Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

Ubuntu: USN-3808-1 Critical: Ruby Certificate Bypass and Code Issue

ubuntu
Calendar Grey November 5, 2018
Dist Ubuntu Esm H88
Multiple vulnerabilities detected in Python running on Debian demand prompt action for patches to avert potential threats.
Several security issues were fixed in Ruby.

Summary

Several security issues were fixed in Ruby.

Software Description:

- ruby2.5: Interpreter of object-oriented scripting language Ruby

- ruby2.3: Object-oriented scripting language

- ruby1.9.1: Object-oriented scripting language

- ruby2.0: Object-oriented scripting language

Details:

It was discovered that Ruby incorrectly handled certain X.509

certificates. An attacker could possibly use this issue to

bypass the certificate check. (CVE-2018-16395)

It was discovered that Ruby incorrectly handled certain

inputs. An attacker could possibly use this issue to execute

arbitrary code. (CVE-2018-16396)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  libruby2.5                      2.5.1-5ubuntu4.1
  ruby2.5                         2.5.1-5ubuntu4.1

Ubuntu 18.04 LTS:
  libruby2.5                      2.5.1-1ubuntu1.1
  ruby2.5                         2.5.1-1ubuntu1.1

Ubuntu 16.04 LTS:
  libruby2.3                      2.3.1-2~16.04.11
  ruby2.3                         2.3.1-2~16.04.11

Ubuntu 14.04 LTS:
  libruby1.9.1                    1.9.3.484-2ubuntu1.13
  libruby2.0                      2.0.0.484-1ubuntu2.11
  ruby1.9.1                       1.9.3.484-2ubuntu1.13
  ruby1.9.3                       1.9.3.484-2ubuntu1.13
  ruby2.0                         2.0.0.484-1ubuntu2.11

In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-3808-1

  CVE-2018-16395, CVE-2018-16396

Severity
critical
Lowest
Low
Medium
High
Critical

November 05, 2018

Package Information

  https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-5ubuntu4.1
  https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~16.04.11
  https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.484-2ubuntu1.13
  https://launchpad.net/ubuntu/+source/ruby2.0/2.0.0.484-1ubuntu2.11

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.