Several vulnerabilities have been discovered in the interpreter for the
Ruby language The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2017-0898
aerodudrizzt reported a buffer underrun vulnerability in the sprintf
method of the Kernel module resulting in heap memory corruption or
information disc ...
Synopsis
Moderate: rh-ruby24-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for rh-ruby24-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerab ...
Synopsis
Important: rh-ruby23-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for rh-ruby23-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Synopsis
Important: ruby security update
Type/Severity
Security Advisory: Important
Topic
An update for ruby is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: rh-ruby22-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for rh-ruby22-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Several security issues were fixed in Ruby ...
Several security issues were fixed in Ruby ...
Several security issues were fixed in Ruby ...
Debian Bug report logs -
#875928
ruby23: CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Sep 2017 08:39:01 UTC
Severity: serious
Tags: s ...
Debian Bug report logs -
#875931
ruby23: CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Sep 2017 08:51:04 UTC
...
Debian Bug report logs -
#879231
ruby23: CVE-2017-0903: Unsafe object deserialization through YAML formatted gem specifications
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 20 Oct 2017 19:36:01 UTC
Severit ...
Debian Bug report logs -
#875936
ruby23: CVE-2017-0898: Buffer underrun vulnerability in Kernelsprintf
Package:
src:ruby23;
Maintainer for src:ruby23 is Antonio Terceiro <terceiro@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Sep 2017 09:18:05 UTC
Severity: serious
Tags: securit ...
Arbitrary heap exposure during a JSONgenerate callRuby through 227, 23x through 234, and 24x through 241 can expose arbitrary memory during a JSONgenerate call The issues lies in using strdup in ext/json/ext/generator/generatorc, which will stop after encountering a '\\0' byte, returning a pointer to a string of length zero, which is ...
SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTPA SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands An attacker could potentially use this flaw to inject SMTP commands in a SMTP session in order to facilitate phishing attacks or spam campa ...
It was found that WEBrick did not sanitize all its log messages If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences ...