Fedora Update Notification

FEDORA-2017-e136d63c99

2017-09-15 19:28:03.391730

Name : ruby

Product : Fedora 25

Version : 2.3.4

Release : 64.fc25

URL : http://ruby-lang.org/

Summary : An interpreter of object-oriented scripting language

Description :

Ruby is the interpreted scripting language for quick and easy

object-oriented programming. It has many features to process text

files and to do system management tasks (as in Perl). It is simple,

straight-forward, and extensible.



Update Information:



* Fix ANSI escape sequence vulnerability (CVE-2017-0899). * Fix DoS

vulnerability in the query command (CVE-2017-0900). * Fix a vulnerability in

the

gem installer that allowed a malicious gem to overwrite arbitrary files

(CVE-2017-0901). * Fix DNS request hijacking vulnerability (CVE-2017-0902). *

Fix arbitrary heap exposure during a JSON.generate call (CVE-2017-14064).

References:



[ 1 ] Bug #1487590 - CVE-2017-0899 rubygems: Escape sequence in the

"summary" field of gemspec

https://bugzilla.redhat.com/show_bug.cgi?id=1487590

[ 2 ] Bug #1487588 - CVE-2017-0900 rubygems: No size limit in summary length

of gem spec

https://bugzilla.redhat.com/show_bug.cgi?id=1487588

[ 3 ] Bug #1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to

incorrect validation of specification name

https://bugzilla.redhat.com/show_bug.cgi?id=1487587

[ 4 ] Bug #1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=1487589

[ 5 ] Bug #1487552 - CVE-2017-14064 ruby: Arbitrary heap exposure during a

JSON.generate call

https://bugzilla.redhat.com/show_bug.cgi?id=1487552

