1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4721-1] ruby2.5 security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Jul 8 17:40:01 2020
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    July 08, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : ruby2.5
    CVE ID : CVE-2020-10663 CVE-2020-10933

    Several vulnerabilities have been discovered in the interpreter for the
    Ruby language.

    CVE-2020-10663

    Jeremy Evans reported an unsafe object creation vulnerability in the
    json gem bundled with Ruby. When parsing certain JSON documents, the
    json gem can be coerced into creating arbitrary objects in the
    target system.

    CVE-2020-10933

    Samuel Williams reported a flaw in the socket library which may lead
    to exposure of possibly sensitive data from the interpreter.

    For the stable distribution (buster), these problems have been fixed in
    version 2.5.5-3+deb10u2.

    We recommend that you upgrade your ruby2.5 packages.

    For the detailed security status of ruby2.5 please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/ruby2.5

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8F5jVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RT1Q/9EmtF3l9EwsTqV0RaU0CvycnypEEHk0vahqwtDKe5m1j13RlbhU5PfeNm n8E4pzw30+zROL8vxrCBQbAkBLACJOD9GwnA1G5mUnga1m49+5TyHEfPTFDsZHZ7 XqWuIJiQpOaPAi9xlywyqxji8OHPND2NNtCF1xk3Mpfk/7Y5JNJjFPnQnprfB4Hf c8AMjgmjV4ElJ60ALpXQzP7snVs4S+LA+Qb2O7V05u8zW0ytiEGTJNKrdG/+Rkrm XKUrEwPJLOU9DlR1JDXD491tOSYGiQdS/vWNQsyGKArpdDbhAUOybWZinD6ZG0KR L7atC327+eNDhpIKcmS4jMRnoQwjmlgPK6m0YwF4mKmyL4lWKwqCddDnIfr7jRSq bW3esnLJatEJiUbcSLpuBn0qO5f6HYb1iRhXJDQlPsuySIjObkn+rim9Bvo0NOQZ SZx74Rv1KX/kYpU4KcZyoygRuuWzl3pPYRj5BYJOViDGIcSKay4w7oypLjSWg7b3 BQfKQ7MbIVIXLk27fS/mOKpG0uXM5cer7LGnZSovl+KQmgp4gBdtCpuzat7Jz3YI tJDwDSjfhUQu8Uew+6bnvDUJ+zFEp/fEly2ueZFSYkkPmWPMcaI3OIk/Q2dLt5ZX gC+Vad6gT/C2UBYZCxxcBTHOcAlImTQ/JPCQMOGrvZM6t7QouuA=
    =rTdk
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)