Updated ruby-RubyGems packages fix security vulnerability
Publication date: 10 Jun 2020Modification date: 10 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-XXXX , CVE-2018-1000073 , CVE-2018-1000074 , CVE-2018-1000075 , CVE-2018-1000076 , CVE-2018-1000077 , CVE-2018-1000078 , CVE-2018-1000079 , CVE-2019-8320 , CVE-2019-8321 , CVE-2019-8322 , CVE-2019-8323 , CVE-2019-8324 , CVE-2019-8325
Description
Updated ruby-RubyGems package fixes security vulnerabilities The following vulnerabilities have been reported. CVE-2019-8320: Delete directory using symlink when decompressing tar CVE-2019-8321: Escape sequence injection vulnerability in verbose CVE-2019-8322: Escape sequence injection vulnerability in gem owner CVE-2019-8323: Escape sequence injection vulnerability in API response handling CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution CVE-2019-8325: Escape sequence injection vulnerability in errors
References
- https://bugs.mageia.org/show_bug.cgi?id=22696
- https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-XXXX
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
SRPMS
7/core
- ruby-RubyGems-2.6.14-3.1.mga7