RHSA-2018:0583: Important: rh-ruby22-ruby security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.The following packages have been upgraded to a later upstream version: rh-ruby22-ruby (2.2.9), rh-ruby22-rubygems (2.4.5.4), rh-ruby22-rubygem-psych (2.0.8.1), rh-ruby22-rubygem-json (1.8.1.1). (BZ#1549646)Security Fix(es): ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405) ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898) rubygems: Arbitrary file overwrite due to incorrect validation of specification name (CVE-2017-0901) rubygems: DNS hijacking vulnerability (CVE-2017-0902) rubygems: Unsafe object deserialization through YAML formatted gem specifications (CVE-2017-0903) ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick (CVE-2017-10784) ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033) ruby: DL::dlopen could open a library with tainted library name (CVE-2009-5147, CVE-2015-7551) rubygems: Escape sequence in the "summary" field of gemspec (CVE-2017-0899) rubygems: No size limit in summary length of gem spec (CVE-2017-0900) ruby: Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064) ruby: Command injection in lib/resolv.rb:lazyinitialize() allows arbitrary code execution (CVE-2017-17790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.