1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4259-1] ruby2.3 security update

    From Moritz Muehlenhoff@1:229/2 to All on Tue Jul 31 23:50:01 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4259-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff
    July 31, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : ruby2.3
    CVE ID : CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914
    CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780
    CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075
    CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078
    CVE-2018-1000079

    Several vulnerabilities have been discovered in the interpreter for the
    Ruby language, which may result in incorrect processing of HTTP/FTP,
    directory traversal, command injection, unintended socket creation or information disclosure.

    This update also fixes several issues in RubyGems which could allow an
    attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.

    For the stable distribution (stretch), these problems have been fixed in version 2.3.3-1+deb9u3.

    We recommend that you upgrade your ruby2.3 packages.

    For the detailed security status of ruby2.3 please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/ruby2.3

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltg1O8ACgkQEMKTtsN8 TjbbOg/+JRn/qERSOsiv+/IGd8jr9VMnggz12SM5A35cWsH/Z1UkuioW0BrwKCCy syrYIPvcWXgsbe5IJ84uZEWR141+riBX4/yIURnjjjbddUZ8SwvwzfTPikhzg70R 1EzMG9GELcuhZk/Qo03wz6o7WrUt6tvgO3xHfQnxnpD/XANcaFfqZGay34OIXan7 rMNiAWxptS5A2wOcvQkv9uPeVPW4RP0u5eG3/89/X7ZC+24B79CMkXXrS/1prkFv b8aIbXWpJ3fg/7gcxzmfzx0nk6ClfIUgUARKz7tAPqYCA+2CA0U1GqWTPN0fZhPn BHK2UOTYzck0h8kcVzKnWrmh1SmYcoXbIH0nOXhnnz4WagCsfwMS15v/u6Bmk1Q0 80OHYQGjEU0T7rm3X5Bl/OVI3PPPxrbsRB8yDRWrlGjupqMqE5AD6+KKBr1JOPq3 x6srY9dvNLd7hf/O43bxAsYbZ+H+IILxUH3NfOHI3aDcZjHOUslRwpzegeTwT+4C Mb9ZGIRMXPUNH2FNV33L4JDK5ckVvEVPrXfDwHdGdlAWzzqWyJksRReaFZWbjg8w MNQ9uaOOwf9NnzYhda4rmHGVDhJhKkr24msyjz/1Ana8/XEPtW0vwPkYAZECd7QE K1Am0btPcCH8NakpxA/RlfPV1hbejjJ6N4QWmGksnEg3OPo4IgQ=
    =7joH
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)