Debian Bug report logs -
#990815
ruby27: CVE-2021-31799 CVE-2021-31810 CVE-2021-32066
Package:
src:ruby27;
Maintainer for src:ruby27 is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>;
Reported by: Moritz Mühlenhoff <jmm@inutilorg>
Date: Thu, 8 Jul 2021 09:06:02 UTC
Severity: grave
Tags: ...
Several vulnerabilities have been discovered in the interpreter for the
Ruby language and the Rubygems included, which may result in
XML roundtrip attacks, the execution of arbitrary code, information
disclosure, StartTLS stripping in IMAP or denial of service
For the oldstable distribution (buster), these problems have been fixed
in version 255 ...
Synopsis
Moderate: ruby:25 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:25 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update a ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Secu ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update ...
Synopsis
Important: rh-ruby26-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for rh-ruby26-ruby is now available for Red Hat Software CollectionsRed Hat Product S ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Secu ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Pr ...
An issue was discovered in Ruby through 267, 27x through 273, and 3x through 301 A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port This potentially makes curl extract information about services that are otherwise private and not disclosed (eg, the attacker can conduct ...
An issue was discovered in Ruby through 267, 27x through 273, and 3x through 301 A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port This potentially makes curl extract information about services that are otherwise private and not disclosed (eg, the attacker can conduct ...
No description is available for this CVE ...
A security issue has been discovered in Ruby before versions 302, 274 and 268 A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port This potentially makes Net::FTP extract information about services that are otherwise private and not disclosed (eg, the attacker can conduct p ...