[CLSA-2026:1778256925] Fix CVE(s): CVE-2021-43809
Type:
security
Severity:
Important
Release date:
2026-05-08 16:15:35 UTC
Description:
* SECURITY UPDATE: Bundler argument injection via leading-dash Gemfile git URL - debian/patches/CVE-2021-43809.patch: insert "--" end-of-options separator before configured_uri in the clone and fetch commands built by lib/bundler/source/git/git_proxy.rb (the override .txz ships Bundler 2.2.24, predating the fix in 2.2.33). The clone command also reorders args so all flags precede "--", matching the upstream PR #5142 idiom. - CVE-2021-43809
Updated packages:
  • alt-ruby27_2.7.8-3_amd64.deb
    sha:809afd75bca7b6054e78d74babea77d9388057e8
  • alt-ruby27-default-gems_2.7.8-3_amd64.deb
    sha:c805957312d7321b9bf8e2edc30b918b55b7d2e4
  • alt-ruby27-devel_2.7.8-3_amd64.deb
    sha:0803f2f96f52295d77513db242a072a9d0fc1e9f
  • alt-ruby27-doc_2.7.8-3_amd64.deb
    sha:afe990eea6867e07ffc5a8925df8e975c2192713
  • alt-ruby27-libs_2.7.8-3_amd64.deb
    sha:24fe605d853f86511ce802db2ac26178d524baa2
  • alt-ruby27-rubygem-bigdecimal_2.0.0-3_amd64.deb
    sha:897b2d72132915079626a8c18d6fd5ec35406e68
  • alt-ruby27-rubygem-bundler_2.2.24-3_amd64.deb
    sha:2b79e145b96813a86b7fada39a2ca08d30b4d39a
  • alt-ruby27-rubygem-io-console_0.5.6-3_amd64.deb
    sha:1fe26ed74aecd3b797f6c115066965a119a1ffe1
  • alt-ruby27-rubygem-irb_1.2.6-3_amd64.deb
    sha:659b84aa31de78486a3dcc5d66dd9b004ada18ae
  • alt-ruby27-rubygem-json_2.3.0-3_amd64.deb
    sha:096a4255710cd09580a4eba5fc08ef11ce6a0a51
  • alt-ruby27-rubygem-minitest_5.13.0-3_amd64.deb
    sha:24a8e4d1219e60f43595506fbc07775e8c4a9641
  • alt-ruby27-rubygem-net-telnet_0.2.0-3_amd64.deb
    sha:c50419cbb15c89f900e1a8be7784df59d14e579f
  • alt-ruby27-rubygem-power-assert_1.1.7-3_amd64.deb
    sha:415f37684669d94c799e44aeac256df169cbd2c8
  • alt-ruby27-rubygem-psych_3.1.0-3_amd64.deb
    sha:07115476559ea51158933ce8aa95996982752e45
  • alt-ruby27-rubygem-rake_13.0.1-3_amd64.deb
    sha:1c6b98114912d03922c3302e90e19ff61a258356
  • alt-ruby27-rubygem-rdoc_6.2.1.1-3_amd64.deb
    sha:aa65bc824bbee20164e5c63f72115f29d831bd95
  • alt-ruby27-rubygem-test-unit_3.3.4-3_amd64.deb
    sha:37a310595dae021f2104da80f3a03d214e42ad8d
  • alt-ruby27-rubygem-typeprof_2.7.8-3_amd64.deb
    sha:a9dfc68d5c5f812f149baca42599024c63f277d4
  • alt-ruby27-rubygem-xmlrpc_0.3.0-3_amd64.deb
    sha:01877d32de7f118d763cdff86eca6758bb6162a9
  • alt-ruby27-rubygems_3.1.6-3_amd64.deb
    sha:5cd4febabd78d9d4b0fe29de9ebdbcc33782f571
  • alt-ruby27-rubygems-devel_3.1.6-3_amd64.deb
    sha:4a531034deb4d80c8c0da4ba0a0b1c1852efe9c8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.