02",
"db": "PACKETSTORM",
"id": "136346"
},
{
"date": "2017-07-25T23:16:08",
"db": "PACKETSTORM",
"id": "143501"
},
{
"date": "2016-03-24T01:59:03.370000",
"db": "NVD",
"id": "CVE-2015-7551"
},
{
"date": "2016-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-85512"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7551"
},
{
"date": "2017-07-26T10:08:00",
"db": "BID",
"id": "76060"
},
{
"date": "2016-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007006"
},
{
"date": "2018-03-28T01:29:03.403000",
"db": "NVD",
"id": "CVE-2015-7551"
},
{
"date": "2016-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-327"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X Distributed by such products Ruby of ext/fiddle/handle.c of Fiddle::Handle Vulnerabilities in arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007006"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-327"
}
],
"trust": 0.6
}
}
CNVD-2016-01874
Vulnerability from cnvd - Published: 2016-03-25
VLAI Severity ?
Title
Apple OS X Ruby内存破坏漏洞
Description
Apple OS X是美国苹果(Apple)公司为Mac计算机所开发的一套专用操作系统。Ruby是日本软件开发者松本行弘所研发的一种跨平台、面向对象的动态类型编程语言。
Apple OS X和其他产品中分发的Ruby中的ext/fiddle/handle.c文件中的Fiddle::Handle实现过程中存在内存破坏漏洞,该漏洞源于程序未能正确处理字符串污染。本地攻击者可利用该漏洞造成拒绝服务(应用程序终止),或执行任意代码。
Severity
中
Patch Name
Apple OS X Ruby内存破坏漏洞的补丁
Patch Description
Apple OS X是美国苹果(Apple)公司为Mac计算机所开发的一套专用操作系统。Ruby是日本软件开发者松本行弘所研发的一种跨平台、面向对象的动态类型编程语言。
Apple OS X和其他产品中分发的Ruby中的ext/fiddle/handle.c文件中的Fiddle::Handle实现过程中存在内存破坏漏洞,该漏洞源于程序未能正确处理字符串污染。本地攻击者可利用该漏洞造成拒绝服务(应用程序终止),或执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/ https://support.apple.com/HT206167
Reference
https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344
Impacted products
| Name | Apple OS X <10.11.4 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-7551"
}
},
"description": "Apple OS X\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Ruby\u662f\u65e5\u672c\u8f6f\u4ef6\u5f00\u53d1\u8005\u677e\u672c\u884c\u5f18\u6240\u7814\u53d1\u7684\u4e00\u79cd\u8de8\u5e73\u53f0\u3001\u9762\u5411\u5bf9\u8c61\u7684\u52a8\u6001\u7c7b\u578b\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nApple OS X\u548c\u5176\u4ed6\u4ea7\u54c1\u4e2d\u5206\u53d1\u7684Ruby\u4e2d\u7684ext/fiddle/handle.c\u6587\u4ef6\u4e2d\u7684Fiddle::Handle\u5b9e\u73b0\u8fc7\u7a0b\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406\u5b57\u7b26\u4e32\u6c61\u67d3\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5e94\u7528\u7a0b\u5e8f\u7ec8\u6b62\uff09\uff0c\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Christian Hofstaedtler zeha@debian.org",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/\r\nhttps://support.apple.com/HT206167",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-01874",
"openTime": "2016-03-25",
"patchDescription": "Apple OS X\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Ruby\u662f\u65e5\u672c\u8f6f\u4ef6\u5f00\u53d1\u8005\u677e\u672c\u884c\u5f18\u6240\u7814\u53d1\u7684\u4e00\u79cd\u8de8\u5e73\u53f0\u3001\u9762\u5411\u5bf9\u8c61\u7684\u52a8\u6001\u7c7b\u578b\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nApple OS X\u548c\u5176\u4ed6\u4ea7\u54c1\u4e2d\u5206\u53d1\u7684Ruby\u4e2d\u7684ext/fiddle/handle.c\u6587\u4ef6\u4e2d\u7684Fiddle::Handle\u5b9e\u73b0\u8fc7\u7a0b\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406\u5b57\u7b26\u4e32\u6c61\u67d3\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5e94\u7528\u7a0b\u5e8f\u7ec8\u6b62\uff09\uff0c\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple OS X Ruby\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apple OS X \u003c10.11.4"
},
"referenceLink": "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a\r\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344",
"serverity": "\u4e2d",
"submitTime": "2016-03-24",
"title": "Apple OS X Ruby\u5185\u5b58\u7834\u574f\u6f0f\u6d1e"
}
OPENSUSE-SU-2024:10481-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libruby2_2-2_2-2.2.5-1.5 on GA media
Severity
Moderate
Notes
Title of the patch: libruby2_2-2_2-2.2.5-1.5 on GA media
Description of the patch: These are all security issues fixed in the libruby2_2-2_2-2.2.5-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10481
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libruby2_2-2_2-2.2.5-1.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libruby2_2-2_2-2.2.5-1.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10481",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10481-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-1855 page",
