Red Hat Product Errata RHSA-2022:6855 - Security Advisory
Issued:
2022-10-11
Updated:
2022-10-11

RHSA-2022:6855 - Security Advisory

Synopsis

Moderate: rh-ruby30-ruby security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-ruby30-ruby is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: rh-ruby30-ruby (3.0.4). (BZ#2128628)

Security Fix(es):

  • ruby: buffer overflow in CGI.escape_html (CVE-2021-41816)
  • ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)
  • ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)
  • Ruby: Double free in Regexp compilation (CVE-2022-28738)
  • Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • rh-ruby30 ruby: User-installed rubygems plugins are not being loaded (BZ#2128629)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

  • BZ - 2025104 - CVE-2021-41817 ruby: Regular expression denial of service vulnerability of Date parsing methods
  • BZ - 2026752 - CVE-2021-41816 ruby: buffer overflow in CGI.escape_html
  • BZ - 2026757 - CVE-2021-41819 ruby: Cookie prefix spoofing in CGI::Cookie.parse
  • BZ - 2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation
  • BZ - 2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion
  • BZ - 2128628 - rh-ruby30-ruby: Rebase to the latest Ruby 3.0 release [rhscl-3] [rhscl-3.8.z]
  • BZ - 2128629 - rh-ruby30 ruby: User-installed rubygems plugins are not being loaded [rhscl-3.8.z]

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-ruby30-ruby-3.0.4-149.el7.src.rpm SHA-256: b7ec6c7ecabd39f3364bcae1257d7fcce22597b48adc1273d1238d36ee566b5c
x86_64
rh-ruby30-ruby-3.0.4-149.el7.x86_64.rpm SHA-256: 620163dc82dbc9b17cb356a437c559467b9ebbd97d33e6d951cd58f67d089329
rh-ruby30-ruby-debuginfo-3.0.4-149.el7.x86_64.rpm SHA-256: 1c1becee8e0688ba251ab20b4f04e708ae87d1332aa1c339ab65856df52e6f07
rh-ruby30-ruby-default-gems-3.0.4-149.el7.noarch.rpm SHA-256: ccf554318e61464b6eda8408c16a1b8005f0765d8dc39a6d76e73d06d89a9710
rh-ruby30-ruby-devel-3.0.4-149.el7.x86_64.rpm SHA-256: 8e3c44c72ce6a68f88352872778b783a15408123a8045d0502a7605f86015b47
rh-ruby30-ruby-doc-3.0.4-149.el7.noarch.rpm SHA-256: 8348d300ff6b0f1ee2171a8f1d8c87551d9ab734d8f9468dcc5634c0754ae443
