CVE-2016-2337

Related Files

Gentoo Linux Security Advisory 201710-18

Posted Oct 17, 2017

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-18 - Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.2.8 are affected.

tags | advisory, remote, arbitrary, vulnerability, ruby

systems | linux, gentoo

advisories | CVE-2016-2337, CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064

SHA-256 | 74182e2fa1de3051fe5a5e387c1c4a43e8c3561f268eef142677191cc11c3c11

Download | Favorite | View

Ubuntu Security Notice USN-3365-1

Posted Jul 25, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3365-1 - It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. This issue only applied to Ubuntu 14.04 LTS. Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly handled certain crafted strings. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, ruby

systems | linux, ubuntu

advisories | CVE-2009-5147, CVE-2015-1855, CVE-2015-7551, CVE-2015-9096, CVE-2016-2337, CVE-2016-2339, CVE-2016-7798

SHA-256 | d9c893a22d5c169a8dba5385ae2f48c95bb57c3652df1066df59f1b32a5c6be2

Download | Favorite | View