Ruby Gems Bundled Version

Janis Dean's Avatar

Janis Dean

07 Mar, 2018 05:17 PM

Good Afternoon - I am working on remediating vulnerabilities. I am not a tech person. I am just merely tracking the success of our remediation program. We have many Ruby Gem vulnerabilities. This is what I have been told.

We will be patching Ruby gems as part of our Linux patching once the patch is available. There is not currently a patch for the QID in question. It is estimated to be released in the next month or two. We will be filing an exception for these.

One important point of clarification: We will only be patching the Ruby gems package that was provided by Red Hat. If an app has Ruby gems bundled as part of its installation, we will not be patching it.

If you run the list rubygems on the server with a Red Hat provided package you will see this:

Installed Packages
rubygems.noarch @nw-rhel7-x86_64-sat5

That tells me it was installed via the nationwide satellite server from the RHEL 7 channel. If this returns nothing, and rubygems is still detected as a vulnerability on the server, it is application bundled gems and we will not be patching it.

My question to you is, Is there a patch for bundled Ruby Gem?

  1. Support Staff 1 Posted by kerrizor on 08 Mar, 2018 04:21 PM

    kerrizor's Avatar

    Thanks for contacting us. I don't believe that is involved in directly maintaining the contents of the Red Hat packaging of Ruby (details on the package found here: so I'm afraid that I don't have any insight to offer you, other than to note that based on the dates in the changelog for that package, the newest being March 2017, individual items in the package quite certainly have newer releases. That said, we only offer support for, bundler, and associated tools and APIs, not for the 3rd party package put together by Red Hat.

  2. kerrizor closed this discussion on 08 Mar, 2018 04:21 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac