Sicherheit: Ausführen beliebiger Kommandos in rubygem-mechanize
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in rubygem-mechanize
ID: FEDORA-2021-db8ebc547e
Distribution: Fedora
Plattformen: Fedora 33
Datum: Do, 11. Februar 2021, 16:35
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21289
Applikationen: rubygem-mechanize


Fedora Update Notification
2021-02-11 01:42:27.185780

Name : rubygem-mechanize
Product : Fedora 33
Version : 2.7.7
Release : 1.fc33
URL : http://mechanize.rubyforge.org/
Summary : A handy web browsing ruby object
Description :
The Mechanize library is used for automating interaction with websites.
Mechanize automatically stores and sends cookies, follows redirects,
can follow links, and submit forms. Form fields can be populated and
submitted. Mechanize also keeps track of the sites that you have
visited as a history.

Update Information:

New version 2.7.7 is released. Note that a security flaw was found on the
previous version which may allow OS commands' injection, which is now
as CVE-2021-21289 . This new rpm fixes this issue.

* Tue Feb 2 2021 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.7.7-1
- 2.7.7
- Including fix for CVE-2021-21289
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> -
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jan 6 2021 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.7.6-2
- Fix build failure

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-db8ebc547e' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Pro-Linux @Facebook
Neue Nachrichten