Vulmon
Amazon Linux 2 Security Advisory: ALASRUBY3.0-2023-006
Advisory Release Date: 2023-08-21 20:59 Pacific
Advisory Updated Date: 2023-09-25 22:01 Pacific
Severity:
Medium
Issue Overview:
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc. (CVE-2021-31799)
Affected Packages:
ruby
Issue Correction:
Run yum update ruby to update your system.
New Packages:
aarch64:
ruby-3.0.1-148.amzn2.0.1.aarch64
ruby-devel-3.0.1-148.amzn2.0.1.aarch64
ruby-libs-3.0.1-148.amzn2.0.1.aarch64
rubygem-bigdecimal-3.0.0-148.amzn2.0.1.aarch64
rubygem-io-console-0.5.7-148.amzn2.0.1.aarch64
rubygem-json-2.5.1-148.amzn2.0.1.aarch64
rubygem-psych-3.3.0-148.amzn2.0.1.aarch64
ruby-debuginfo-3.0.1-148.amzn2.0.1.aarch64
noarch:
rubygems-3.2.15-148.amzn2.0.1.noarch
rubygems-devel-3.2.15-148.amzn2.0.1.noarch
ruby-default-gems-3.0.1-148.amzn2.0.1.noarch
rubygem-irb-1.3.5-148.amzn2.0.1.noarch
rubygem-rdoc-6.3.0-148.amzn2.0.1.noarch
ruby-doc-3.0.1-148.amzn2.0.1.noarch
rubygem-bundler-2.2.15-148.amzn2.0.1.noarch
rubygem-minitest-5.14.2-148.amzn2.0.1.noarch
rubygem-power_assert-1.2.0-148.amzn2.0.1.noarch
rubygem-rake-13.0.3-148.amzn2.0.1.noarch
rubygem-rbs-1.0.4-148.amzn2.0.1.noarch
rubygem-test-unit-3.3.7-148.amzn2.0.1.noarch
rubygem-rexml-3.2.5-148.amzn2.0.1.noarch
rubygem-rss-0.2.9-148.amzn2.0.1.noarch
rubygem-typeprof-0.12.0-148.amzn2.0.1.noarch
src:
ruby-3.0.1-148.amzn2.0.1.src
x86_64:
ruby-3.0.1-148.amzn2.0.1.x86_64
ruby-devel-3.0.1-148.amzn2.0.1.x86_64
ruby-libs-3.0.1-148.amzn2.0.1.x86_64
rubygem-bigdecimal-3.0.0-148.amzn2.0.1.x86_64
rubygem-io-console-0.5.7-148.amzn2.0.1.x86_64
rubygem-json-2.5.1-148.amzn2.0.1.x86_64
rubygem-psych-3.3.0-148.amzn2.0.1.x86_64
ruby-debuginfo-3.0.1-148.amzn2.0.1.x86_64