"url": "https://www.suse.com/security/cve/CVE-2015-1855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3900 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7551 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7551/"
}
],
"title": "libruby2_2-2_2-2.2.5-1.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10481-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libruby2_2-2_2-2.2.5-1.5.aarch64",
"product": {
"name": "libruby2_2-2_2-2.2.5-1.5.aarch64",
"product_id": "libruby2_2-2_2-2.2.5-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-2.2.5-1.5.aarch64",
"product": {
"name": "ruby2.2-2.2.5-1.5.aarch64",
"product_id": "ruby2.2-2.2.5-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-devel-2.2.5-1.5.aarch64",
"product": {
"name": "ruby2.2-devel-2.2.5-1.5.aarch64",
"product_id": "ruby2.2-devel-2.2.5-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-devel-extra-2.2.5-1.5.aarch64",
"product": {
"name": "ruby2.2-devel-extra-2.2.5-1.5.aarch64",
"product_id": "ruby2.2-devel-extra-2.2.5-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-doc-2.2.5-1.5.aarch64",
"product": {
"name": "ruby2.2-doc-2.2.5-1.5.aarch64",
"product_id": "ruby2.2-doc-2.2.5-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-doc-ri-2.2.5-1.5.aarch64",
"product": {
"name": "ruby2.2-doc-ri-2.2.5-1.5.aarch64",
"product_id": "ruby2.2-doc-ri-2.2.5-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-stdlib-2.2.5-1.5.aarch64",
"product": {
"name": "ruby2.2-stdlib-2.2.5-1.5.aarch64",
"product_id": "ruby2.2-stdlib-2.2.5-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-tk-2.2.5-1.5.aarch64",
"product": {
"name": "ruby2.2-tk-2.2.5-1.5.aarch64",
"product_id": "ruby2.2-tk-2.2.5-1.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_2-2_2-2.2.5-1.5.ppc64le",
"product": {
"name": "libruby2_2-2_2-2.2.5-1.5.ppc64le",
"product_id": "libruby2_2-2_2-2.2.5-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-2.2.5-1.5.ppc64le",
"product": {
"name": "ruby2.2-2.2.5-1.5.ppc64le",
"product_id": "ruby2.2-2.2.5-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-devel-2.2.5-1.5.ppc64le",
"product": {
"name": "ruby2.2-devel-2.2.5-1.5.ppc64le",
"product_id": "ruby2.2-devel-2.2.5-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-devel-extra-2.2.5-1.5.ppc64le",
"product": {
"name": "ruby2.2-devel-extra-2.2.5-1.5.ppc64le",
"product_id": "ruby2.2-devel-extra-2.2.5-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-doc-2.2.5-1.5.ppc64le",
"product": {
"name": "ruby2.2-doc-2.2.5-1.5.ppc64le",
"product_id": "ruby2.2-doc-2.2.5-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-doc-ri-2.2.5-1.5.ppc64le",
"product": {
"name": "ruby2.2-doc-ri-2.2.5-1.5.ppc64le",
"product_id": "ruby2.2-doc-ri-2.2.5-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-stdlib-2.2.5-1.5.ppc64le",
"product": {
"name": "ruby2.2-stdlib-2.2.5-1.5.ppc64le",
"product_id": "ruby2.2-stdlib-2.2.5-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-tk-2.2.5-1.5.ppc64le",
"product": {
"name": "ruby2.2-tk-2.2.5-1.5.ppc64le",
"product_id": "ruby2.2-tk-2.2.5-1.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_2-2_2-2.2.5-1.5.s390x",
"product": {
"name": "libruby2_2-2_2-2.2.5-1.5.s390x",
"product_id": "libruby2_2-2_2-2.2.5-1.5.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-2.2.5-1.5.s390x",
"product": {
"name": "ruby2.2-2.2.5-1.5.s390x",
"product_id": "ruby2.2-2.2.5-1.5.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-devel-2.2.5-1.5.s390x",
"product": {
"name": "ruby2.2-devel-2.2.5-1.5.s390x",
"product_id": "ruby2.2-devel-2.2.5-1.5.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-devel-extra-2.2.5-1.5.s390x",
"product": {
"name": "ruby2.2-devel-extra-2.2.5-1.5.s390x",
"product_id": "ruby2.2-devel-extra-2.2.5-1.5.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-doc-2.2.5-1.5.s390x",
"product": {
"name": "ruby2.2-doc-2.2.5-1.5.s390x",
"product_id": "ruby2.2-doc-2.2.5-1.5.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-doc-ri-2.2.5-1.5.s390x",
"product": {
"name": "ruby2.2-doc-ri-2.2.5-1.5.s390x",
"product_id": "ruby2.2-doc-ri-2.2.5-1.5.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-stdlib-2.2.5-1.5.s390x",
"product": {
"name": "ruby2.2-stdlib-2.2.5-1.5.s390x",
