Ubuntu Security Notice 3685-1 - Some of these CVEs were already addressed in previous USN: 3439-1, 3553-1, 3528-1. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. Various other issues were also addressed.
8e3eaae5e55f5657e198a4d0014a7723Red Hat Security Advisory 2018-0585-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby23-ruby, rh-ruby23-rubygems, rh-ruby23-rubygem-json, rh-ruby23-rubygem-minitest, rh-ruby23-rubygem-psych. Issues addressed include a code execution vulnerability.
f0e2fe1165cabe24a29facc339a343b4Red Hat Security Advisory 2018-0583-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby22-ruby, rh-ruby22-rubygems, rh-ruby22-rubygem-psych, rh-ruby22-rubygem-json. Issues addressed include a code execution vulnerability.
abe8a58e8df4aee6784a9741e9ce7710Red Hat Security Advisory 2018-0378-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.
91a96a35a620b9a34ddbe39a2533462cUbuntu Security Notice 3553-1 - It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. Various other issues were also addressed.
9fbc460d38073ceb73302a8f256c5cbcRed Hat Security Advisory 2017-3485-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby. Security Fix: A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.
3600c3f840b4088b74aad6855538448cDebian Linux Security Advisory 4031-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language.
972ec8e478a4d320e8e4ad4533c5b816
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed