Ubuntu Security Notice 3685-2 - USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem.
e7a582a1d121ff1533a65726ffe5c500c137492e966e1ec7c0aec8d1c81203b7Ubuntu Security Notice 3685-1 - Some of these CVEs were already addressed in previous USN: 3439-1, 3553-1, 3528-1. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. Various other issues were also addressed.
60f255fcb7dd889a143694b47735ea1ee2e3231d8c3486947620ea6096bc226bRed Hat Security Advisory 2018-0585-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby23-ruby, rh-ruby23-rubygems, rh-ruby23-rubygem-json, rh-ruby23-rubygem-minitest, rh-ruby23-rubygem-psych. Issues addressed include a code execution vulnerability.
32edc7a8e98876134eade824682c38c4747c8ccb99d1f61ad5768f31b8e2a899Red Hat Security Advisory 2018-0583-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby22-ruby, rh-ruby22-rubygems, rh-ruby22-rubygem-psych, rh-ruby22-rubygem-json. Issues addressed include a code execution vulnerability.
d58b91f41c3af49c25194b7dd7e8e121612b8c39301ad79038c25380fc087b1dRed Hat Security Advisory 2018-0378-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.
92370c4cfd0e580acedb86986981a012e6cb7e8f4c171eee4cd8f3ce7f67abe4Ubuntu Security Notice 3553-1 - It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. Various other issues were also addressed.
5d7b3fe0f4c71c7da1067a7580faf6ed442b66169a1f2a91718bc27f05851223Red Hat Security Advisory 2017-3485-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby. Security Fix: A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.
b19febc2e65ff51a5e7e50e13c140bf754767a3fbfaae851f26d0fc137086b0bGentoo Linux Security Advisory 201710-1 - Multiple vulnerabilities were found in RubyGems, the worst of which allows execution of arbitrary code. Versions less than 2.6.13 are affected.
6e7485c37a04b2d7d031b2eb0f5241710117c1abae047a29ed83df7b3e5e77d8Ubuntu Security Notice 3439-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. Yusuke Endoh discovered that Ruby incorrectly handled certain files. An attacker could use this to execute terminal escape sequences. Yusuke Endoh discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a denial of service. Various other issues were also addressed.
8c6c4c94983dabc75dd50c50d1082bfaba6b7926affc9a8903806ee12dcbfb72Slackware Security Advisory - New ruby packages are available for Slackware 14.2 and -current to fix security issues.
be1ba25794f035e28999574213d415357807edc5768e3d15dc3461a14570466fRubyGems versions prior to 2.6.13 suffer from an arbitrary file overwrite vulnerability.
5f0b5ac5db21edcc3e5c32e56de1609e34f4b58dbabc2dc6559d4ca4c790e216
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed