Several security issues were fixed in Ruby ...
Multiple vulnerabilities were discovered in the interpreter for the Ruby
language:
CVE-2015-9096
SMTP command injection in Net::SMTP
CVE-2016-7798
Incorrect handling of initialization vector in the GCM mode in the
OpenSSL extension
CVE-2017-0900
Denial of service in the RubyGems client
CVE-2017-0901
Potential file overwrite ...
Debian Bug report logs -
#873906
ruby23: CVE-2017-14064
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 1 Sep 2017 05:27:01 UTC
Severity: grave
Tags: patch, security, upstream
Found in version ruby23/233 ...
Debian Bug report logs -
#875928
ruby23: CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Sep 2017 08:39:01 UTC
Severity: serious
Tags: s ...
Debian Bug report logs -
#842432
ruby23: CVE-2016-7798: IV Reuse in GCM Mode
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 29 Oct 2016 06:45:01 UTC
Severity: serious
Tags: fixed-upstream, patch, security, u ...
Debian Bug report logs -
#875931
ruby23: CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Sep 2017 08:51:04 UTC
...
Debian Bug report logs -
#873802
Multiple vulnerabilities in rubygems (CVE-2017-0899 to CVE-2017-0902)
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Raphael Hertzog <hertzog@debianorg>
Date: Thu, 31 Aug 2017 10:18:02 UTC
Severity: serious
Tags: security, ups ...
Debian Bug report logs -
#879231
ruby23: CVE-2017-0903: Unsafe object deserialization through YAML formatted gem specifications
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 20 Oct 2017 19:36:01 UTC
Severit ...
Debian Bug report logs -
#864860
ruby23: CVE-2015-9096: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 16 Jun 2017 07:21 ...
Debian Bug report logs -
#875936
ruby23: CVE-2017-0898: Buffer underrun vulnerability in Kernelsprintf
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Sep 2017 09:18:05 UTC
Severity: serious
Tags: securit ...
SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTPA SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands An attacker could potentially use this flaw to inject SMTP commands in a SMTP session in order to facilitate phishing attacks or spam campa ...
A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands An attacker could potentially use this flaw to inject SMTP commands in a SMTP session in order to facilitate phishing attacks or spam campaigns ...