Multiple vulnerabilities were discovered in the interpreter for the Ruby
language:
CVE-2015-9096
SMTP command injection in Net::SMTP
CVE-2016-7798
Incorrect handling of initialization vector in the GCM mode in the
OpenSSL extension
CVE-2017-0900
Denial of service in the RubyGems client
CVE-2017-0901
Potential file overwrite ...
Synopsis
Moderate: rh-ruby24-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for rh-ruby24-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerab ...
Synopsis
Important: rh-ruby23-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for rh-ruby23-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Synopsis
Important: ruby security update
Type/Severity
Security Advisory: Important
Topic
An update for ruby is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: rh-ruby22-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for rh-ruby22-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Several security issues were fixed in Ruby ...
Several security issues were fixed in Ruby ...
Several security issues were fixed in Ruby ...
Debian Bug report logs -
#873906
ruby23: CVE-2017-14064
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 1 Sep 2017 05:27:01 UTC
Severity: grave
Tags: patch, security, upstream
Found in version ruby23/233 ...
Debian Bug report logs -
#875928
ruby23: CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Sep 2017 08:39:01 UTC
Severity: serious
Tags: s ...
Debian Bug report logs -
#842432
ruby23: CVE-2016-7798: IV Reuse in GCM Mode
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 29 Oct 2016 06:45:01 UTC
Severity: serious
Tags: fixed-upstream, patch, security, u ...
Debian Bug report logs -
#875931
ruby23: CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Sep 2017 08:51:04 UTC
...
Debian Bug report logs -
#873802
Multiple vulnerabilities in rubygems (CVE-2017-0899 to CVE-2017-0902)
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Raphael Hertzog <hertzog@debianorg>
Date: Thu, 31 Aug 2017 10:18:02 UTC
Severity: serious
Tags: security, ups ...
Debian Bug report logs -
#879231
ruby23: CVE-2017-0903: Unsafe object deserialization through YAML formatted gem specifications
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 20 Oct 2017 19:36:01 UTC
Severit ...
Debian Bug report logs -
#864860
ruby23: CVE-2015-9096: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 16 Jun 2017 07:21 ...
Debian Bug report logs -
#875936
ruby23: CVE-2017-0898: Buffer underrun vulnerability in Kernelsprintf
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Sep 2017 09:18:05 UTC
Severity: serious
Tags: securit ...
Arbitrary heap exposure during a JSONgenerate callRuby through 227, 23x through 234, and 24x through 241 can expose arbitrary memory during a JSONgenerate call The issues lies in using strdup in ext/json/ext/generator/generatorc, which will stop after encountering a '\\0' byte, returning a pointer to a string of length zero, which is ...
SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTPA SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands An attacker could potentially use this flaw to inject SMTP commands in a SMTP session in order to facilitate phishing attacks or spam campa ...
It was found that rubygems did not sanitize gem names during installation of a given gem A specially crafted gem could use this flaw to install files outside of the regular directory ...