rh-ruby30-ruby-libs-3.0.4-149.el7.x86_64.rpm SHA-256: 748d82756a0993a166165b784c64ea0c997f86b00ead4c50cf750ccb141e897b
rh-ruby30-rubygem-bigdecimal-3.0.0-149.el7.x86_64.rpm SHA-256: a773c0aba303a71fc27030698cf66c59d7d4938cffa10fd9c6c66d6532139c6e
rh-ruby30-rubygem-bundler-2.2.33-149.el7.noarch.rpm SHA-256: 16da27d93ec2f61e92e82bf7342026204b5c42932616e3b5e31cc4d8d64b26aa
rh-ruby30-rubygem-io-console-0.5.7-149.el7.x86_64.rpm SHA-256: a69422b818f5dfb5c2da1978c1c1c185881e6cd57c8dcb6a6fcf4d3f20071d91
rh-ruby30-rubygem-irb-1.3.5-149.el7.noarch.rpm SHA-256: 1711976a180dde61ba5015c2fb45dd214dc6a87b6a5706b800dce654bb85ff0c
rh-ruby30-rubygem-json-2.5.1-149.el7.x86_64.rpm SHA-256: 77256d24fe58e5214c2182f87e19d0a644a4f2ef13f7dc99f727cadacc23e6af
rh-ruby30-rubygem-minitest-5.14.2-149.el7.noarch.rpm SHA-256: 4e1d513a7d9359fabca41577095a39645584d083e06a43e5ad5ab537d36d416d
rh-ruby30-rubygem-power_assert-1.2.0-149.el7.noarch.rpm SHA-256: 95d35e6ecd5f9c7dde75304d1a88bb687c7b743db72157a273e89dd7d71ed0c2
rh-ruby30-rubygem-psych-3.3.2-149.el7.x86_64.rpm SHA-256: e2f55831b6e63e85c0f35a69aab27acbf516a5f2efd7a0db85480917699b5e98
rh-ruby30-rubygem-rake-13.0.3-149.el7.noarch.rpm SHA-256: 880f6ac34758a0dd26d6ca5e81f4bfe1b25d2749611e0a1891249ca21063b7ac
rh-ruby30-rubygem-rbs-1.4.0-149.el7.noarch.rpm SHA-256: b2711b7ab2fe60ab997d4712d222d781f26e39a81f0db476c4b3a7956ec2a33a
rh-ruby30-rubygem-rexml-3.2.5-149.el7.noarch.rpm SHA-256: 9fc333ab0f5592d86738b7dc7d20bdeb1b8353250404d882dda01b7c1320e38f
rh-ruby30-rubygem-rss-0.2.9-149.el7.noarch.rpm SHA-256: 825199635a2273093c255489e1303c3a68f8e5d5107fba9403b9fb66384ceafd
rh-ruby30-rubygem-test-unit-3.3.7-149.el7.noarch.rpm SHA-256: 364e9ab21fa54a873cf0babb701cf885a508b59bb2b0430ff70ebec84431ead0
rh-ruby30-rubygem-typeprof-0.15.2-149.el7.noarch.rpm SHA-256: 374d365fdd0bb88d2af834b5728c435c8530595b755179a97ba973e6b74465a5
rh-ruby30-rubygems-3.2.33-149.el7.noarch.rpm SHA-256: 3e91d2300072655b64b71f342b45bef32666f7b4504a6381f2bc586128e25136
rh-ruby30-rubygems-devel-3.2.33-149.el7.noarch.rpm SHA-256: 7895bbdf93cd6bbfb4d7327c3adfb25d8c766fdea645eccdefd9984cc12e689f

