Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in Ruby.
Software Description:
- ruby2.3: Object-oriented scripting language
Details:
It was discovered that the Net::IMAP client in Ruby did not properly
sanitize Symbol arguments passed to IMAP commands. A remote attacker
controlling a malicious IMAP server, or able to influence command
arguments, could use this to inject arbitrary IMAP commands via CRLF
sequences. (CVE-2026-42258)
It was discovered that the Zlib::GzipReader in Ruby did not correctly
ensure sufficient buffer capacity in the zstream_buffer_ungets function.
An attacker could use this to craft a gzip stream that, when processed,
could cause a buffer overflow, resulting in memory corruption and possibly
arbitrary code execution. (CVE-2026-27820)
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
libruby2.3 2.3.1-2~ubuntu16.04.16+esm15
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-8556-1
CVE-2026-27820, CVE-2026-42258
Get the latest Linux and open source security news straight to your inbox.