Security Vulnerabilities fixed in ruby RHSA-2021:2584

description-logoDescription

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.7.3). (BZ#1951999) Security Fix(es): ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613) ruby: XML round-trip vulnerability in REXML (CVE-2021-28965) ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613) ruby: XML round-trip vulnerability in REXML (CVE-2021-28965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): Resolv::DNS: ruby:2.7/ruby: timeouts if multiple IPv6 name servers are given and address contains leading zero [rhel-8] (BZ#1952000) SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258

affected-products-logoAffected Applications

ruby