SB2022012209 - openEuler update for ruby

Main Vulnerability Database SB2022012209

SB2022012209 - openEuler update for ruby

Published: January 22, 2022

Security Bulletin ID SB2022012209

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Spoofing attack (CVE-ID: CVE-2021-41819)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in CGI::Cookie.parse. A remote attacker can spoof page content.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1497

Vulnerable Software

openEuler: 20.03 LTS SP1 - 20.03 LTS SP3
rubygem-did_you_mean: before 1.2.0-115
rubygems-devel: before 2.7.6-115
ruby-help: before 2.5.8-115
rubygems: before 2.7.6-115
rubygem-test-unit: before 3.2.7-115
rubygem-power_assert: before 1.1.1-115
rubygem-net-telnet: before 0.1.1-115
rubygem-xmlrpc: before 0.3.0-115
rubygem-minitest: before 5.10.3-115
ruby-irb: before 2.5.8-115
rubygem-rdoc: before 6.0.1.1-115
rubygem-rake: before 12.3.0-115
ruby-debuginfo: before 2.5.8-115
rubygem-io-console: before 0.4.6-115
ruby-debugsource: before 2.5.8-115
ruby-devel: before 2.5.8-115
rubygem-psych: before 3.0.2-115
rubygem-json: before 2.1.0-115
rubygem-bigdecimal: before 1.3.4-115
rubygem-openssl: before 2.1.2-115
ruby: before 2.5.8-115