[CLSA-2026:1778257532] Fix CVE(s): CVE-2021-43809
Type:
security
Severity:
Important
Release date:
2026-05-08 16:25:40 UTC
Description:
* SECURITY UPDATE: Bundler argument injection via leading-dash Gemfile git URL - debian/patches/CVE-2021-43809.patch: insert "--" end-of-options separator before configured_uri in the clone and fetch commands built by lib/bundler/source/git/git_proxy.rb (the override .txz ships Bundler 2.2.24, predating the fix in 2.2.33). The clone command also reorders args so all flags precede "--", matching the upstream PR #5142 idiom. - CVE-2021-43809
Updated packages:
  • alt-ruby27_2.7.8-3_amd64.deb
    sha:219c09594298ecd4ed41c3abf2e7756ce66ba298
  • alt-ruby27-default-gems_2.7.8-3_amd64.deb
    sha:60b6d6e0da9ac6f9ef92b5e415652d113537b0b6
  • alt-ruby27-devel_2.7.8-3_amd64.deb
    sha:b316616aca9482d1ed9d8c21946f689273476467
  • alt-ruby27-doc_2.7.8-3_amd64.deb
    sha:568750e9c7ac15b1c74cdab69f25ba0dbb69e283
  • alt-ruby27-libs_2.7.8-3_amd64.deb
    sha:3689b9c9315616205fcab0f23be8b10dd331d132
  • alt-ruby27-rubygem-bigdecimal_2.0.0-3_amd64.deb
    sha:57da9150963212df777173fe5de5efe105ea684f
  • alt-ruby27-rubygem-bundler_2.2.24-3_amd64.deb
    sha:83791fed36236b68a50aa4e4cab90a46fe02e589
  • alt-ruby27-rubygem-io-console_0.5.6-3_amd64.deb
    sha:ed93a4a263b64db87958f34830fd4278120e18ae
  • alt-ruby27-rubygem-irb_1.2.6-3_amd64.deb
    sha:1c4d98eee2b82b018e1dae01660a3db83c8298b7
  • alt-ruby27-rubygem-json_2.3.0-3_amd64.deb
    sha:16736090abfdb6b17f3f18fdc630cc474e86e370
  • alt-ruby27-rubygem-minitest_5.13.0-3_amd64.deb
    sha:b2ba40d13c111d0161652eafb911fe2b939d1331
  • alt-ruby27-rubygem-net-telnet_0.2.0-3_amd64.deb
    sha:5cf5e64b89cfe0eea2322d4ec10c799691a9e97b
  • alt-ruby27-rubygem-power-assert_1.1.7-3_amd64.deb
    sha:fdfa59faf8f0a793e7c37c4fee1eb32c629a7182
  • alt-ruby27-rubygem-psych_3.1.0-3_amd64.deb
    sha:e136ea339f84f18e2d6441e70975324d69ed9a41
  • alt-ruby27-rubygem-rake_13.0.1-3_amd64.deb
    sha:930f96701c645465776839b0e04e8d60018a437c
  • alt-ruby27-rubygem-rdoc_6.2.1.1-3_amd64.deb
    sha:83dfded128e74bf2806ae0ea63c1cee0af793cfd
  • alt-ruby27-rubygem-test-unit_3.3.4-3_amd64.deb
    sha:a9dafe0e5c3060aae04edc9c47bf1cae5de1c6cf
  • alt-ruby27-rubygem-typeprof_2.7.8-3_amd64.deb
    sha:a8f79f4cecee5aa77ecdbec9cbfb561c27423725
  • alt-ruby27-rubygem-xmlrpc_0.3.0-3_amd64.deb
    sha:10789df708273148e2cb8fa72dc7fea1e1ebc42e
  • alt-ruby27-rubygems_3.1.6-3_amd64.deb
    sha:0d79b88023ea4efbc73b9543ea4a21f26a86bf4d
  • alt-ruby27-rubygems-devel_3.1.6-3_amd64.deb
    sha:4ae49630c537e1df0403545e1efae77e9526ae87
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.