"product_id": "ruby2.2-stdlib-2.2.5-1.5.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-tk-2.2.5-1.5.s390x",
"product": {
"name": "ruby2.2-tk-2.2.5-1.5.s390x",
"product_id": "ruby2.2-tk-2.2.5-1.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_2-2_2-2.2.5-1.5.x86_64",
"product": {
"name": "libruby2_2-2_2-2.2.5-1.5.x86_64",
"product_id": "libruby2_2-2_2-2.2.5-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-2.2.5-1.5.x86_64",
"product": {
"name": "ruby2.2-2.2.5-1.5.x86_64",
"product_id": "ruby2.2-2.2.5-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-devel-2.2.5-1.5.x86_64",
"product": {
"name": "ruby2.2-devel-2.2.5-1.5.x86_64",
"product_id": "ruby2.2-devel-2.2.5-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-devel-extra-2.2.5-1.5.x86_64",
"product": {
"name": "ruby2.2-devel-extra-2.2.5-1.5.x86_64",
"product_id": "ruby2.2-devel-extra-2.2.5-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-doc-2.2.5-1.5.x86_64",
"product": {
"name": "ruby2.2-doc-2.2.5-1.5.x86_64",
"product_id": "ruby2.2-doc-2.2.5-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-doc-ri-2.2.5-1.5.x86_64",
"product": {
"name": "ruby2.2-doc-ri-2.2.5-1.5.x86_64",
"product_id": "ruby2.2-doc-ri-2.2.5-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-stdlib-2.2.5-1.5.x86_64",
"product": {
"name": "ruby2.2-stdlib-2.2.5-1.5.x86_64",
"product_id": "ruby2.2-stdlib-2.2.5-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-tk-2.2.5-1.5.x86_64",
"product": {
"name": "ruby2.2-tk-2.2.5-1.5.x86_64",
"product_id": "ruby2.2-tk-2.2.5-1.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_2-2_2-2.2.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.aarch64"
},
"product_reference": "libruby2_2-2_2-2.2.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_2-2_2-2.2.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.ppc64le"
},
"product_reference": "libruby2_2-2_2-2.2.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_2-2_2-2.2.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.s390x"
},
"product_reference": "libruby2_2-2_2-2.2.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_2-2_2-2.2.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.x86_64"
},
"product_reference": "libruby2_2-2_2-2.2.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-2.2.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.aarch64"
},
"product_reference": "ruby2.2-2.2.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-2.2.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.ppc64le"
},
"product_reference": "ruby2.2-2.2.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-2.2.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.s390x"
},
"product_reference": "ruby2.2-2.2.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-2.2.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.x86_64"
},
"product_reference": "ruby2.2-2.2.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-devel-2.2.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.aarch64"
},
"product_reference": "ruby2.2-devel-2.2.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-devel-2.2.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.ppc64le"
},
"product_reference": "ruby2.2-devel-2.2.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-devel-2.2.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.s390x"
},
"product_reference": "ruby2.2-devel-2.2.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-devel-2.2.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.x86_64"
},
"product_reference": "ruby2.2-devel-2.2.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-devel-extra-2.2.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.aarch64"
},
"product_reference": "ruby2.2-devel-extra-2.2.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-devel-extra-2.2.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.ppc64le"
},
"product_reference": "ruby2.2-devel-extra-2.2.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-devel-extra-2.2.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.s390x"
},
"product_reference": "ruby2.2-devel-extra-2.2.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-devel-extra-2.2.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.x86_64"
},
"product_reference": "ruby2.2-devel-extra-2.2.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-doc-2.2.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.aarch64"
},
