Several security issues were fixed in Ruby ...
Multiple vulnerabilities were discovered in the interpreter for the Ruby
language:
CVE-2015-9096
SMTP command injection in Net::SMTP
CVE-2016-7798
Incorrect handling of initialization vector in the GCM mode in the
OpenSSL extension
CVE-2017-0900
Denial of service in the RubyGems client
CVE-2017-0901
Potential file overwrite ...
IV Reuse in GCM Mode:The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism (CVE-2016-7798) ...
Debian Bug report logs -
#873906
ruby23: CVE-2017-14064
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 1 Sep 2017 05:27:01 UTC
Severity: grave
Tags: patch, security, upstream
Found in version ruby23/233 ...
Debian Bug report logs -
#875928
ruby23: CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Sep 2017 08:39:01 UTC
Severity: serious
Tags: s ...
Debian Bug report logs -
#842432
ruby23: CVE-2016-7798: IV Reuse in GCM Mode
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 29 Oct 2016 06:45:01 UTC
Severity: serious
Tags: fixed-upstream, patch, security, u ...
Debian Bug report logs -
#875931
ruby23: CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Sep 2017 08:51:04 UTC
...
Debian Bug report logs -
#873802
Multiple vulnerabilities in rubygems (CVE-2017-0899 to CVE-2017-0902)
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Raphael Hertzog <hertzog@debianorg>
Date: Thu, 31 Aug 2017 10:18:02 UTC
Severity: serious
Tags: security, ups ...
Debian Bug report logs -
#879231
ruby23: CVE-2017-0903: Unsafe object deserialization through YAML formatted gem specifications
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 20 Oct 2017 19:36:01 UTC
Severit ...
Debian Bug report logs -
#851161
ruby21: CVE-2016-2337 CVE-2016-2339
Package:
ruby21;
Maintainer for ruby21 is Antonio Terceiro <terceiro@debianorg>; Source for ruby21 is src:ruby21 (PTS, buildd, popcon)
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Thu, 12 Jan 2017 15:15:01 UTC
Severity: grave
Tags: ...
Debian Bug report logs -
#864860
ruby23: CVE-2015-9096: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 16 Jun 2017 07:21 ...
Debian Bug report logs -
#875936
ruby23: CVE-2017-0898: Buffer underrun vulnerability in Kernelsprintf
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Sep 2017 09:18:05 UTC
Severity: serious
Tags: securit ...
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism ...
Vulmon