Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Ubuntu 14.04 ESM USN-3685-2 Moderate: Ruby Code Execution Threat

ubuntu
Calendar Grey March 25, 2021
Dist Ubuntu Esm H88
The vulnerabilities in Ruby on Ubuntu 14.04 ESM have been resolved with USN-3685-2, which tackles a variety of security concerns associated with the Ruby programming language.
USN-3685-1 introduced a regression in Ruby.

Summary

USN-3685-1 introduced a regression in Ruby.

Software Description:

- ruby2.0: Object-oriented scripting language

Details:

USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced

a regression in Ruby. This update fixes the problem.

Original advisory details:

Some of these CVE were already addressed in previous

USN: 3439-1, 3553-1, 3528-1. Here we address for

the remain releases.

It was discovered that Ruby incorrectly handled certain inputs.

An attacker could use this to cause a buffer overrun. (CVE-2017-0898)

It was discovered that Ruby incorrectly handled certain files.

An attacker could use this to overwrite any file on the filesystem.

(CVE-2017-0901)

It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability.

An attacker could use this to possibly force the RubyGems client to download

and install gems from a server that the attacker controls. (CVE-2017-0902)

It was discovered that Ruby incorrectly handled certain YAML files.

An att...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  libruby2.0                      2.0.0.484-1ubuntu2.13+esm1
  ruby2.0                         2.0.0.484-1ubuntu2.13+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3685-2

https://ubuntu.com/security/notices/USN-3685-1

CVE-2017-0903, https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1777174

Severity
important
Lowest
Low
Medium
High
Critical

March 25, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.