Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 18.04 LTS, USN-6838-2: Critical Ruby Execution Risk

ubuntu
Calendar Grey February 10, 2025
Dist Ubuntu Esm H88
Secure your Ubuntu Ruby packages against vulnerabilities that can lead to arbitrary code execution by following these essential steps for updating and verifying installations
Ruby could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

Ruby could be made to crash or run programs as your login if it

opened a specially crafted file.

Software Description:

- ruby2.5: Object-oriented scripting language

- ruby2.3: Object-oriented scripting language

Details:

USN-6838-1 fixed CVE-2024-27281 in Ruby 2.7, Ruby 3.0, Ruby 3.1,

and Ruby 3.2. This update provides the corresponding updates for

Ruby 2.3 and Ruby 2.5.

Original advisory details:

 It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If

 a user or automated system were tricked into parsing a specially crafted

 .rdoc_options file, a remote attacker could possibly use this issue to

 execute arbitrary code. (CVE-2024-27281)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
   libruby2.5                      2.5.1-1ubuntu1.16+esm3
                                   Available with Ubuntu Pro
   ruby2.5                         2.5.1-1ubuntu1.16+esm3
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   libruby2.3                      2.3.1-2~ubuntu16.04.16+esm9
                                   Available with Ubuntu Pro
   ruby2.3                         2.3.1-2~ubuntu16.04.16+esm9
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6838-2

https://ubuntu.com/security/notices/USN-6838-1

  CVE-2024-27281

Severity
critical
Lowest
Low
Medium
High
Critical

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here