Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Ubuntu 21.10 USN-5235-1 Moderate: Ruby Denial Of Service Risk

ubuntu
Calendar Grey January 18, 2022
Dist Ubuntu Esm H88
A fresh security patch for Ruby on Ubuntu tackles significant vulnerabilities impacting various releases. Urgent upgrade suggested.
Several security issues were fixed in Ruby.

Summary

Several security issues were fixed in Ruby.

Software Description:

- ruby2.7: Object-oriented scripting language

- ruby2.5: Object-oriented scripting language

- ruby2.3: Object-oriented scripting language

Details:

It was discovered that Ruby incorrectly handled certain HTML files.

An attacker could possibly use this issue to cause a crash. This

issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10.

(CVE-2021-41816)

It was discovered that Ruby incorrectly handled certain regular expressions.

An attacker could possibly use this issue to cause a regular expression

denial of service. (CVE-2021-41817)

It was discovered that Ruby incorrectly handled certain cookie names.

An attacker could possibly use this issue to access or expose

sensitive information. (CVE-2021-41819)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  ruby2.7                         2.7.4-1ubuntu3.1

Ubuntu 21.04:
  ruby2.7                         2.7.2-4ubuntu1.3

Ubuntu 20.04 LTS:
  ruby2.7                         2.7.0-5ubuntu1.6

Ubuntu 18.04 LTS:
  ruby2.5                         2.5.1-1ubuntu1.11

Ubuntu 16.04 ESM:
  ruby2.3                         2.3.1-2~ubuntu16.04.16+esm2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5235-1

CVE-2021-41816, CVE-2021-41817, CVE-2021-41819

January 18, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.