Debian Bug report logs -
#990815
ruby27: CVE-2021-31799 CVE-2021-31810 CVE-2021-32066
Package:
src:ruby27;
Maintainer for src:ruby27 is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>;
Reported by: Moritz Mühlenhoff <jmm@inutilorg>
Date: Thu, 8 Jul 2021 09:06:02 UTC
Severity: grave
Tags: ...
Several vulnerabilities have been discovered in the interpreter for the
Ruby language and the Rubygems included, which may result in
XML roundtrip attacks, the execution of arbitrary code, information
disclosure, StartTLS stripping in IMAP or denial of service
For the oldstable distribution (buster), these problems have been fixed
in version 255 ...
Synopsis
Moderate: ruby:25 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:25 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update a ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Secu ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update ...
Synopsis
Important: rh-ruby26-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for rh-ruby26-ruby is now available for Red Hat Software CollectionsRed Hat Product S ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Secu ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Pr ...
An operating system command injection flaw was found in RDoc Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc (CVE-2021-31799) ...
An operating system command injection flaw was found in RDoc Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc (CVE-2021-31799) ...
RDoc before version 631 used to call Kernel#open to open a local file If a Ruby project has a file whose name starts with "|" and ends with "tags", the command following the pipe character is executed A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run the rdoc command (CVE-2021-31 ...
RDoc before version 631 used to call Kernel#open to open a local file If a Ruby project has a file whose name starts with "|" and ends with "tags", the command following the pipe character is executed A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run the rdoc command (CVE-2021-31 ...
RDoc before version 631 used to call Kernel#open to open a local file If a Ruby project has a file whose name starts with "|" and ends with "tags", the command following the pipe character is executed A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run the rdoc command ...