An update for rubygem-excon is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1420 Final 1.0 1.0 2021-11-05 Initial 2021-11-05 2021-11-05 openEuler SA Tool V1.0 2021-11-05 rubygem-excon security update An update for rubygem-excon is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. EXtended http(s) CONnections. Security Fix(es): In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.(CVE-2019-16779) An update for rubygem-excon is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium rubygem-excon https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1420 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2019-16779 https://nvd.nist.gov/vuln/detail/CVE-2019-16779 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 rubygem-excon-help-0.62.0-3.oe1.noarch.rpm rubygem-excon-0.62.0-3.oe1.noarch.rpm rubygem-excon-0.62.0-3.oe1.noarch.rpm rubygem-excon-help-0.62.0-3.oe1.noarch.rpm rubygem-excon-0.62.0-3.oe1.src.rpm rubygem-excon-0.62.0-3.oe1.src.rpm In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this. 2021-11-05 CVE-2019-16779 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N rubygem-excon security update 2021-11-05 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1420