Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Ruby
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Ruby
ID: USN-5462-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10, Ubuntu 22.04 LTS
Datum: Di, 7. Juni 2022, 06:44
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739
Applikationen: Ruby

Originalnachricht


--===============3601382268978042573==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="cWoXeonUoKmBZSoM"
Content-Disposition: inline


--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-5462-1
June 06, 2022

ruby2.5, ruby2.7, ruby3.0 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Ruby.

Software Description:
- ruby3.0: Interpreter of object-oriented scripting language Ruby
- ruby2.7: Object-oriented scripting language
- ruby2.5: Object-oriented scripting language

Details:

It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2022-28738)

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2022-28739)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
libruby3.0 3.0.2-7ubuntu2.1
ruby3.0 3.0.2-7ubuntu2.1

Ubuntu 21.10:
libruby2.7 2.7.4-1ubuntu3.2
ruby2.7 2.7.4-1ubuntu3.2

Ubuntu 20.04 LTS:
libruby2.7 2.7.0-5ubuntu1.7
ruby2.7 2.7.0-5ubuntu1.7

Ubuntu 18.04 LTS:
libruby2.5 2.5.1-1ubuntu1.12
ruby2.5 2.5.1-1ubuntu1.12

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5462-1
CVE-2022-28738, CVE-2022-28739

Package Information:
https://launchpad.net/ubuntu/+source/ruby3.0/3.0.2-7ubuntu2.1
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.4-1ubuntu3.2
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.7
https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.12

--cWoXeonUoKmBZSoM
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmKeX1cACgkQRbznW4QL
H2k36A//RX0Ev+LRRYQrKjpMJZyQ9pVHU8DW9IsFlCiRYN7wWWkl5cFG7GGEa7KR
05BM6rPNuMsYtn3jb2MX8uXsFYFeEyKGkbyyrC5uthukMIOibeyiXiX/zBi2T5Vd
ECuvNA8YyIwK6i3fskxhDLD/LBvyTtGwIEiRTaQCDCcEz4rMDqzge9dx6L5mmTEh
K6vYpDiSLy1d4OQ4mzRrReE/oKVNsq5MTV8TeStCtEAUQEwUVZsBFuAFhhdwXBzv
DlOsYXrI+KKnf/f1Hitb44hPfFRWy7YLHtVI2km2pCgox+eQQM48nkD+ADHPprMc
MUmdxDfq6jfdCsBW1idVeqvmFiKzJzu6NZTJqPbk5k35bRxczpEEtR5FqEbNS1Vg
x97v7h6uZ/kle4eMNFbsHSSwr8BwLZBwgzs7IpmUY7RLT2Nl0xMDZL8I3dd8m/Qq
DhbMd8B/SJ1TSjsk4PHh9jmFidqnOxCzb4WkIBisx5OKrnz18Nj1WNA9tlFeVJsn
W5lRc5N9hJZ4AT0WYd2l+gPBleKFtO1Jy9e23ljDFr3a+cvi4EaPxOFW1G6zpa7E
neh0xt+SRc/VMTAwJIcz9kvaYiEzatH1wJ6TRzm7IJx37uUAnNKOPUNE/dOLaBXP
yR1bIvWMxn95ZjCjsN+RBJ/vC5YUOfeIldO0oiSBZMgU8lh88RA=
=4EaW
-----END PGP SIGNATURE-----

--cWoXeonUoKmBZSoM--


--===============3601382268978042573==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline


--===============3601382268978042573==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung