Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby22-ruby , rh-ruby22-rubygems , rh-ruby22-rubygem-psych , rh-ruby22-rubygem-json . Security Fix: * ruby: Command injection vulnerability in Net::FTP * ruby: Buffer underrun vulnerability in Kernel.sprintf * rubygems: Arbitrary file overwrite due to incorrect validation of specification name * rubygems: DNS hijacking vulnerability * rubygems: Unsafe object deserialization through YAML formatted gem specifications * ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick * ruby: Buffer underrun in OpenSSL ASN1 decode * ruby: DL::dlopen could open a library with tainted library name * rubygems: Escape sequence in the summary field of gemspec * rubygems: No size limit in summary length of gem spec * ruby: Arbitrary heap exposure during a JSON.generate call * ruby: Command injection in lib/resolv.rb:lazy_initialize allows arbitrary code execution For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section.