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM
rh-ruby30-ruby-3.0.4-149.el7.src.rpm SHA-256: b7ec6c7ecabd39f3364bcae1257d7fcce22597b48adc1273d1238d36ee566b5c
s390x
rh-ruby30-ruby-3.0.4-149.el7.s390x.rpm SHA-256: 2908476527f9c6708dffb40801f1506863246b17b97b2442738f12ca1b551697
rh-ruby30-ruby-debuginfo-3.0.4-149.el7.s390x.rpm SHA-256: 8c8e9dea621f0b673382b3ad73a22d4cd26fe63e2124415c5f3a73ed453003f2
rh-ruby30-ruby-default-gems-3.0.4-149.el7.noarch.rpm SHA-256: ccf554318e61464b6eda8408c16a1b8005f0765d8dc39a6d76e73d06d89a9710
rh-ruby30-ruby-devel-3.0.4-149.el7.s390x.rpm SHA-256: 2e7063c031d622c5585ad055599d48ed556b1a67825d36d6a256dd5a24cecaa4
rh-ruby30-ruby-doc-3.0.4-149.el7.noarch.rpm SHA-256: 8348d300ff6b0f1ee2171a8f1d8c87551d9ab734d8f9468dcc5634c0754ae443
rh-ruby30-ruby-libs-3.0.4-149.el7.s390x.rpm SHA-256: 199cfd8a5f8512734d156464bc25000b307a731965dad99a828d8151176c2ecb
rh-ruby30-rubygem-bigdecimal-3.0.0-149.el7.s390x.rpm SHA-256: ed9cc283f743336be65543258089e2d863025fdccfe4cf0cedd5fc3341e0a89f
rh-ruby30-rubygem-bundler-2.2.33-149.el7.noarch.rpm SHA-256: 16da27d93ec2f61e92e82bf7342026204b5c42932616e3b5e31cc4d8d64b26aa
rh-ruby30-rubygem-io-console-0.5.7-149.el7.s390x.rpm SHA-256: 4ecb11997d3aa198c6d73a06bd6371cd700357b869c7d02c754b9df2b62bf24b
rh-ruby30-rubygem-irb-1.3.5-149.el7.noarch.rpm SHA-256: 1711976a180dde61ba5015c2fb45dd214dc6a87b6a5706b800dce654bb85ff0c
rh-ruby30-rubygem-json-2.5.1-149.el7.s390x.rpm SHA-256: 34a12ac371b0c3fbd7fddff396094e0dd1b04fe43c461f9a5f6ef2e23e331206
rh-ruby30-rubygem-minitest-5.14.2-149.el7.noarch.rpm SHA-256: 4e1d513a7d9359fabca41577095a39645584d083e06a43e5ad5ab537d36d416d
rh-ruby30-rubygem-power_assert-1.2.0-149.el7.noarch.rpm SHA-256: 95d35e6ecd5f9c7dde75304d1a88bb687c7b743db72157a273e89dd7d71ed0c2
rh-ruby30-rubygem-psych-3.3.2-149.el7.s390x.rpm SHA-256: 0debf021bac6cc24a2db963f33092fb8a97da0b878978426267bc813320255b0
rh-ruby30-rubygem-rake-13.0.3-149.el7.noarch.rpm SHA-256: 880f6ac34758a0dd26d6ca5e81f4bfe1b25d2749611e0a1891249ca21063b7ac
rh-ruby30-rubygem-rbs-1.4.0-149.el7.noarch.rpm SHA-256: b2711b7ab2fe60ab997d4712d222d781f26e39a81f0db476c4b3a7956ec2a33a
rh-ruby30-rubygem-rexml-3.2.5-149.el7.noarch.rpm SHA-256: 9fc333ab0f5592d86738b7dc7d20bdeb1b8353250404d882dda01b7c1320e38f
rh-ruby30-rubygem-rss-0.2.9-149.el7.noarch.rpm SHA-256: 825199635a2273093c255489e1303c3a68f8e5d5107fba9403b9fb66384ceafd
rh-ruby30-rubygem-test-unit-3.3.7-149.el7.noarch.rpm SHA-256: 364e9ab21fa54a873cf0babb701cf885a508b59bb2b0430ff70ebec84431ead0
rh-ruby30-rubygem-typeprof-0.15.2-149.el7.noarch.rpm SHA-256: 374d365fdd0bb88d2af834b5728c435c8530595b755179a97ba973e6b74465a5
rh-ruby30-rubygems-3.2.33-149.el7.noarch.rpm SHA-256: 3e91d2300072655b64b71f342b45bef32666f7b4504a6381f2bc586128e25136
rh-ruby30-rubygems-devel-3.2.33-149.el7.noarch.rpm SHA-256: 7895bbdf93cd6bbfb4d7327c3adfb25d8c766fdea645eccdefd9984cc12e689f

