RHSA-2019:1150-01 -- Redhat rh-ruby24-rubyID: oval:org.secpod.oval:def:505049 | Date: (C)2021-01-29 (M)2022-07-20 |
Class: PATCH | Family: unix |
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby . Security Fix: * rubygems: Installing a malicious gem may lead to arbitrary code execution * rubygems: Delete directory using symlink when decompressing tar * rubygems: Escape sequence injection vulnerability in verbose * rubygems: Escape sequence injection vulnerability in gem owner * rubygems: Escape sequence injection vulnerability in API response handling * rubygems: Escape sequence injection vulnerability in errors For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 7 |
Red Hat Enterprise Linux 6 |