Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

Ubuntu 22.04 LTS: USN-6219-1 Critical Ruby Denial of Service Advisory

ubuntu
Calendar Grey July 12, 2023
Dist Ubuntu Esm H88
The Ubuntu Security Announcement USN-6219-1 addresses vulnerabilities in Ruby that impact various Ubuntu versions.
Several security issues were fixed in Ruby.

Summary

Several security issues were fixed in Ruby.

Software Description:

- ruby3.1: Interpreter of object-oriented scripting language Ruby

- ruby3.0: Interpreter of object-oriented scripting language Ruby

- ruby2.7: Object-oriented scripting language

- ruby2.5: Object-oriented scripting language

- ruby2.3: Object-oriented scripting language

Details:

It was discovered that Ruby incorrectly handled certain regular expressions.

An attacker could possibly use this issue to cause a denial of service.

This issue only affected Ubuntu 20.10 and Ubuntu 20.04 LTS.

(CVE-2023-28755)

It was discovered that Ruby incorrectly handled certain regular expressions.

An attacker could possibly use this issue to cause a denial of service.

This issue exists because of an incomplete fix for CVE-2023-28755.

(CVE-2023-36617)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
  libruby3.1                      3.1.2-6ubuntu0.23.04.2
  ruby3.1                         3.1.2-6ubuntu0.23.04.2

Ubuntu 22.10:
  libruby3.0                      3.0.4-7ubuntu0.2
  ruby3.0                         3.0.4-7ubuntu0.2

Ubuntu 22.04 LTS:
  libruby3.0                      3.0.2-7ubuntu2.4
  ruby3.0                         3.0.2-7ubuntu2.4

Ubuntu 20.04 LTS:
  libruby2.7                      2.7.0-5ubuntu1.12
  ruby2.7                         2.7.0-5ubuntu1.12

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  libruby2.5                      2.5.1-1ubuntu1.16+esm1
  ruby2.5                         2.5.1-1ubuntu1.16+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  libruby2.3                      2.3.1-2~ubuntu16.04.16+esm8
  ruby2.3                         2.3.1-2~ubuntu16.04.16+esm8

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6219-1

CVE-2023-28755, CVE-2023-36617

Severity
critical
Lowest
Low
Medium
High
Critical

July 12, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.