Advisories ยป MGASA-2020-0243

Updated ruby-RubyGems packages fix security vulnerability

Publication date: 10 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-XXXX , CVE-2018-1000073 , CVE-2018-1000074 , CVE-2018-1000075 , CVE-2018-1000076 , CVE-2018-1000077 , CVE-2018-1000078 , CVE-2018-1000079 , CVE-2019-8320 , CVE-2019-8321 , CVE-2019-8322 , CVE-2019-8323 , CVE-2019-8324 , CVE-2019-8325

Description

Updated ruby-RubyGems package fixes security vulnerabilities

The following vulnerabilities have been reported.

CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response
handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code
execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
                

References

SRPMS

7/core