what you don't know can hurt you

Debian Security Advisory 4259-1

Debian Security Advisory 4259-1
Posted Aug 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4259-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure.

tags | advisory, web, vulnerability, info disclosure, ruby
systems | linux, debian
advisories | CVE-2017-17405, CVE-2017-17742, CVE-2017-17790, CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079, CVE-2018-6914, CVE-2018-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780
MD5 | a76e5483b8c8bfad98c37d0bb78f7568

Debian Security Advisory 4259-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4259-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 31, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby2.3
CVE ID : CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914
CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780
CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075
CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078
CVE-2018-1000079

Several vulnerabilities have been discovered in the interpreter for the
Ruby language, which may result in incorrect processing of HTTP/FTP,
directory traversal, command injection, unintended socket creation or
information disclosure.

This update also fixes several issues in RubyGems which could allow an
attacker to use specially crafted gem files to mount cross-site scripting
attacks, cause denial of service through an infinite loop, write arbitrary
files, or run malicious code.

For the stable distribution (stretch), these problems have been fixed in
version 2.3.3-1+deb9u3.

We recommend that you upgrade your ruby2.3 packages.

For the detailed security status of ruby2.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby2.3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltg1O8ACgkQEMKTtsN8
TjbbOg/+JRn/qERSOsiv+/IGd8jr9VMnggz12SM5A35cWsH/Z1UkuioW0BrwKCCy
syrYIPvcWXgsbe5IJ84uZEWR141+riBX4/yIURnjjjbddUZ8SwvwzfTPikhzg70R
1EzMG9GELcuhZk/Qo03wz6o7WrUt6tvgO3xHfQnxnpD/XANcaFfqZGay34OIXan7
rMNiAWxptS5A2wOcvQkv9uPeVPW4RP0u5eG3/89/X7ZC+24B79CMkXXrS/1prkFv
b8aIbXWpJ3fg/7gcxzmfzx0nk6ClfIUgUARKz7tAPqYCA+2CA0U1GqWTPN0fZhPn
BHK2UOTYzck0h8kcVzKnWrmh1SmYcoXbIH0nOXhnnz4WagCsfwMS15v/u6Bmk1Q0
80OHYQGjEU0T7rm3X5Bl/OVI3PPPxrbsRB8yDRWrlGjupqMqE5AD6+KKBr1JOPq3
x6srY9dvNLd7hf/O43bxAsYbZ+H+IILxUH3NfOHI3aDcZjHOUslRwpzegeTwT+4C
Mb9ZGIRMXPUNH2FNV33L4JDK5ckVvEVPrXfDwHdGdlAWzzqWyJksRReaFZWbjg8w
MNQ9uaOOwf9NnzYhda4rmHGVDhJhKkr24msyjz/1Ana8/XEPtW0vwPkYAZECd7QE
K1Am0btPcCH8NakpxA/RlfPV1hbejjJ6N4QWmGksnEg3OPo4IgQ=
=7joH
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close