FEDORA-2018-dd8162c004 — security update for ruby

ruby-2.5.1-92.fc28

FEDORA-2018-dd8162c004 created by vondruch 2 years ago for Fedora 28

stable

Rebase to Ruby 2.5.1.
Several CVE fixes.
Conflict requirement needs to generate dependency.
Stop using --with-setjmp-type=setjmp on aarch64.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-dd8162c004

This update has been submitted for testing by vondruch.

2 years ago

This update has been pushed to testing.

2 years ago

cairo provided feedback 2 years ago

karma

kuosmanen commented & provided feedback 2 years ago

karma

looks good

pwalter commented & provided feedback 2 years ago

karma

Works

This update has been submitted for batched by bodhi.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

Builds

ruby-2.5.1-92.fc28

Settings

Unstable by Karma

-3

Stable by Karma

Dates

submitted

2 years ago

in testing

2 years ago

in stable

2 years ago

BZ#1545239 miniruby crashing when compiled with -O2 or -O1 on aarch64

BZ#1561487 Requires generator does not handle correctly dependencies such as "cookiejar != 0.3.1"

BZ#1561817 ruby-2.5.1 is available

BZ#1561947 CVE-2018-6914 ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir

BZ#1561948 CVE-2018-8779 ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

BZ#1561949 CVE-2018-8780 ruby: Unintentional directory traversal by poisoned NULL byte in Dir

BZ#1561950 CVE-2018-8777 ruby: DoS by large request in WEBrick

BZ#1561952 CVE-2017-17742 ruby: HTTP response splitting in WEBrick

BZ#1561953 CVE-2018-8778 ruby: Buffer under-read in String#unpack

BZ#1561957 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 ruby: various flaws [fedora-all]

ruby-2.5.1-92.fc28

How to install

Automated Test Results