what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 4259-1

Debian Security Advisory 4259-1
Posted Aug 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4259-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure.

tags | advisory, web, vulnerability, info disclosure, ruby
systems | linux, debian
advisories | CVE-2017-17405, CVE-2017-17742, CVE-2017-17790, CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079, CVE-2018-6914, CVE-2018-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780
SHA-256 | d33343f810ff24dbefc65b8198d9e85d3209de1850624590fe3b6563d70fab27

Debian Security Advisory 4259-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4259-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 31, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby2.3
CVE ID : CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914
CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780
CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075
CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078
CVE-2018-1000079

Several vulnerabilities have been discovered in the interpreter for the
Ruby language, which may result in incorrect processing of HTTP/FTP,
directory traversal, command injection, unintended socket creation or
information disclosure.

This update also fixes several issues in RubyGems which could allow an
attacker to use specially crafted gem files to mount cross-site scripting
attacks, cause denial of service through an infinite loop, write arbitrary
files, or run malicious code.

For the stable distribution (stretch), these problems have been fixed in
version 2.3.3-1+deb9u3.

We recommend that you upgrade your ruby2.3 packages.

For the detailed security status of ruby2.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby2.3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltg1O8ACgkQEMKTtsN8
TjbbOg/+JRn/qERSOsiv+/IGd8jr9VMnggz12SM5A35cWsH/Z1UkuioW0BrwKCCy
syrYIPvcWXgsbe5IJ84uZEWR141+riBX4/yIURnjjjbddUZ8SwvwzfTPikhzg70R
1EzMG9GELcuhZk/Qo03wz6o7WrUt6tvgO3xHfQnxnpD/XANcaFfqZGay34OIXan7
rMNiAWxptS5A2wOcvQkv9uPeVPW4RP0u5eG3/89/X7ZC+24B79CMkXXrS/1prkFv
b8aIbXWpJ3fg/7gcxzmfzx0nk6ClfIUgUARKz7tAPqYCA+2CA0U1GqWTPN0fZhPn
BHK2UOTYzck0h8kcVzKnWrmh1SmYcoXbIH0nOXhnnz4WagCsfwMS15v/u6Bmk1Q0
80OHYQGjEU0T7rm3X5Bl/OVI3PPPxrbsRB8yDRWrlGjupqMqE5AD6+KKBr1JOPq3
x6srY9dvNLd7hf/O43bxAsYbZ+H+IILxUH3NfOHI3aDcZjHOUslRwpzegeTwT+4C
Mb9ZGIRMXPUNH2FNV33L4JDK5ckVvEVPrXfDwHdGdlAWzzqWyJksRReaFZWbjg8w
MNQ9uaOOwf9NnzYhda4rmHGVDhJhKkr24msyjz/1Ana8/XEPtW0vwPkYAZECd7QE
K1Am0btPcCH8NakpxA/RlfPV1hbejjJ6N4QWmGksnEg3OPo4IgQ=
=7joH
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close