{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2016-2337: Fix type confusion in _cancel_eval Ruby's TclTkIp class method\n to prevent arbitrary code execution\n- CVE-2017-9224: Fix stack out-of-bounds read in match_at() during regular\n expression searching\n- CVE-2017-9227: Fix stack out-of-bounds read in mbc_enc_len() and invalid\n pointer dereference in forward_search_range()\n- CVE-2017-9228: Fix heap out-of-bounds write in bitset_set_range() and\n parse_char_class() by initializing critical local variable", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos7els/advisories/2025/clsa-2025_1759222758.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1759222758", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1759222758" } ], "tracking": { "current_release_date": "2025-10-13T15:03:33Z", "generator": { "date": "2025-10-13T15:03:33Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1759222758", "initial_release_date": "2025-09-30T08:59:20Z", "revision_history": [ { "date": "2025-09-30T08:59:20Z", "number": "1", "summary": "Initial version" }, { "date": "2025-10-13T15:03:33Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "ruby: Fix of 4 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 7", "product": { "name": "Community Enterprise Operating System 7", "product_id": "CentOS-7", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64", "product": { "name": "rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64", "product_id": "rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/rubygem-io-console@0.4.2-39.el7_9.tuxcare.els11?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64", "product": { "name": "rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64", "product_id": "rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/rubygem-bigdecimal@1.2.0-39.el7_9.tuxcare.els11?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64", "product": { "name": "rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64", "product_id": "rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/rubygem-psych@2.0.0-39.el7_9.tuxcare.els11?arch=x86_64" } } }, { "category": "product_version", "name": "ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "product": { "name": "ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "product_id": "ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ruby-devel@2.0.0.648-39.el7_9.tuxcare.els11?arch=x86_64" } } }, { "category": "product_version", "name": "ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "product": { "name": "ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "product_id": "ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ruby@2.0.0.648-39.el7_9.tuxcare.els11?arch=x86_64" } } }, { "category": "product_version", "name": "ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "product": { "name": "ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "product_id": "ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ruby-libs@2.0.0.648-39.el7_9.tuxcare.els11?arch=x86_64" } } }, { "category": "product_version", "name": "ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "product": { "name": "ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "product_id": "ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ruby-tcltk@2.0.0.648-39.el7_9.tuxcare.els11?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64", "product": { "name": "rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64", "product_id": "rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/rubygem-json@1.7.7-39.el7_9.tuxcare.els11?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch", "product": { "name": "rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch", "product_id": "rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/rubygem-rake@0.9.6-39.el7_9.tuxcare.els11?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch", "product": { "name": "rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch", "product_id": "rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/rubygem-rdoc@4.0.0-39.el7_9.tuxcare.els11?arch=noarch" } } }, { "category": "product_version", "name": "ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "product": { "name": "ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "product_id": "ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ruby-doc@2.0.0.648-39.el7_9.tuxcare.els11?arch=noarch" } } }, { "category": "product_version", "name": "ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "product": { "name": "ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "product_id": "ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ruby-irb@2.0.0.648-39.el7_9.tuxcare.els11?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch", "product": { "name": "rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch", "product_id": "rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/rubygem-minitest@4.3.2-39.el7_9.tuxcare.els11?arch=noarch" } } }, { "category": "product_version", "name": "rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "product": { "name": "rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "product_id": "rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/rubygems-devel@2.0.14.1-39.el7_9.tuxcare.els11?arch=noarch" } } }, { "category": "product_version", "name": "rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "product": { "name": "rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "product_id": "rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/rubygems@2.0.14.1-39.el7_9.tuxcare.els11?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686", "product": { "name": "ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686", "product_id": "ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ruby-libs@2.0.0.648-39.el7_9.tuxcare.els11?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64" }, "product_reference": "rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch" }, "product_reference": "rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch" }, "product_reference": "rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64" }, "product_reference": "rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64" }, "product_reference": "rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64" }, "product_reference": "ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch" }, "product_reference": "ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch" }, "product_reference": "ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64" }, "product_reference": "ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686" }, "product_reference": "ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64" }, "product_reference": "ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64" }, "product_reference": "ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch" }, "product_reference": "rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64" }, "product_reference": "rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch" }, "product_reference": "rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch" }, "product_reference": "rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "relates_to_product_reference": "CentOS-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-9224", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-7:ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-9224" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/101244", "url": "http://www.securityfocus.com/bid/101244" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:1296", "url": "https://access.redhat.com/errata/RHSA-2018:1296" }, { "category": "external", "summary": "https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b", "url": "https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b" }, { "category": "external", "summary": "https://github.com/kkos/oniguruma/issues/57", "url": "https://github.com/kkos/oniguruma/issues/57" } ], "release_date": "2017-05-24T15:29:00Z", "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-7:ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2016-2337", "notes": [ { "category": "description", "text": "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-7:ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2016-2337" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/91233", "url": "http://www.securityfocus.com/bid/91233" }, { "category": "external", "summary": "http://www.talosintelligence.com/reports/TALOS-2016-0031/", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0031/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201710-18", "url": "https://security.gentoo.org/glsa/201710-18" } ], "release_date": "2017-01-06T21:59:00Z", "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "CentOS-7:ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2017-9227", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-7:ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-9227" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/100538", "url": "http://www.securityfocus.com/bid/100538" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:1296", "url": "https://access.redhat.com/errata/RHSA-2018:1296" }, { "category": "external", "summary": "https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814", "url": "https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814" }, { "category": "external", "summary": "https://github.com/kkos/oniguruma/issues/58", "url": "https://github.com/kkos/oniguruma/issues/58" } ], "release_date": "2017-05-24T15:29:00Z", "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-7:ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2017-9228", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-7:ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-9228" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:1296", "url": "https://access.redhat.com/errata/RHSA-2018:1296" }, { "category": "external", "summary": "https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b", "url": "https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b" }, { "category": "external", "summary": "https://github.com/kkos/oniguruma/issues/60", "url": "https://github.com/kkos/oniguruma/issues/60" } ], "release_date": "2017-05-24T15:29:00Z", "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-7:ruby-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-devel-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-doc-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-irb-0:2.0.0.648-39.el7_9.tuxcare.els11.noarch", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.i686", "CentOS-7:ruby-libs-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:ruby-tcltk-0:2.0.0.648-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-bigdecimal-0:1.2.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-io-console-0:0.4.2-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-json-0:1.7.7-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-minitest-0:4.3.2-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-psych-0:2.0.0-39.el7_9.tuxcare.els11.x86_64", "CentOS-7:rubygem-rake-0:0.9.6-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygem-rdoc-0:4.0.0-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch", "CentOS-7:rubygems-devel-0:2.0.14.1-39.el7_9.tuxcare.els11.noarch" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] } ] }