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7

SRPM
rh-ruby30-ruby-3.0.4-149.el7.src.rpm SHA-256: b7ec6c7ecabd39f3364bcae1257d7fcce22597b48adc1273d1238d36ee566b5c
ppc64le
rh-ruby30-ruby-3.0.4-149.el7.ppc64le.rpm SHA-256: 5e6bb9e0d4aca5baf3d85ece86d691149f9df089d1263495fddfd28edf5cffe5
rh-ruby30-ruby-debuginfo-3.0.4-149.el7.ppc64le.rpm SHA-256: 8b49086b9640bcbc7335be8bca7543d321e0a81a23e2e90e4ed4e178d031cfc5
rh-ruby30-ruby-default-gems-3.0.4-149.el7.noarch.rpm SHA-256: ccf554318e61464b6eda8408c16a1b8005f0765d8dc39a6d76e73d06d89a9710
rh-ruby30-ruby-devel-3.0.4-149.el7.ppc64le.rpm SHA-256: 1c9da70261a5db7c6594e3e3525d2deab5159c35e96b2b08993cbeb8305c0238
rh-ruby30-ruby-doc-3.0.4-149.el7.noarch.rpm SHA-256: 8348d300ff6b0f1ee2171a8f1d8c87551d9ab734d8f9468dcc5634c0754ae443
rh-ruby30-ruby-libs-3.0.4-149.el7.ppc64le.rpm SHA-256: 12367ff2536bc7e71b94fb576fcbb5287129cfa721b9e7bf7750e90628bba9a5
rh-ruby30-rubygem-bigdecimal-3.0.0-149.el7.ppc64le.rpm SHA-256: 6f9b0b1ded5832cf1d4fbd876460b5346c544042283c732f12c62a11b7a736d9
rh-ruby30-rubygem-bundler-2.2.33-149.el7.noarch.rpm SHA-256: 16da27d93ec2f61e92e82bf7342026204b5c42932616e3b5e31cc4d8d64b26aa
rh-ruby30-rubygem-io-console-0.5.7-149.el7.ppc64le.rpm SHA-256: 78cc0dcdd23719841441e41ca15b8f31d2aa6ffb3c09d1707c1b73ff36b803df
rh-ruby30-rubygem-irb-1.3.5-149.el7.noarch.rpm SHA-256: 1711976a180dde61ba5015c2fb45dd214dc6a87b6a5706b800dce654bb85ff0c
rh-ruby30-rubygem-json-2.5.1-149.el7.ppc64le.rpm SHA-256: e0cf07935eabdcaf172146f67586a0c45cd60bfaf4772501a10e331d7f920ab5
rh-ruby30-rubygem-minitest-5.14.2-149.el7.noarch.rpm SHA-256: 4e1d513a7d9359fabca41577095a39645584d083e06a43e5ad5ab537d36d416d
rh-ruby30-rubygem-power_assert-1.2.0-149.el7.noarch.rpm SHA-256: 95d35e6ecd5f9c7dde75304d1a88bb687c7b743db72157a273e89dd7d71ed0c2
rh-ruby30-rubygem-psych-3.3.2-149.el7.ppc64le.rpm SHA-256: 20776d94176b70de5aad5e7d5b1bcea6a33c38f8078d284a3b1ef92d9384ea50
rh-ruby30-rubygem-rake-13.0.3-149.el7.noarch.rpm SHA-256: 880f6ac34758a0dd26d6ca5e81f4bfe1b25d2749611e0a1891249ca21063b7ac
rh-ruby30-rubygem-rbs-1.4.0-149.el7.noarch.rpm SHA-256: b2711b7ab2fe60ab997d4712d222d781f26e39a81f0db476c4b3a7956ec2a33a
rh-ruby30-rubygem-rexml-3.2.5-149.el7.noarch.rpm SHA-256: 9fc333ab0f5592d86738b7dc7d20bdeb1b8353250404d882dda01b7c1320e38f
rh-ruby30-rubygem-rss-0.2.9-149.el7.noarch.rpm SHA-256: 825199635a2273093c255489e1303c3a68f8e5d5107fba9403b9fb66384ceafd
rh-ruby30-rubygem-test-unit-3.3.7-149.el7.noarch.rpm SHA-256: 364e9ab21fa54a873cf0babb701cf885a508b59bb2b0430ff70ebec84431ead0
rh-ruby30-rubygem-typeprof-0.15.2-149.el7.noarch.rpm SHA-256: 374d365fdd0bb88d2af834b5728c435c8530595b755179a97ba973e6b74465a5
rh-ruby30-rubygems-3.2.33-149.el7.noarch.rpm SHA-256: 3e91d2300072655b64b71f342b45bef32666f7b4504a6381f2bc586128e25136
rh-ruby30-rubygems-devel-3.2.33-149.el7.noarch.rpm SHA-256: 7895bbdf93cd6bbfb4d7327c3adfb25d8c766fdea645eccdefd9984cc12e689f

