ALAS-2020-1384


Amazon Linux AMI Security Advisory: ALAS-2020-1384
Advisory Release Date: 2020-06-23 06:05 Pacific
Advisory Updated Date: 2020-06-26 04:47 Pacific
Severity: Medium
References: CVE-2020-8130 

Issue Overview:

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. (CVE-2020-8130 )


Affected Packages:

rubygem-rake


Issue Correction:
Run yum update rubygem-rake to update your system.

New Packages:
noarch:
    rubygem21-rake-doc-10.4.2-1.48.amzn1.noarch
    rubygem20-rake-10.4.2-1.48.amzn1.noarch
    rubygem23-rake-10.4.2-1.48.amzn1.noarch
    rubygem21-rake-10.4.2-1.48.amzn1.noarch
    rubygem22-rake-doc-10.4.2-1.48.amzn1.noarch
    rubygem23-rake-doc-10.4.2-1.48.amzn1.noarch
    rubygem22-rake-10.4.2-1.48.amzn1.noarch
    rubygem20-rake-doc-10.4.2-1.48.amzn1.noarch

src:
    rubygem-rake-10.4.2-1.48.amzn1.src