Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Debian: DLA-1114-1 Critical: Ruby 1.9 Buffer Overflow And DoS

debian lts
Calendar Grey September 26, 2017
Dist Debian Esm H88
Several vulnerabilities in the Ruby 1.9 interpreter have been resolved to enhance both security and reliability within Debian environments.
Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor

Summary

CVE-2017-0898

Buffer underrun vulnerability in Kernel.sprintf

CVE-2017-0899

ANSI escape sequence vulnerability

CVE-2017-0900

DOS vulernerability in the query command

CVE-2017-0901

gem installer allows a malicious gem to overwrite arbitrary files

CVE-2017-10784

Escape sequence injection vulnerability in the Basic
authentication of WEBrick

CVE-2017-14033

Buffer underrun vulnerability in OpenSSL ASN1 decode

CVE-2017-14064

Heap exposure vulnerability in generating JSON

For Debian 7 "Wheezy", these problems have been fixed in version
1.9.3.194-8.1+deb7u6.

We recommend that you upgrade your ruby1.9.1 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: ruby1.9.1
Version: 1.9.3.194-8.1+deb7u6
CVE ID: CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901
Debian Bug: 873802 873906 875928 875931 875936

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.