Synopsis: Important: ruby security update
Advisory ID:       SLSA-2019:1235-1
Issue Date:        2019-05-15
CVE Numbers:       CVE-2019-8322
                   CVE-2019-8323
                   CVE-2019-8324
                   CVE-2019-8325
--

Security Fix(es):

* rubygems: Installing a malicious gem may lead to arbitrary code
execution (CVE-2019-8324)

* rubygems: Escape sequence injection vulnerability in gem owner
(CVE-2019-8322)

* rubygems: Escape sequence injection vulnerability in API response
handling (CVE-2019-8323)

* rubygems: Escape sequence injection vulnerability in errors
(CVE-2019-8325)
--

SL7
  x86_64
    ruby-2.0.0.648-35.el7_6.x86_64.rpm
    ruby-debuginfo-2.0.0.648-35.el7_6.i686.rpm
    ruby-debuginfo-2.0.0.648-35.el7_6.x86_64.rpm
    ruby-libs-2.0.0.648-35.el7_6.i686.rpm
    ruby-libs-2.0.0.648-35.el7_6.x86_64.rpm
    rubygem-bigdecimal-1.2.0-35.el7_6.x86_64.rpm
    rubygem-io-console-0.4.2-35.el7_6.x86_64.rpm
    rubygem-json-1.7.7-35.el7_6.x86_64.rpm
    rubygem-psych-2.0.0-35.el7_6.x86_64.rpm
    ruby-devel-2.0.0.648-35.el7_6.x86_64.rpm
    ruby-tcltk-2.0.0.648-35.el7_6.x86_64.rpm
    ruby-2.0.0.648-35.el7_6.src.rpm
  noarch
    ruby-irb-2.0.0.648-35.el7_6.noarch.rpm
    rubygem-rdoc-4.0.0-35.el7_6.noarch.rpm
    rubygems-2.0.14.1-35.el7_6.noarch.rpm
    ruby-doc-2.0.0.648-35.el7_6.noarch.rpm
    rubygem-minitest-4.3.2-35.el7_6.noarch.rpm
    rubygem-rake-0.9.6-35.el7_6.noarch.rpm
    rubygems-devel-2.0.14.1-35.el7_6.noarch.rpm

- Scientific Linux Development Team