[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 4259-1] ruby2.3 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4259-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 31, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ruby2.3
CVE ID         : CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914 
                 CVE-2018-8777  CVE-2018-8778  CVE-2018-8779  CVE-2018-8780 
                 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075
		 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078
		 CVE-2018-1000079

Several vulnerabilities have been discovered in the interpreter for the
Ruby language, which may result in incorrect processing of HTTP/FTP,
directory traversal, command injection, unintended socket creation or
information disclosure.

This update also fixes several issues in RubyGems which could allow an
attacker to use specially crafted gem files to mount cross-site scripting
attacks, cause denial of service through an infinite loop, write arbitrary
files, or run malicious code.

For the stable distribution (stretch), these problems have been fixed in
version 2.3.3-1+deb9u3.

We recommend that you upgrade your ruby2.3 packages.

For the detailed security status of ruby2.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby2.3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltg1O8ACgkQEMKTtsN8
TjbbOg/+JRn/qERSOsiv+/IGd8jr9VMnggz12SM5A35cWsH/Z1UkuioW0BrwKCCy
syrYIPvcWXgsbe5IJ84uZEWR141+riBX4/yIURnjjjbddUZ8SwvwzfTPikhzg70R
1EzMG9GELcuhZk/Qo03wz6o7WrUt6tvgO3xHfQnxnpD/XANcaFfqZGay34OIXan7
rMNiAWxptS5A2wOcvQkv9uPeVPW4RP0u5eG3/89/X7ZC+24B79CMkXXrS/1prkFv
b8aIbXWpJ3fg/7gcxzmfzx0nk6ClfIUgUARKz7tAPqYCA+2CA0U1GqWTPN0fZhPn
BHK2UOTYzck0h8kcVzKnWrmh1SmYcoXbIH0nOXhnnz4WagCsfwMS15v/u6Bmk1Q0
80OHYQGjEU0T7rm3X5Bl/OVI3PPPxrbsRB8yDRWrlGjupqMqE5AD6+KKBr1JOPq3
x6srY9dvNLd7hf/O43bxAsYbZ+H+IILxUH3NfOHI3aDcZjHOUslRwpzegeTwT+4C
Mb9ZGIRMXPUNH2FNV33L4JDK5ckVvEVPrXfDwHdGdlAWzzqWyJksRReaFZWbjg8w
MNQ9uaOOwf9NnzYhda4rmHGVDhJhKkr24msyjz/1Ana8/XEPtW0vwPkYAZECd7QE
K1Am0btPcCH8NakpxA/RlfPV1hbejjJ6N4QWmGksnEg3OPo4IgQ=
=7joH
-----END PGP SIGNATURE-----


Reply to: