Change-Id: I0f260165dae0acd3d9cf9c8e7f543fba5c0a3f6f
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4642
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Divya Thaluru <dthaluru@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,23 @@ |
0 |
+From 2267e0e785df88744f071957f62e0af4c91f4a1e Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Drigg3r <drigg3r@yandex.com> |
|
2 |
+Date: Tue, 19 Dec 2017 05:00:04 -0500 |
|
3 |
+Subject: [PATCH] Fixed command Injection |
|
4 |
+ |
|
5 |
+Command Injection in Hosts::new() by use of Kernel#open |
|
6 |
+--- |
|
7 |
+ lib/resolv.rb | 2 +- |
|
8 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
|
9 |
+ |
|
10 |
+diff --git a/lib/resolv.rb b/lib/resolv.rb |
|
11 |
+index 1044b95e6810..56183b837d81 100644 |
|
12 |
+--- a/lib/resolv.rb |
|
13 |
+@@ -188,7 +188,7 @@ def lazy_initialize # :nodoc: |
|
14 |
+ unless @initialized |
|
15 |
+ @name2addr = {} |
|
16 |
+ @addr2name = {} |
|
17 |
+- open(@filename, 'rb') {|f| |
|
18 |
++ File.open(@filename, 'rb') {|f| |
|
19 |
+ f.each {|line| |
|
20 |
+ line.sub!(/#.*/, '') |
|
21 |
+ addr, hostname, *aliases = line.split(/\s+/) |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: Ruby |
2 | 2 |
Name: ruby |
3 | 3 |
Version: 2.4.3 |
4 |
-Release: 1%{?dist} |
|
4 |
+Release: 2%{?dist} |
|
5 | 5 |
License: BSDL |
6 | 6 |
URL: https://www.ruby-lang.org/en/ |
7 | 7 |
Group: System Environment/Security |
... | ... |
@@ -14,6 +14,7 @@ Patch1: ruby-CVE-2017-9226.patch |
14 | 14 |
Patch2: ruby-CVE-2017-9227.patch |
15 | 15 |
Patch3: ruby-CVE-2017-9229.patch |
16 | 16 |
Patch4: ruby-CVE-2017-9228.patch |
17 |
+Patch5: ruby-CVE-2017-17790.patch |
|
17 | 18 |
BuildRequires: openssl-devel |
18 | 19 |
BuildRequires: ca-certificates |
19 | 20 |
BuildRequires: readline-devel |
... | ... |
@@ -33,6 +34,7 @@ This is useful for object-oriented scripting. |
33 | 33 |
%patch2 -p1 |
34 | 34 |
%patch3 -p1 |
35 | 35 |
%patch4 -p1 |
36 |
+%patch5 -p1 |
|
36 | 37 |
%build |
37 | 38 |
./configure \ |
38 | 39 |
--prefix=%{_prefix} \ |
... | ... |
@@ -63,6 +65,8 @@ rm -rf %{buildroot}/* |
63 | 63 |
%{_docdir}/%{name}-%{version} |
64 | 64 |
%{_mandir}/man1/* |
65 | 65 |
%changelog |
66 |
+* Fri Jan 12 2018 Xiaolin Li <xiaolinl@vmware.com> 2.4.3-2 |
|
67 |
+- Fix CVE-2017-17790 |
|
66 | 68 |
* Wed Jan 03 2018 Xiaolin Li <xiaolinl@vmware.com> 2.4.3-1 |
67 | 69 |
- Update to version 2.4.3, fix CVE-2017-17405 |
68 | 70 |
* Fri Sep 29 2017 Xiaolin Li <xiaolinl@vmware.com> 2.4.2-1 |