What Are You Looking For?

Sign Up

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4721-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 08, 2020                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ruby2.5
CVE ID         : CVE-2020-10663 CVE-2020-10933

Several vulnerabilities have been discovered in the interpreter for the
Ruby language.

CVE-2020-10663

    Jeremy Evans reported an unsafe object creation vulnerability in the
    json gem bundled with Ruby. When parsing certain JSON documents, the
    json gem can be coerced into creating arbitrary objects in the
    target system.

CVE-2020-10933

    Samuel Williams reported a flaw in the socket library which may lead
    to exposure of possibly sensitive data from the interpreter.

For the stable distribution (buster), these problems have been fixed in
version 2.5.5-3+deb10u2.

We recommend that you upgrade your ruby2.5 packages.

For the detailed security status of ruby2.5 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/ruby2.5

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-4721-1: ruby2.5 security update

July 8, 2020
Several vulnerabilities have been discovered in the interpreter for the Ruby language

Summary

CVE-2020-10663

Jeremy Evans reported an unsafe object creation vulnerability in the
json gem bundled with Ruby. When parsing certain JSON documents, the
json gem can be coerced into creating arbitrary objects in the
target system.

CVE-2020-10933

Samuel Williams reported a flaw in the socket library which may lead
to exposure of possibly sensitive data from the interpreter.

For the stable distribution (buster), these problems have been fixed in
version 2.5.5-3+deb10u2.

We recommend that you upgrade your ruby2.5 packages.

For the detailed security status of ruby2.5 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/ruby2.5

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Several vulnerabilities have been discovered in the interpreter for the
Ruby language.

Related News

Python’s New Security Developer Has Plans to Secure the Language

Nov 26, 2023

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Critical Exim RCE, Info Disclosure Bugs Fixed

Oct 8, 2023

Critical Node.js Info Disclosure, Code Execution Bugs Fixed

Oct 5, 2023

News

Advisories

HOWTOs

Features

A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug
Cyber Law in the Realm of Open-Source Software Security

About Us

Powered By

Footer Logo