========================================================================== Ubuntu Security Notice USN-6055-1 May 04, 2023 ruby2.3, ruby2.5, ruby2.7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Ruby. Software Description: - ruby2.7: Object-oriented scripting language - ruby2.5: Object-oriented scripting language - ruby2.3: Object-oriented scripting language Details: It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-28755) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue is being addressed only for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-28756) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libruby2.7 2.7.0-5ubuntu1.9 ruby2.7 2.7.0-5ubuntu1.9 Ubuntu 18.04 LTS: libruby2.5 2.5.1-1ubuntu1.14 ruby2.5 2.5.1-1ubuntu1.14 Ubuntu 16.04 ESM: libruby2.3 2.3.1-2~ubuntu16.04.16+esm5 ruby2.3 2.3.1-2~ubuntu16.04.16+esm5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6055-1 CVE-2023-28755, CVE-2023-28756 Package Information: https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.9 https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.14
Ubuntu 6055-1: Ruby vulnerabilities
May 4, 2023
Several security issues were fixed in Ruby.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Ruby. Software Description: - ruby2.7: Object-oriented scripting language - ruby2.5: Object-oriented scripting language - ruby2.3: Object-oriented scripting language Details: It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-28755) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue is being addressed only for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-28756)
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libruby2.7 2.7.0-5ubuntu1.9 ruby2.7 2.7.0-5ubuntu1.9 Ubuntu 18.04 LTS: libruby2.5 2.5.1-1ubuntu1.14 ruby2.5 2.5.1-1ubuntu1.14 Ubuntu 16.04 ESM: libruby2.3 2.3.1-2~ubuntu16.04.16+esm5 ruby2.3 2.3.1-2~ubuntu16.04.16+esm5 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6055-1
CVE-2023-28755, CVE-2023-28756
Severity
Ubuntu Security Notice USN-6055-1
Package Information
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.9 https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.14
News
HOWTOs
About Us
Powered By
