Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Ruby
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Ruby
ID: USN-5020-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, Ubuntu 21.04, Ubuntu 16.04 ESM
Datum: Mi, 21. Juli 2021, 22:47
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799
Applikationen: Ruby

Originalnachricht


--===============1664345108185716540==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="HcAYCG3uE/tztfnV"
Content-Disposition: inline


--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-5020-1
July 21, 2021

ruby2.3, ruby2.5, ruby2.7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.04
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in Ruby.

Software Description:
- ruby2.7: Object-oriented scripting language
- ruby2.5: Object-oriented scripting language
- ruby2.3: Object-oriented scripting language

Details:

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-31799)

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to conduct
port scans and service banner extractions. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04.
(CVE-2021-31810)

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to perform
man-in-the-middle attackers to bypass the TLS protection.
(CVE-2021-32066)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
libruby2.7 2.7.2-4ubuntu1.2
ruby2.7 2.7.2-4ubuntu1.2

Ubuntu 20.10:
libruby2.7 2.7.1-3ubuntu1.4
ruby2.7 2.7.1-3ubuntu1.4

Ubuntu 20.04 LTS:
libruby2.7 2.7.0-5ubuntu1.5
ruby2.7 2.7.0-5ubuntu1.5

Ubuntu 18.04 LTS:
libruby2.5 2.5.1-1ubuntu1.10
ruby2.5 2.5.1-1ubuntu1.10

Ubuntu 16.04 ESM:
libruby2.3 2.3.1-2~ubuntu16.04.16+esm1
ruby2.3 2.3.1-2~ubuntu16.04.16+esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5020-1
CVE-2021-31799, CVE-2021-31810, CVE-2021-32066

Package Information:
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.2-4ubuntu1.2
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.1-3ubuntu1.4
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.5
https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.10

--HcAYCG3uE/tztfnV
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmD4QxcACgkQRbznW4QL
H2lnow//ZbEmsWPx8Vq7yjsLAJVdIGj9AQRw9M+uxhEZSsrH+5/3ZUX6EOJ+r2HQ
SNPEXZexGAcVMY0uvLfN2p70K0N5iADTgdCDgO/mf3CGUEpqX4mKznGtE7TleKoU
wjeez4MI1rxf2BrT41aeJzYvnXxVmSFGBjI1zS757oWANeUJ8XP6Aegv81xPwZzG
fHsIVx/jPG5gKPxBkhjyvXM7zZf6SDZyT1FGH2b2fSPUiZRzkyoWClarAyCoXBpR
jUZbDXSMEDKw/FQB5eKg1zmrYPU1gLlzBCG2it9Z2uJCIC/0GyD62BZrX0Rw8ZwV
d9Rf3Fjfp2eLKAM/Q9lADnjuYgMfZCjcZvrL5IIwYUNmPJg+IlxzbI/SlTVbE5rc
tKDVg0T8PSdsqcca61qcXpTRfL1K3nMeGD1fMdwLw/347NVtvjjzrk9ZiHxeX+Cq
VICgJ8pYHdORo5mtCg+eRZ05yCTn4qllB21CAVZDy+PZIhrU8i5+DYfCOdGiodF9
hhzsc1f7r3tMuEqgiQCjlcOjfbwgmDH5AGh4d+KkE6nYYAGcWR6dY5AHOgwcdfEK
VBdaNcwYb4/HBrnK3RAahZFy8z30SVP5h+/ZQaI9vQG9pH8x+OJK7gZESfbEnqfQ
2Kchv5FzT3e9jimSEAR45qmCFXasfCc5W/WDsnlDArlSbngBco0=
=K9Q0
-----END PGP SIGNATURE-----

--HcAYCG3uE/tztfnV--


--===============1664345108185716540==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung