Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2020:0591 - Security Advisory
Issued:
2020-02-25
Updated:
2020-02-25

RHSA-2020:0591 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: ruby security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for ruby is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

  • ruby: DoS by large request in WEBrick (CVE-2018-8777)
  • ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780)
  • rubygems: Path traversal when writing to a symlinked basedir outside of the root (CVE-2018-1000073)
  • rubygems: Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (CVE-2018-1000074)
  • rubygems: Improper verification of signatures in tarball allows to install mis-signed gem (CVE-2018-1000076)
  • rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (CVE-2018-1000077)
  • rubygems: XSS vulnerability in homepage attribute when displayed via gem server (CVE-2018-1000078)
  • rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations (CVE-2018-1000079)
  • rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service (CVE-2018-1000075)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 7.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.4 x86_64

Fixes

  • BZ - 1547418 - CVE-2018-1000073 rubygems: Path traversal when writing to a symlinked basedir outside of the root
  • BZ - 1547419 - CVE-2018-1000074 rubygems: Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML
  • BZ - 1547420 - CVE-2018-1000075 rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service
  • BZ - 1547421 - CVE-2018-1000076 rubygems: Improper verification of signatures in tarball allows to install mis-signed gem
  • BZ - 1547422 - CVE-2018-1000077 rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL
  • BZ - 1547425 - CVE-2018-1000078 rubygems: XSS vulnerability in homepage attribute when displayed via gem server
  • BZ - 1547426 - CVE-2018-1000079 rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations
  • BZ - 1561949 - CVE-2018-8780 ruby: Unintentional directory traversal by poisoned NULL byte in Dir
  • BZ - 1561950 - CVE-2018-8777 ruby: DoS by large request in WEBrick

CVEs

  • CVE-2018-8777
  • CVE-2018-8780
  • CVE-2018-1000073
  • CVE-2018-1000074
  • CVE-2018-1000075
  • CVE-2018-1000076
  • CVE-2018-1000077
  • CVE-2018-1000078
  • CVE-2018-1000079

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 7.4

SRPM
ruby-2.0.0.648-35.el7_4.src.rpm SHA-256: 258b2807cdbe9efe7d2176cefa509eb4597b4170d5af4b06bb51c2561d3cf4d3
x86_64
ruby-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 9052abb7d5eaddf9d4b124a02fd588ab6a0b631afffae41974051f37b00387e7
ruby-debuginfo-2.0.0.648-35.el7_4.i686.rpm SHA-256: 777deea2960e9a8d406c0938d8bb0200adc0708807f2aa766b9c8472b441ebd3
ruby-debuginfo-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 10e6b72c2595622e8af9b85745eeb546198fe487a5a0cf5c753b81bd0a960c74
ruby-debuginfo-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 10e6b72c2595622e8af9b85745eeb546198fe487a5a0cf5c753b81bd0a960c74
ruby-devel-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 8c50c79aa486a4f259670d4d93dbabc1ca070c5f94a4ea16cf9f878ebd4389d3
ruby-doc-2.0.0.648-35.el7_4.noarch.rpm SHA-256: bc081087ca96925a203e53f5935a8fc8280c12c367ae667660e000b37256a873
ruby-irb-2.0.0.648-35.el7_4.noarch.rpm SHA-256: c2ae030e4773b232c757b64172fe92a04d1aa424a07a1cbc084aed3810067a2d
ruby-libs-2.0.0.648-35.el7_4.i686.rpm SHA-256: dc00af0e7a4b7ef03240c6739077a526fbeeb4aa86c885c3c8f072bcc40d67c0
ruby-libs-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 29a8a951fddab973bce718f782c92d72dd1ff23a6cd156cf3f24b92046edd98e
ruby-tcltk-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 0a6775a4acefaef95ee872b00bf2728333da074ef4fa203ce62095f5c0ce1a53
rubygem-bigdecimal-1.2.0-35.el7_4.x86_64.rpm SHA-256: 84a3bd6954228fb03dcf0275369b351f1edccdad06942eb2daefb4e0ad7cf417
rubygem-io-console-0.4.2-35.el7_4.x86_64.rpm SHA-256: 25f665cce27761eda95b57e07eb2fcf89982d1c7319916f07bb7c65a84e216f7
rubygem-json-1.7.7-35.el7_4.x86_64.rpm SHA-256: 29d2370823ac40518589676dcca41d9cb17eea2f55ff556a1607cbd5392a840b
rubygem-minitest-4.3.2-35.el7_4.noarch.rpm SHA-256: a9004d2451f4a082108bce63136d05061f29c3ed7bcd4ce03a5471fef0bacb94
rubygem-psych-2.0.0-35.el7_4.x86_64.rpm SHA-256: 4d535d8301c39d3709a5b6bf318547408ff56d8f4dcad66aa05a62d9e1362e07
rubygem-rake-0.9.6-35.el7_4.noarch.rpm SHA-256: 4e6e1afd4d8ee407682ccca011d20d81667faa7e904e8697f162ba29d2f270ab
rubygem-rdoc-4.0.0-35.el7_4.noarch.rpm SHA-256: e821697edf772145b6915f33bb00fa8bce653b450a71a0b81da3cae483529706
rubygems-2.0.14.1-35.el7_4.noarch.rpm SHA-256: 5ccd04102ecd91601983e20fe717d42847973f81e12682f16005ca55d5f5126b
rubygems-devel-2.0.14.1-35.el7_4.noarch.rpm SHA-256: ad774dff259eef6b33f786b2bfd8b1dfb797f97aee6ba4bd0617e42ca74ce44c

