Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Debian 8: DLA-1421-1 Moderate: Ruby2.1 Multiple Risks Found

debian lts
Calendar Grey July 14, 2018
Dist Debian Esm H88
Urgent action required: Multiple Ruby interpreter vulnerabilities. Upgrade ruby2.1 to protect your Debian system now.
Multiple vulnerabilities were found in the interpreter for the Ruby language

Summary

SMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO
or MAIL FROM command.

CVE-2016-2339

Exploitable heap overflow in Fiddle::Function.new.

CVE-2016-7798

Incorrect handling of initialization vector in the GCM mode in the
OpenSSL extension.

CVE-2017-0898

Buffer underrun vulnerability in Kernel.sprintf.

CVE-2017-0899

ANSI escape sequence vulnerability in RubyGems.

CVE-2017-0900

DoS vulnerability in the RubyGems query command.

CVE-2017-0901

gem installer allowed a malicious gem to overwrite arbitrary files.

CVE-2017-0902

RubyGems DNS request hijacking vulnerability.

CVE-2017-0903

Max Justicz reported that RubyGems is prone to an unsafe object
deserialization vulnerability. When parsed by an application which
processes gems, a specially crafted YAML formatted gem specification
can lead to remote code execution.

CVE-2017-10784

Yusuke Endoh discovered an escape sequence injection vulnerability in

Read the Full Advisory


<pre><font face="Courier">Package: ruby2.1
Version: 2.1.5-2+deb8u4
CVE ID: CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898
Debian Bug: 851161

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here