Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Fedora 26: 2017-6e6f4f95e6 Moderate: Ruby Escape Sequence Vulnerability

fedora
Calendar Grey December 26, 2017
Dist Fedora Esm H88
The recent upgrade to Ruby 2.4.2 addresses several concerns, particularly focusing on resolution of escape sequences and mitigating buffer underrun vulnerabilities found in Fedora.
Update to Ruby 2.4.2.

Summary

Ruby is the interpreted scripting language for quick and easy

object-oriented programming. It has many features to process text

files and to do system management tasks (as in Perl). It is simple,

straight-forward, and extensible.

Update to Ruby 2.4.2.

[ 1 ] Bug #1491866 - CVE-2017-14033 ruby: Buffer underrun in OpenSSL ASN1 decode

https://bugzilla.redhat.com/show_bug.cgi?id=1491866

[ 2 ] Bug #1492012 - CVE-2017-10784 ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick

https://bugzilla.redhat.com/show_bug.cgi?id=1492012

[ 3 ] Bug #1492015 - CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf

https://bugzilla.redhat.com/show_bug.cgi?id=1492015

su -c 'dnf upgrade ruby' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Product: Fedora 26
Version: 2.4.2
Release: 84.fc26
Summary: An interpreter of object-oriented scripting language

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.