Red Hat Enterprise Linux Server - TUS 7.4

SRPM
ruby-2.0.0.648-35.el7_4.src.rpm SHA-256: 258b2807cdbe9efe7d2176cefa509eb4597b4170d5af4b06bb51c2561d3cf4d3
x86_64
ruby-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 9052abb7d5eaddf9d4b124a02fd588ab6a0b631afffae41974051f37b00387e7
ruby-debuginfo-2.0.0.648-35.el7_4.i686.rpm SHA-256: 777deea2960e9a8d406c0938d8bb0200adc0708807f2aa766b9c8472b441ebd3
ruby-debuginfo-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 10e6b72c2595622e8af9b85745eeb546198fe487a5a0cf5c753b81bd0a960c74
ruby-debuginfo-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 10e6b72c2595622e8af9b85745eeb546198fe487a5a0cf5c753b81bd0a960c74
ruby-devel-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 8c50c79aa486a4f259670d4d93dbabc1ca070c5f94a4ea16cf9f878ebd4389d3
ruby-doc-2.0.0.648-35.el7_4.noarch.rpm SHA-256: bc081087ca96925a203e53f5935a8fc8280c12c367ae667660e000b37256a873
ruby-irb-2.0.0.648-35.el7_4.noarch.rpm SHA-256: c2ae030e4773b232c757b64172fe92a04d1aa424a07a1cbc084aed3810067a2d
ruby-libs-2.0.0.648-35.el7_4.i686.rpm SHA-256: dc00af0e7a4b7ef03240c6739077a526fbeeb4aa86c885c3c8f072bcc40d67c0
ruby-libs-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 29a8a951fddab973bce718f782c92d72dd1ff23a6cd156cf3f24b92046edd98e
ruby-tcltk-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 0a6775a4acefaef95ee872b00bf2728333da074ef4fa203ce62095f5c0ce1a53
rubygem-bigdecimal-1.2.0-35.el7_4.x86_64.rpm SHA-256: 84a3bd6954228fb03dcf0275369b351f1edccdad06942eb2daefb4e0ad7cf417
rubygem-io-console-0.4.2-35.el7_4.x86_64.rpm SHA-256: 25f665cce27761eda95b57e07eb2fcf89982d1c7319916f07bb7c65a84e216f7
rubygem-json-1.7.7-35.el7_4.x86_64.rpm SHA-256: 29d2370823ac40518589676dcca41d9cb17eea2f55ff556a1607cbd5392a840b
rubygem-minitest-4.3.2-35.el7_4.noarch.rpm SHA-256: a9004d2451f4a082108bce63136d05061f29c3ed7bcd4ce03a5471fef0bacb94
rubygem-psych-2.0.0-35.el7_4.x86_64.rpm SHA-256: 4d535d8301c39d3709a5b6bf318547408ff56d8f4dcad66aa05a62d9e1362e07
rubygem-rake-0.9.6-35.el7_4.noarch.rpm SHA-256: 4e6e1afd4d8ee407682ccca011d20d81667faa7e904e8697f162ba29d2f270ab
rubygem-rdoc-4.0.0-35.el7_4.noarch.rpm SHA-256: e821697edf772145b6915f33bb00fa8bce653b450a71a0b81da3cae483529706
rubygems-2.0.14.1-35.el7_4.noarch.rpm SHA-256: 5ccd04102ecd91601983e20fe717d42847973f81e12682f16005ca55d5f5126b
rubygems-devel-2.0.14.1-35.el7_4.noarch.rpm SHA-256: ad774dff259eef6b33f786b2bfd8b1dfb797f97aee6ba4bd0617e42ca74ce44c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.4

