[CLSA-2026:1778257245] Fix CVE(s): CVE-2021-43809
Type:
security
Severity:
Important
Release date:
2026-05-08 16:20:53 UTC
Description:
* SECURITY UPDATE: Bundler argument injection via leading-dash Gemfile git URL - debian/patches/CVE-2021-43809.patch: insert "--" end-of-options separator before configured_uri in the clone and fetch commands built by lib/bundler/source/git/git_proxy.rb (the override .txz ships Bundler 2.2.24, predating the fix in 2.2.33). The clone command also reorders args so all flags precede "--", matching the upstream PR #5142 idiom. - CVE-2021-43809
Updated packages:
  • alt-ruby27_2.7.8-3_amd64.deb
    sha:1c3daf4676ff24740d28f9d83f308c625256315f
  • alt-ruby27-default-gems_2.7.8-3_amd64.deb
    sha:9a678b9cd121ec172ee934f885b45313cbe7d695
  • alt-ruby27-devel_2.7.8-3_amd64.deb
    sha:e7d53bdc698da25889bd163f3bc7c71b7e1be1ee
  • alt-ruby27-doc_2.7.8-3_amd64.deb
    sha:24785aecbde1970c9568359f486a8b3e86703b8b
  • alt-ruby27-libs_2.7.8-3_amd64.deb
    sha:4e79fed3f80a05ee06409821be74ed976efe3062
  • alt-ruby27-rubygem-bigdecimal_2.0.0-3_amd64.deb
    sha:a975c85ca8a559bb28aa8aa7b99da7c46de9aeef
  • alt-ruby27-rubygem-bundler_2.2.24-3_amd64.deb
    sha:e55795fe04936d4efd1ca7a9a49025f2cd580dd3
  • alt-ruby27-rubygem-io-console_0.5.6-3_amd64.deb
    sha:2f96844ac311eab114ce3eca74bb25e24393e6a5
  • alt-ruby27-rubygem-irb_1.2.6-3_amd64.deb
    sha:e1d42d0526115e5ac136619277018bfd7de63f46
  • alt-ruby27-rubygem-json_2.3.0-3_amd64.deb
    sha:efa66add3df3d3b82b0378cf7e5e7633f2f3acb1
  • alt-ruby27-rubygem-minitest_5.13.0-3_amd64.deb
    sha:7d46b0c0c19cc8f4b5ff9a360ea37a9fd1982ded
  • alt-ruby27-rubygem-net-telnet_0.2.0-3_amd64.deb
    sha:17d42eaf8328cac0822cd594b118f279aa638965
  • alt-ruby27-rubygem-power-assert_1.1.7-3_amd64.deb
    sha:3760771f8b709f267f00d6975f0e1c3af857e79e
  • alt-ruby27-rubygem-psych_3.1.0-3_amd64.deb
    sha:926f74ce8edbec9af0430293e2628c51303ff630
  • alt-ruby27-rubygem-rake_13.0.1-3_amd64.deb
    sha:e5a4cdda15a826d7361eb2d2241fdf91e392d299
  • alt-ruby27-rubygem-rdoc_6.2.1.1-3_amd64.deb
    sha:684becb08841d5d0d8c170bd60b7e91aed88b2ab
  • alt-ruby27-rubygem-test-unit_3.3.4-3_amd64.deb
    sha:ca51977c51ddf4cbe5ad2e54c6a25cfc90fbea4a
  • alt-ruby27-rubygem-typeprof_2.7.8-3_amd64.deb
    sha:afd67baaf3d08dd76ad6cebaac2d3645263ac3cb
  • alt-ruby27-rubygem-xmlrpc_0.3.0-3_amd64.deb
    sha:edc2bcdb1743195c225755a8f98ae072f66214f7
  • alt-ruby27-rubygems_3.1.6-3_amd64.deb
    sha:f0d018822eda1316c1cb78afd46977e6619f5c5d
  • alt-ruby27-rubygems-devel_3.1.6-3_amd64.deb
    sha:5931a67f404748863d8582be1a16846893f21443
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.