Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 23.10: USN-6853-1 Critical: Ruby Denial of Service Risk

ubuntu
Calendar Grey June 26, 2024
Dist Ubuntu Esm H88
Significant vulnerability in Ruby for Ubuntu systems may lead to application failures or reveal private data. Immediate updates recommended to reduce potential threats.
Ruby could be made to crash or expose sensitive information login if it processed certain strings.

Summary

Ruby could be made to crash or expose sensitive information login if it

processed certain strings.

Software Description:

- ruby3.1: Object-oriented scripting language

- ruby3.0: Object-oriented scripting language

- ruby2.7: Object-oriented scripting language

Details:

It was discovered that Ruby incorrectly handled the ungetbyte and ungetc

methods. A remote attacker could use this issue to cause Ruby to crash,

resulting in a denial of service, or possibly obtain sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10
   libruby3.1                      3.1.2-7ubuntu3.3
   ruby3.1                         3.1.2-7ubuntu3.3

Ubuntu 22.04 LTS
   libruby3.0                      3.0.2-7ubuntu2.7
   ruby3.0                         3.0.2-7ubuntu2.7

Ubuntu 20.04 LTS
   libruby2.7                      2.7.0-5ubuntu1.14
   ruby2.7                         2.7.0-5ubuntu1.14

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6853-1

CVE-2024-27280

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6853-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here