SRPM
ruby-2.0.0.648-35.el7_4.src.rpm SHA-256: 258b2807cdbe9efe7d2176cefa509eb4597b4170d5af4b06bb51c2561d3cf4d3
ppc64le
ruby-2.0.0.648-35.el7_4.ppc64le.rpm SHA-256: e314797019481e6387927750fe541d8d7623d421e4438f0d15e2808a6400bd45
ruby-debuginfo-2.0.0.648-35.el7_4.ppc64le.rpm SHA-256: e4aba33a805d0aa3a94b8ae7572b19e581ca1901b053f6614fe68c0834abc053
ruby-debuginfo-2.0.0.648-35.el7_4.ppc64le.rpm SHA-256: e4aba33a805d0aa3a94b8ae7572b19e581ca1901b053f6614fe68c0834abc053
ruby-devel-2.0.0.648-35.el7_4.ppc64le.rpm SHA-256: 2bbdd29e6d48de34fb1ff5724cf452ba471f1a2c08d7f6a667ee0447e7e4ea90
ruby-doc-2.0.0.648-35.el7_4.noarch.rpm SHA-256: bc081087ca96925a203e53f5935a8fc8280c12c367ae667660e000b37256a873
ruby-irb-2.0.0.648-35.el7_4.noarch.rpm SHA-256: c2ae030e4773b232c757b64172fe92a04d1aa424a07a1cbc084aed3810067a2d
ruby-libs-2.0.0.648-35.el7_4.ppc64le.rpm SHA-256: eb2fc777fc49cb4492c32f46b1c14043dd028f4ffa331073cd7ca91642e4b155
ruby-tcltk-2.0.0.648-35.el7_4.ppc64le.rpm SHA-256: dec3e49a1c1c052da084df52075fb4af90e0b9c31dda6b662d5df9edb987f8b6
rubygem-bigdecimal-1.2.0-35.el7_4.ppc64le.rpm SHA-256: fb4a220dfe1727003d35706fedc745fb7098b4f35fb95bcc6da43244457955a9
rubygem-io-console-0.4.2-35.el7_4.ppc64le.rpm SHA-256: 6a7e5359c3caf25187d10b96f752c3e6233945b6a83e45a483775af3b7ac7d96
rubygem-json-1.7.7-35.el7_4.ppc64le.rpm SHA-256: 1adc31963be2620102eb82eb87d685336eb6bb661bfa4c3d6fdda005fd8aa1bf
rubygem-minitest-4.3.2-35.el7_4.noarch.rpm SHA-256: a9004d2451f4a082108bce63136d05061f29c3ed7bcd4ce03a5471fef0bacb94
rubygem-psych-2.0.0-35.el7_4.ppc64le.rpm SHA-256: a7e06c2e6366b7dbf575230cb09af396ef855721d9a798997f008f6fb72c7510
rubygem-rake-0.9.6-35.el7_4.noarch.rpm SHA-256: 4e6e1afd4d8ee407682ccca011d20d81667faa7e904e8697f162ba29d2f270ab
rubygem-rdoc-4.0.0-35.el7_4.noarch.rpm SHA-256: e821697edf772145b6915f33bb00fa8bce653b450a71a0b81da3cae483529706
rubygems-2.0.14.1-35.el7_4.noarch.rpm SHA-256: 5ccd04102ecd91601983e20fe717d42847973f81e12682f16005ca55d5f5126b
rubygems-devel-2.0.14.1-35.el7_4.noarch.rpm SHA-256: ad774dff259eef6b33f786b2bfd8b1dfb797f97aee6ba4bd0617e42ca74ce44c

