Hide Forgot
`TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Reference: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
Created rubygem-tzinfo tracking bugs for this issue: Affects: epel-7 [bug 2110552]
This issue has been addressed in the following products: Red Hat Satellite 6.11 for RHEL 7 Red Hat Satellite 6.11 for RHEL 8 Via RHSA-2022:7242 https://access.redhat.com/errata/RHSA-2022:7242