"product_reference": "ruby2.2-doc-2.2.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-doc-2.2.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.ppc64le"
},
"product_reference": "ruby2.2-doc-2.2.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-doc-2.2.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.s390x"
},
"product_reference": "ruby2.2-doc-2.2.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-doc-2.2.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.x86_64"
},
"product_reference": "ruby2.2-doc-2.2.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-doc-ri-2.2.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.aarch64"
},
"product_reference": "ruby2.2-doc-ri-2.2.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-doc-ri-2.2.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.ppc64le"
},
"product_reference": "ruby2.2-doc-ri-2.2.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-doc-ri-2.2.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.s390x"
},
"product_reference": "ruby2.2-doc-ri-2.2.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-doc-ri-2.2.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.x86_64"
},
"product_reference": "ruby2.2-doc-ri-2.2.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-stdlib-2.2.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.aarch64"
},
"product_reference": "ruby2.2-stdlib-2.2.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-stdlib-2.2.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.ppc64le"
},
"product_reference": "ruby2.2-stdlib-2.2.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-stdlib-2.2.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.s390x"
},
"product_reference": "ruby2.2-stdlib-2.2.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-stdlib-2.2.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.x86_64"
},
"product_reference": "ruby2.2-stdlib-2.2.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-tk-2.2.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.aarch64"
},
"product_reference": "ruby2.2-tk-2.2.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-tk-2.2.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.ppc64le"
},
"product_reference": "ruby2.2-tk-2.2.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-tk-2.2.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.s390x"
},
"product_reference": "ruby2.2-tk-2.2.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-tk-2.2.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.x86_64"
},
"product_reference": "ruby2.2-tk-2.2.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-1855"
}
],
"notes": [
{
"category": "general",
"text": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-1855",
"url": "https://www.suse.com/security/cve/CVE-2015-1855"
},
{
"category": "external",
"summary": "SUSE Bug 926974 for CVE-2015-1855",
"url": "https://bugzilla.suse.com/926974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-1855"
},
{
"cve": "CVE-2015-3900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3900"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3900",
"url": "https://www.suse.com/security/cve/CVE-2015-3900"
},
{
"category": "external",
"summary": "SUSE Bug 936032 for CVE-2015-3900",
"url": "https://bugzilla.suse.com/936032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3900"
},
{
"cve": "CVE-2015-7551",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7551"
}
],
"notes": [
{
"category": "general",
"text": "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7551",
"url": "https://www.suse.com/security/cve/CVE-2015-7551"
},
{
"category": "external",
"summary": "SUSE Bug 939860 for CVE-2015-7551",
"url": "https://bugzilla.suse.com/939860"
},
{
"category": "external",
"summary": "SUSE Bug 959495 for CVE-2015-7551",
"url": "https://bugzilla.suse.com/959495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:libruby2_2-2_2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-devel-extra-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-doc-ri-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-stdlib-2.2.5-1.5.x86_64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.aarch64",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.ppc64le",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.s390x",
"openSUSE Tumbleweed:ruby2.2-tk-2.2.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-7551"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…