Ubuntu Security Notice 3685-2 - USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem.
e7a582a1d121ff1533a65726ffe5c500c137492e966e1ec7c0aec8d1c81203b7Apple Security Advisory 2018-10-30-14 - macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan address buffer overflow, code execution, denial of service, information leakage, and null pointer vulnerabilities.
996555da303016be0beb91eec3d479423a2125bf6788c7b59011cb29ba6e0413Apple Security Advisory 2018-10-30-2 - macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address buffer overflow, code execution, denial of service, and information leakage vulnerabilities.
dd898f821c1c4cb27a0620ce5196317d76bde87c8c954f0aed14743d73203615Ubuntu Security Notice 3685-1 - Some of these CVEs were already addressed in previous USN: 3439-1, 3553-1, 3528-1. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. Various other issues were also addressed.
60f255fcb7dd889a143694b47735ea1ee2e3231d8c3486947620ea6096bc226bRed Hat Security Advisory 2018-0585-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby23-ruby, rh-ruby23-rubygems, rh-ruby23-rubygem-json, rh-ruby23-rubygem-minitest, rh-ruby23-rubygem-psych. Issues addressed include a code execution vulnerability.
32edc7a8e98876134eade824682c38c4747c8ccb99d1f61ad5768f31b8e2a899Red Hat Security Advisory 2018-0583-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby22-ruby, rh-ruby22-rubygems, rh-ruby22-rubygem-psych, rh-ruby22-rubygem-json. Issues addressed include a code execution vulnerability.
d58b91f41c3af49c25194b7dd7e8e121612b8c39301ad79038c25380fc087b1dRed Hat Security Advisory 2018-0378-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.
92370c4cfd0e580acedb86986981a012e6cb7e8f4c171eee4cd8f3ce7f67abe4Ubuntu Security Notice 3528-1 - It was discovered that Ruby incorrectly handled certain terminal emulator escape sequences. An attacker could use this to execute arbitrary code via a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Ruby incorrectly handled certain strings. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. Various other issues were also addressed.
88d323ec80f067827ae8c99ddded9ca9db51fec211fa2406a877e03ffa4a9ecbRed Hat Security Advisory 2017-3485-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby. Security Fix: A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.
b19febc2e65ff51a5e7e50e13c140bf754767a3fbfaae851f26d0fc137086b0bGentoo Linux Security Advisory 201710-18 - Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.2.8 are affected.
74182e2fa1de3051fe5a5e387c1c4a43e8c3561f268eef142677191cc11c3c11Ubuntu Security Notice 3439-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. Yusuke Endoh discovered that Ruby incorrectly handled certain files. An attacker could use this to execute terminal escape sequences. Yusuke Endoh discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a denial of service. Various other issues were also addressed.
8c6c4c94983dabc75dd50c50d1082bfaba6b7926affc9a8903806ee12dcbfb72Slackware Security Advisory - New ruby packages are available for Slackware 14.2 and -current to fix security issues.
be1ba25794f035e28999574213d415357807edc5768e3d15dc3461a14570466f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed