Debian Bug report logs -
#895778
jruby: Several security vulnerabilities
Package:
jruby;
Maintainer for jruby is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for jruby is src:jruby (PTS, buildd, popcon)
Reported by: Markus Koschany <apo@debianorg>
Date: Sun, 15 Apr 2018 20:45:05 UTC ...
Several security issues were fixed in Ruby ...
USN-3621-1 caused a regression in Ruby ...
Synopsis
Moderate: ruby security update
Type/Severity
Security Advisory: Moderate
Topic
An update for ruby is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ( ...
Synopsis
Important: rh-ruby24-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for rh-ruby24-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Synopsis
Moderate: ruby security update
Type/Severity
Security Advisory: Moderate
Topic
An update for ruby is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Solutions ...
Synopsis
Important: rh-ruby23-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for rh-ruby23-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Synopsis
Moderate: ruby security update
Type/Severity
Security Advisory: Moderate
Topic
An update for ruby is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Synopsis
Moderate: ruby security update
Type/Severity
Security Advisory: Moderate
Topic
An update for ruby is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ( ...
Synopsis
Important: rh-ruby25-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for rh-ruby25-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Several vulnerabilities were discovered in jruby, a Java
implementation of the Ruby programming language They would allow an
attacker to use specially crafted gem files to mount cross-site
scripting attacks, cause denial of service through an infinite loop,
write arbitrary files, or run malicious code
For the stable distribution (stretch), these ...
Several vulnerabilities have been discovered in the interpreter for the
Ruby language, which may result in incorrect processing of HTTP/FTP,
directory traversal, command injection, unintended socket creation or
information disclosure
This update also fixes several issues in RubyGems which could allow an
attacker to use specially crafted gem files ...
Path traversal when writing to a symlinked basedir outside of the rootRubyGems version Ruby 22 series: 229 and earlier, Ruby 23 series: 236 and earlier, Ruby 24 series: 243 and earlier, Ruby 25 series: 250 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of packagerb t ...
Path traversal when writing to a symlinked basedir outside of the rootRubyGems version Ruby 22 series: 229 and earlier, Ruby 23 series: 236 and earlier, Ruby 24 series: 243 and earlier, Ruby 25 series: 250 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of packagerb t ...
It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory (CVE-2018-8777)
It was found that the tmpdir and tempfile modules did no ...
RubyGems version Ruby 22 series: 229 and earlier, Ruby 23 series: 236 and earlier, Ruby 24 series: 243 and earlier, Ruby 25 series: 250 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation ...