RHSA-2018:0585: Important: rh-ruby23-ruby security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.The following packages have been upgraded to a later upstream version: rh-ruby23-ruby (2.3.6), rh-ruby23-rubygems (2.5.2.2), rh-ruby23-rubygem-json (1.8.3.1), rh-ruby23-rubygem-minitest (5.8.5), rh-ruby23-rubygem-psych (2.1.0.1). (BZ#1549649)Security Fix(es): ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405) ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898) rubygems: Arbitrary file overwrite due to incorrect validation of specification name (CVE-2017-0901) rubygems: DNS hijacking vulnerability (CVE-2017-0902) rubygems: Unsafe object deserialization through YAML formatted gem specifications (CVE-2017-0903) ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick (CVE-2017-10784) ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033) rubygems: Escape sequence in the "summary" field of gemspec (CVE-2017-0899) rubygems: No size limit in summary length of gem spec (CVE-2017-0900) ruby: Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064) ruby: Command injection in lib/resolv.rb:lazyinitialize() allows arbitrary code execution (CVE-2017-17790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.