drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Ruby (Aktualisierung)
Name: |
Mehrere Probleme in Ruby (Aktualisierung) |
|
ID: |
USN-3685-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 ESM |
|
Datum: |
Fr, 26. März 2021, 00:00 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784 |
|
Applikationen: |
Ruby |
|
Update von: |
Mehrere Probleme in Ruby |
|
Originalnachricht |
--===============6896442753138847837== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ocvevo6nmnru5rjp" Content-Disposition: inline
--ocvevo6nmnru5rjp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3685-2 March 25, 2021
ruby2.0 regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
USN-3685-1 introduced a regression in Ruby.
Software Description: - ruby2.0: Object-oriented scripting language
Details:
USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem.
Original advisory details:
Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases.
It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898)
It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. (CVE-2017-0901)
It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. (CVE-2017-0902)
It was discovered that Ruby incorrectly handled certain YAML files. An attacker could use this to possibly execute arbitrary code. (CVE-2017-0903)
It was discovered that Ruby incorrectly handled certain files. An attacker could use this to expose sensitive information. (CVE-2017-14064)
It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-10784)
It was discovered that Ruby incorrectly handled certain network requests. An attacker could possibly use this to inject a crafted key into a HTTP response. (CVE-2017-17742)
It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. This update is only addressed to ruby2.0. (CVE-2018-1000074)
It was discovered that Ruby incorrectly handled certain network requests. An attacker could possibly use this to cause a denial of service. (CVE-2018-8777)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: libruby2.0 2.0.0.484-1ubuntu2.13+esm1 ruby2.0 2.0.0.484-1ubuntu2.13+esm1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-3685-2 https://ubuntu.com/security/notices/USN-3685-1 CVE-2017-0903, https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1777174
--ocvevo6nmnru5rjp Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAmBcuIUACgkQkGeI6zGn N/9ITw/7Br51dbsudRlxUO5ng6DVPsPYdmBGHK03/JCyN2nthjWzOHP3vFEAIeDG u0J6K/npIiIIaiZLWbhIeKqGZodpDxGIDUfN7ifr/Avs59UMLeYMq9HMc1VWiPBH /NgqrXAECj1KQG3zlCMDOdY6hUBL74UrhiMLOlzPB0/1mtneia9uKpKh14oeDrCw O0/hnfjHI57tFJDDYBQxcZWEQ/KNI0AMlgZ+D6+5ekFdjkIm4tI+V8cC0RqGxGke hHcRHtST0iDEJbXicnEJ9Oo2UQokIB6YS9n3Irr8EM8NpflOxy6ML9LA82I4i8iG qqdIVX6EmFXja0z2tagKGgO895VjPoqVGQQ9xnSnF5Ha3wkco86QyQf7Uv80vX7u 7jeKLH+JxPZ6CjEv1AbFodaphhl2Cvk2WAi1VJZQP740quoDS+d/jMWnYGD7chMh YOAFAF23l5gZPATgrZutRReEimj8vYXYKZBoNOm7Vc3quib8ivo8zM7bqCkKJoem 7fGoDC2FSYlQVl24myyVFHjD6Sz1leYYN/rhSPr/Jek2j9POG0JFw5kEkmEraYtB 8Ths2lXHTLW7Ogu+lLrEEEXV/Fpr6VX/nd3V1ytG3SbhiNr8DjIulwd1Ntz+XgaI IIGgxDZAvQEIjMCOwHM3VXczikTbTUgFahsb+HClhCNNvlZKoL4= =y8k5 -----END PGP SIGNATURE-----
--ocvevo6nmnru5rjp--
--===============6896442753138847837== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|