Sicherheit: Mehrere Probleme in Ruby
Name: Mehrere Probleme in Ruby
ID: FEDORA-2017-e136d63c99
Distribution: Fedora
Plattformen: Fedora 25
Datum: Sa, 16. September 2017, 11:52
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901

Originalnachricht

 
--------------------------------------------------------------------------------


Fedora Update Notification

FEDORA-2017-e136d63c99

2017-09-15 19:28:03.391730

--------------------------------------------------------------------------------




Name        : ruby

Product     : Fedora 25

Version     : 2.3.4

Release     : 64.fc25

URL         : http://ruby-lang.org/

Summary     : An interpreter of object-oriented scripting language

Description :

Ruby is the interpreted scripting language for quick and easy

object-oriented programming.  It has many features to process text

files and to do system management tasks (as in Perl).  It is simple,

straight-forward, and extensible.



--------------------------------------------------------------------------------


Update Information:



* Fix ANSI escape sequence vulnerability (CVE-2017-0899). * Fix DoS

vulnerability in the query command (CVE-2017-0900). * Fix a vulnerability in
 the

gem installer that allowed a malicious gem to overwrite arbitrary files

(CVE-2017-0901). * Fix DNS request hijacking vulnerability (CVE-2017-0902). *

Fix arbitrary heap exposure during a JSON.generate call (CVE-2017-14064).

--------------------------------------------------------------------------------


References:



  [ 1 ] Bug #1487590 - CVE-2017-0899 rubygems: Escape sequence in the
 "summary" field of gemspec

        https://bugzilla.redhat.com/show_bug.cgi?id=1487590

  [ 2 ] Bug #1487588 - CVE-2017-0900 rubygems: No size limit in summary length
 of gem spec

        https://bugzilla.redhat.com/show_bug.cgi?id=1487588

  [ 3 ] Bug #1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to
 incorrect validation of specification name

        https://bugzilla.redhat.com/show_bug.cgi?id=1487587

  [ 4 ] Bug #1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability

        https://bugzilla.redhat.com/show_bug.cgi?id=1487589

  [ 5 ] Bug #1487552 - CVE-2017-14064 ruby: Arbitrary heap exposure during a
 JSON.generate call

        https://bugzilla.redhat.com/show_bug.cgi?id=1487552

--------------------------------------------------------------------------------




This update can be installed with the "dnf" update program. Use

su -c 'dnf upgrade ruby' at the command line.

For more information, refer to the dnf documentation available at

http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label



All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

-------------------------------------------------------------------------------
-