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.4

SRPM
ruby-2.0.0.648-35.el7_4.src.rpm SHA-256: 258b2807cdbe9efe7d2176cefa509eb4597b4170d5af4b06bb51c2561d3cf4d3
x86_64
ruby-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 9052abb7d5eaddf9d4b124a02fd588ab6a0b631afffae41974051f37b00387e7
ruby-debuginfo-2.0.0.648-35.el7_4.i686.rpm SHA-256: 777deea2960e9a8d406c0938d8bb0200adc0708807f2aa766b9c8472b441ebd3
ruby-debuginfo-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 10e6b72c2595622e8af9b85745eeb546198fe487a5a0cf5c753b81bd0a960c74
ruby-debuginfo-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 10e6b72c2595622e8af9b85745eeb546198fe487a5a0cf5c753b81bd0a960c74
ruby-devel-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 8c50c79aa486a4f259670d4d93dbabc1ca070c5f94a4ea16cf9f878ebd4389d3
ruby-doc-2.0.0.648-35.el7_4.noarch.rpm SHA-256: bc081087ca96925a203e53f5935a8fc8280c12c367ae667660e000b37256a873
ruby-irb-2.0.0.648-35.el7_4.noarch.rpm SHA-256: c2ae030e4773b232c757b64172fe92a04d1aa424a07a1cbc084aed3810067a2d
ruby-libs-2.0.0.648-35.el7_4.i686.rpm SHA-256: dc00af0e7a4b7ef03240c6739077a526fbeeb4aa86c885c3c8f072bcc40d67c0
ruby-libs-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 29a8a951fddab973bce718f782c92d72dd1ff23a6cd156cf3f24b92046edd98e
ruby-tcltk-2.0.0.648-35.el7_4.x86_64.rpm SHA-256: 0a6775a4acefaef95ee872b00bf2728333da074ef4fa203ce62095f5c0ce1a53
rubygem-bigdecimal-1.2.0-35.el7_4.x86_64.rpm SHA-256: 84a3bd6954228fb03dcf0275369b351f1edccdad06942eb2daefb4e0ad7cf417
rubygem-io-console-0.4.2-35.el7_4.x86_64.rpm SHA-256: 25f665cce27761eda95b57e07eb2fcf89982d1c7319916f07bb7c65a84e216f7
rubygem-json-1.7.7-35.el7_4.x86_64.rpm SHA-256: 29d2370823ac40518589676dcca41d9cb17eea2f55ff556a1607cbd5392a840b
rubygem-minitest-4.3.2-35.el7_4.noarch.rpm SHA-256: a9004d2451f4a082108bce63136d05061f29c3ed7bcd4ce03a5471fef0bacb94
rubygem-psych-2.0.0-35.el7_4.x86_64.rpm SHA-256: 4d535d8301c39d3709a5b6bf318547408ff56d8f4dcad66aa05a62d9e1362e07
rubygem-rake-0.9.6-35.el7_4.noarch.rpm SHA-256: 4e6e1afd4d8ee407682ccca011d20d81667faa7e904e8697f162ba29d2f270ab
rubygem-rdoc-4.0.0-35.el7_4.noarch.rpm SHA-256: e821697edf772145b6915f33bb00fa8bce653b450a71a0b81da3cae483529706
rubygems-2.0.14.1-35.el7_4.noarch.rpm SHA-256: 5ccd04102ecd91601983e20fe717d42847973f81e12682f16005ca55d5f5126b
rubygems-devel-2.0.14.1-35.el7_4.noarch.rpm SHA-256: ad774dff259eef6b33f786b2bfd8b1dfb797f97aee6ba4bd0617e42ca74ce44c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat X (formerly Twitter)

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility