RHSA-2022:6855: Moderate: rh-ruby30-ruby security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.<br>The following packages have been upgraded to a later upstream version: rh-ruby30-ruby (3.0.4). (BZ#2128628)<br>Security Fix(es):<br><li> ruby: buffer overflow in CGI.escapehtml (CVE-2021-41816)</li> <li> ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)</li> <li> ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)</li> <li> Ruby: Double free in Regexp compilation (CVE-2022-28738)</li> <li> Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> rh-ruby30 ruby: User-installed rubygems plugins are not being loaded (BZ#2128629)</li>
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:6855?
The severity of RHSA-2022:6855 is classified as moderate.
How do I fix RHSA-2022:6855?
You can fix RHSA-2022:6855 by upgrading to the patched version 3.0.4-149.el7 of the affected packages.
What are the affected packages in RHSA-2022:6855?
The affected packages in RHSA-2022:6855 include rh-ruby30-ruby, rh-ruby30-ruby-devel, and several rh-ruby30-rubygem packages.
Is RHSA-2022:6855 a critical vulnerability?
No, RHSA-2022:6855 is not a critical vulnerability; it is rated as moderate.
What platforms are impacted by RHSA-2022:6855?
RHSA-2022:6855 impacts Red Hat Enterprise Linux 7 systems that utilize the affected Ruby packages.