new file mode 100644

@@ -0,0 +1,23 @@

+From 2267e0e785df88744f071957f62e0af4c91f4a1e Mon Sep 17 00:00:00 2001

+From: Drigg3r <drigg3r@yandex.com>

+Date: Tue, 19 Dec 2017 05:00:04 -0500

+Subject: [PATCH] Fixed command Injection

+

+Command Injection in Hosts::new() by use of Kernel#open

+---

+ lib/resolv.rb | 2 +-

+ 1 file changed, 1 insertion(+), 1 deletion(-)

+

+diff --git a/lib/resolv.rb b/lib/resolv.rb

+index 1044b95e6810..56183b837d81 100644

+--- a/lib/resolv.rb

+@@ -188,7 +188,7 @@ def lazy_initialize # :nodoc:

+         unless @initialized

+           @name2addr = {}

+           @addr2name = {}

+-          open(@filename, 'rb') {|f|

++          File.open(@filename, 'rb') {|f|

+             f.each {|line|

+               line.sub!(/#.*/, '')

+               addr, hostname, *aliases = line.split(/\s+/)

@@ -1,7 +1,7 @@

 Summary:        Ruby

 Name:           ruby

 Version:        2.4.3

-Release:        1%{?dist}

+Release:        2%{?dist}

 License:        BSDL

 URL:            https://www.ruby-lang.org/en/

 Group:          System Environment/Security

@@ -14,6 +14,7 @@ Patch1:         ruby-CVE-2017-9226.patch

 Patch2:         ruby-CVE-2017-9227.patch

 Patch3:         ruby-CVE-2017-9229.patch

 Patch4:         ruby-CVE-2017-9228.patch

+Patch5:         ruby-CVE-2017-17790.patch

 BuildRequires:  openssl-devel

 BuildRequires:  ca-certificates

 BuildRequires:  readline-devel

@@ -33,6 +34,7 @@ This is useful for object-oriented scripting.

 %patch2 -p1

 %patch3 -p1

 %patch4 -p1

+%patch5 -p1

 %build

 ./configure \

     --prefix=%{_prefix}   \

@@ -63,6 +65,8 @@ rm -rf %{buildroot}/*

 %{_docdir}/%{name}-%{version}

 %{_mandir}/man1/*

 %changelog

+*   Fri Jan 12 2018 Xiaolin Li <xiaolinl@vmware.com> 2.4.3-2

+-   Fix CVE-2017-17790

 *   Wed Jan 03 2018 Xiaolin Li <xiaolinl@vmware.com> 2.4.3-1

 -   Update to version 2.4.3, fix CVE-2017-17405

 *   Fri Sep 29 2017 Xiaolin Li <xiaolinl@vmware.com> 2.4.2-1