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-ruby30-ruby-3.0.4-149.el7.src.rpm SHA-256: b7ec6c7ecabd39f3364bcae1257d7fcce22597b48adc1273d1238d36ee566b5c
x86_64
rh-ruby30-ruby-3.0.4-149.el7.x86_64.rpm SHA-256: 620163dc82dbc9b17cb356a437c559467b9ebbd97d33e6d951cd58f67d089329
rh-ruby30-ruby-debuginfo-3.0.4-149.el7.x86_64.rpm SHA-256: 1c1becee8e0688ba251ab20b4f04e708ae87d1332aa1c339ab65856df52e6f07
rh-ruby30-ruby-default-gems-3.0.4-149.el7.noarch.rpm SHA-256: ccf554318e61464b6eda8408c16a1b8005f0765d8dc39a6d76e73d06d89a9710
rh-ruby30-ruby-devel-3.0.4-149.el7.x86_64.rpm SHA-256: 8e3c44c72ce6a68f88352872778b783a15408123a8045d0502a7605f86015b47
rh-ruby30-ruby-doc-3.0.4-149.el7.noarch.rpm SHA-256: 8348d300ff6b0f1ee2171a8f1d8c87551d9ab734d8f9468dcc5634c0754ae443
rh-ruby30-ruby-libs-3.0.4-149.el7.x86_64.rpm SHA-256: 748d82756a0993a166165b784c64ea0c997f86b00ead4c50cf750ccb141e897b
rh-ruby30-rubygem-bigdecimal-3.0.0-149.el7.x86_64.rpm SHA-256: a773c0aba303a71fc27030698cf66c59d7d4938cffa10fd9c6c66d6532139c6e
rh-ruby30-rubygem-bundler-2.2.33-149.el7.noarch.rpm SHA-256: 16da27d93ec2f61e92e82bf7342026204b5c42932616e3b5e31cc4d8d64b26aa
rh-ruby30-rubygem-io-console-0.5.7-149.el7.x86_64.rpm SHA-256: a69422b818f5dfb5c2da1978c1c1c185881e6cd57c8dcb6a6fcf4d3f20071d91
rh-ruby30-rubygem-irb-1.3.5-149.el7.noarch.rpm SHA-256: 1711976a180dde61ba5015c2fb45dd214dc6a87b6a5706b800dce654bb85ff0c
rh-ruby30-rubygem-json-2.5.1-149.el7.x86_64.rpm SHA-256: 77256d24fe58e5214c2182f87e19d0a644a4f2ef13f7dc99f727cadacc23e6af
rh-ruby30-rubygem-minitest-5.14.2-149.el7.noarch.rpm SHA-256: 4e1d513a7d9359fabca41577095a39645584d083e06a43e5ad5ab537d36d416d
rh-ruby30-rubygem-power_assert-1.2.0-149.el7.noarch.rpm SHA-256: 95d35e6ecd5f9c7dde75304d1a88bb687c7b743db72157a273e89dd7d71ed0c2
rh-ruby30-rubygem-psych-3.3.2-149.el7.x86_64.rpm SHA-256: e2f55831b6e63e85c0f35a69aab27acbf516a5f2efd7a0db85480917699b5e98
rh-ruby30-rubygem-rake-13.0.3-149.el7.noarch.rpm SHA-256: 880f6ac34758a0dd26d6ca5e81f4bfe1b25d2749611e0a1891249ca21063b7ac
rh-ruby30-rubygem-rbs-1.4.0-149.el7.noarch.rpm SHA-256: b2711b7ab2fe60ab997d4712d222d781f26e39a81f0db476c4b3a7956ec2a33a
rh-ruby30-rubygem-rexml-3.2.5-149.el7.noarch.rpm SHA-256: 9fc333ab0f5592d86738b7dc7d20bdeb1b8353250404d882dda01b7c1320e38f
rh-ruby30-rubygem-rss-0.2.9-149.el7.noarch.rpm SHA-256: 825199635a2273093c255489e1303c3a68f8e5d5107fba9403b9fb66384ceafd
rh-ruby30-rubygem-test-unit-3.3.7-149.el7.noarch.rpm SHA-256: 364e9ab21fa54a873cf0babb701cf885a508b59bb2b0430ff70ebec84431ead0
rh-ruby30-rubygem-typeprof-0.15.2-149.el7.noarch.rpm SHA-256: 374d365fdd0bb88d2af834b5728c435c8530595b755179a97ba973e6b74465a5
rh-ruby30-rubygems-3.2.33-149.el7.noarch.rpm SHA-256: 3e91d2300072655b64b71f342b45bef32666f7b4504a6381f2bc586128e25136
rh-ruby30-rubygems-devel-3.2.33-149.el7.noarch.rpm SHA-256: 7895bbdf93cd6bbfb4d7327c3adfb25d8c766fdea645eccdefd9984cc12e689f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.