CVE-2018-8779

Several security issues were fixed in Ruby ...

Synopsis Important: rh-ruby24-ruby security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for rh-ruby24-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...

Synopsis Important: rh-ruby23-ruby security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for rh-ruby23-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...

Synopsis Moderate: ruby security update Type/Severity Security Advisory: Moderate Topic An update for ruby is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...

Synopsis Important: rh-ruby25-ruby security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for rh-ruby25-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure This update also fixes several issues in RubyGems which could allow an attacker to use specially crafted gem files ...

It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory (CVE-2018-8777) It was found that the tmpdir and tempfile modules did no ...

Path traversal when writing to a symlinked basedir outside of the rootRubyGems version Ruby 22 series: 229 and earlier, Ruby 23 series: 236 and earlier, Ruby 24 series: 243 and earlier, Ruby 25 series: 250 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of packagerb t ...

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script ...