Amazon Linux 1 Security Advisory: ALAS-2020-1426
Advisory Release Date: 2020-08-26 23:10 Pacific
Advisory Updated Date: 2020-08-31 20:33 Pacific
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. (CVE-2020-10663)
Affected Packages:
ruby19, ruby21
Issue Correction:
Run yum update ruby19 to update your system.
Run yum update ruby21 to update your system.
i686:
ruby21-libs-2.1.9-1.23.amzn1.i686
rubygem21-io-console-0.4.3-1.23.amzn1.i686
ruby21-2.1.9-1.23.amzn1.i686
rubygem21-bigdecimal-1.2.4-1.23.amzn1.i686
ruby21-devel-2.1.9-1.23.amzn1.i686
ruby21-debuginfo-2.1.9-1.23.amzn1.i686
rubygem21-psych-2.0.5-1.23.amzn1.i686
ruby19-debuginfo-1.9.3.551-33.71.amzn1.i686
ruby19-1.9.3.551-33.71.amzn1.i686
rubygem19-bigdecimal-1.1.0-33.71.amzn1.i686
ruby19-doc-1.9.3.551-33.71.amzn1.i686
ruby19-libs-1.9.3.551-33.71.amzn1.i686
rubygem19-json-1.5.5-33.71.amzn1.i686
ruby19-devel-1.9.3.551-33.71.amzn1.i686
rubygem19-io-console-0.3-33.71.amzn1.i686
noarch:
rubygems21-2.2.5-1.23.amzn1.noarch
ruby21-irb-2.1.9-1.23.amzn1.noarch
ruby21-doc-2.1.9-1.23.amzn1.noarch
rubygems21-devel-2.2.5-1.23.amzn1.noarch
rubygem19-rake-0.9.2.2-33.71.amzn1.noarch
rubygem19-minitest-2.5.1-33.71.amzn1.noarch
rubygems19-1.8.23.2-33.71.amzn1.noarch
ruby19-irb-1.9.3.551-33.71.amzn1.noarch
rubygems19-devel-1.8.23.2-33.71.amzn1.noarch
rubygem19-rdoc-3.9.5-33.71.amzn1.noarch
src:
ruby21-2.1.9-1.23.amzn1.src
ruby19-1.9.3.551-33.71.amzn1.src
x86_64:
ruby21-devel-2.1.9-1.23.amzn1.x86_64
ruby21-2.1.9-1.23.amzn1.x86_64
ruby21-debuginfo-2.1.9-1.23.amzn1.x86_64
rubygem21-io-console-0.4.3-1.23.amzn1.x86_64
rubygem21-psych-2.0.5-1.23.amzn1.x86_64
rubygem21-bigdecimal-1.2.4-1.23.amzn1.x86_64
ruby21-libs-2.1.9-1.23.amzn1.x86_64
rubygem19-bigdecimal-1.1.0-33.71.amzn1.x86_64
rubygem19-io-console-0.3-33.71.amzn1.x86_64
ruby19-debuginfo-1.9.3.551-33.71.amzn1.x86_64
ruby19-1.9.3.551-33.71.amzn1.x86_64
ruby19-libs-1.9.3.551-33.71.amzn1.x86_64
ruby19-doc-1.9.3.551-33.71.amzn1.x86_64
ruby19-devel-1.9.3.551-33.71.amzn1.x86_64
rubygem19-json-1.5.5-33.71.amzn1.x86_64