Commit f2b1c8c8 authored by Lev Lamberov's avatar Lev Lamberov

[SECURITY] [DSA 4259-1] ruby2.3 security update

parent 6d656e2a
<define-tag pagetitle>DSA-4259-1 ruby2.3</define-tag>
<define-tag report_date>2018-7-31</define-tag>
<define-tag secrefs>CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079</define-tag>
<define-tag packages>ruby2.3</define-tag>
<define-tag isvulnerable>yes</define-tag>
<define-tag fixed>yes</define-tag>
<define-tag fixed-section>no</define-tag>
#use wml::debian::security
</dl>
<define-tag description>security update</define-tag>
<define-tag moreinfo>
<p>Several vulnerabilities have been discovered in the interpreter for the
Ruby language, which may result in incorrect processing of HTTP/FTP,
directory traversal, command injection, unintended socket creation or
information disclosure.</p>
<p>This update also fixes several issues in RubyGems which could allow an
attacker to use specially crafted gem files to mount cross-site scripting
attacks, cause denial of service through an infinite loop, write arbitrary
files, or run malicious code.</p>
<p>For the stable distribution (stretch), these problems have been fixed in
version 2.3.3-1+deb9u3.</p>
<p>We recommend that you upgrade your ruby2.3 packages.</p>
<p>For the detailed security status of ruby2.3 please refer to
its security tracker page at:
<a href="https://security-tracker.debian.org/tracker/ruby2.3">\
https://security-tracker.debian.org/tracker/ruby2.3</a></p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2018/dsa-4259.data"
# $Id: $
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment