Debian Bug report logs -
#1002995
ruby30: CVE-2021-41816 CVE-2021-41817 CVE-2021-41819
Package:
src:ruby30;
Maintainer for src:ruby30 is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 2 Jan 2022 14:18:01 UTC
Severity: grave
...
Several vulnerabilities have been discovered in the interpreter for the
Ruby language and the Rubygems included, which may result in
XML roundtrip attacks, the execution of arbitrary code, information
disclosure, StartTLS stripping in IMAP or denial of service
For the oldstable distribution (buster), these problems have been fixed
in version 255 ...
Several vulnerabilities have been discovered in the interpreter for
the Ruby language and the Rubygems included, which may result
in information disclosure or denial of service
For the stable distribution (bullseye), these problems have been fixed in
version 274-1+deb11u1
We recommend that you upgrade your ruby27 packages
For the detailed sec ...
Synopsis
Moderate: ruby:27 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:27 module is now available for Red Hat Enterprise Linux 8Red Hat Product Securi ...
Synopsis
Moderate: ruby:30 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:30 module is now available for Red Hat Enterprise Linux 8Red Hat Product Securi ...
Synopsis
Moderate: ruby:25 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:25 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update a ...
Synopsis
Moderate: rh-ruby27-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for rh-ruby27-ruby is now available for Red Hat Software CollectionsRed Hat Product Sec ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Secu ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update ...
Synopsis
Important: rh-ruby26-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for rh-ruby26-ruby is now available for Red Hat Software CollectionsRed Hat Product S ...
Synopsis
Moderate: rh-ruby30-ruby security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for rh-ruby30-ruby is now available for Red Hat Software CollectionsRed Hat Product Sec ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Secu ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Pr ...
CGIescape_html in Ruby before 275 and 3x before 303 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes This also affects the CGI gem before 031 for Ruby (CVE-2021-41816)
A flaw was found in ruby, where the date object was found to be ...
A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during the parsing of dates This flaw allows an attacker to hang a ruby application by providing a specially crafted date string The highest threat to this vulnerability is system availability (CVE-2021-41817)
CGI::Cookie ...
A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during the parsing of dates This flaw allows an attacker to hang a ruby application by providing a specially crafted date string The highest threat to this vulnerability is system availability (CVE-2021-41817) ...
In the Ruby "date" gem before versions 321, 312, 302, and 201, there is a regular expression denial of service vulnerability (ReDoS) on date parsing methods An attacker can exploit this vulnerability to cause an effective denial of service attack ...