1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4219-1] jruby security update

    From Sebastien Delafond@1:229/2 to All on Fri Jun 8 11:40:01 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4219-1 [email protected] https://www.debian.org/security/ Sebastien Delafond
    June 08, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : jruby
    CVE ID : CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076
    CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079
    Debian Bug : 895778

    Several vulnerabilities were discovered in jruby, a Java
    implementation of the Ruby programming language. They would allow an
    attacker to use specially crafted gem files to mount cross-site
    scripting attacks, cause denial of service through an infinite loop,
    write arbitrary files, or run malicious code.

    For the stable distribution (stretch), these problems have been fixed in version 1.7.26-1+deb9u1.

    We recommend that you upgrade your jruby packages.

    In addition, this message serves as an announcement that security
    support for jruby in the Debian 8 oldstable release (jessie) is now discontinued.

    Users of jruby in Debian 8 that want security updates are strongly
    encouraged to upgrade now to the current Debian 9 stable release
    (stretch).

    For the detailed security status of jruby please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/jruby

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlsaS+EACgkQEL6Jg/PV nWS8Jgf+LHR9BYS8ZelTjDsbTy87E4DKALqLWORN+12IhLMOAYqM02RJsH6tgOvj nASVwqjKvOymnPAf+80dBU9VHY7vkNFryglhubUagHg+OqWHCg2Ovpm0JgR91nT2 TnFIGOvDpHmPqrTQ+yiDqsEC5E4ABveVbJ7uARQKZ3o4x5Gf8h+AnFZbNyZF9L4J d53EzgUKBU+8SEqla1jchqErxg1yBvzCpDHI3SsdX+P+Ofa2tH8slSt4Qy8KHqcS c9YGevgJLfl8ClqlST0hxYgNZhAxCJOocTUUnpBq1KKKx/PM1sW4w5+ynBHTuQoO dnK5UGVKVgRu6nVgY5pZ0mcUtIhC+g==
    =N+5Z
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)