what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 5066-1

Debian Security Advisory 5066-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5066-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service.

tags | advisory, denial of service, arbitrary, vulnerability, imap, info disclosure, ruby
systems | linux, debian
advisories | CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-41817, CVE-2021-41819
SHA-256 | 06fe6a239e4a0b70fe9ff726baf6486b9f36b1ff6318001480327005363f19d9

Debian Security Advisory 5066-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5066-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 03, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby2.5
CVE ID : CVE-2021-28965 CVE-2021-31799 CVE-2021-31810
CVE-2021-41817 CVE-2021-41819 CVE-2021-32066

Several vulnerabilities have been discovered in the interpreter for the
Ruby language and the Rubygems included, which may result on result in
XML roundtrip attacks, the execution of arbitrary code, information
disclosure, StartTLS stripping in IMAP or denial of service.

For the oldstable distribution (buster), these problems have been fixed
in version 2.5.5-3+deb10u4.

We recommend that you upgrade your ruby2.5 packages.

For the detailed security status of ruby2.5 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby2.5

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmH8KnkACgkQEMKTtsN8
TjbjRQ//fxv67xTROanUJfCRvAX1xWjQufJCKgs+hto3kvSdm/ONMVQNXqk4PxeH
Rm3lYbjz9b4Phc2jLUcO56AHX8eAY+ukiSg5Vy/gNxzGo8jgciIqSs2UpJO8CYW3
EIqKGf2uM7CgTh8ufjqtC1udxoD2TYyw1EkFwFHYYVmIlKNXW8ZBU6AdBCvz6hn5
MyiBjtf8DHXTP43SjEmDA9tRC4cQiKXkrcDdcGqyuesUUgX3y/u5Le1y2KdMhsnW
jv9X75YFcHHIrgT3zHKv5hPeLk0EpkD/llEiWyQzXe3YgAd7u6pe37m7HR51YlNR
+36gV0g0zHoOA5ODsPqDEBwDQl97Y/6R7rGCYgZ13b0zBNURUWSRIhrvEpgJoVoC
lEnGcq9B67oldYVi8cpfQ07rBjbRLPNmiVFZytG/V1/kXrM6HTYLha5/hj8s4NXA
N3P4eBmZAANzQRoKDB94ItghbzdfZb2OlH+3LICJikVsAwWjA0vxgCO9MHrX6Amn
n8+9Hgly+n2RZuCKu1gaOeORrESNNUj9CzUEXTUpoOStSbEdGSkjW2gMkTf1QhlL
1X4J6tCm7Gl9dmwSinIFRlCcnLcJb6fTUSwvPMWAuy2rVSvfbGlWuq0xT5txMP8x
b8p3aXahA1elN1Y253UzBvcnaJS0EigTgJZz2loUoV4GyEWD624=
=GDTs
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close