drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Ruby
| Name: |
Zwei Probleme in Ruby |
|
| ID: |
USN-7256-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 20.04 LTS |
|
| Datum: |
Do, 6. Februar 2025, 16:05 |
|
| Referenzen: |
https://www.cve.org/CVERecord?id=CVE-2024-39908
https://www.cve.org/CVERecord?id=CVE-2024-43398 |
|
| Applikationen: |
Ruby |
|
Originalnachricht |
--===============5684366604399481936==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="z54jzmvgis3jnidi"
Content-Disposition: inline
--z54jzmvgis3jnidi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-7256-1
February 06, 2025
ruby2.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Ruby.
Software Description:
- ruby2.7: Object-oriented scripting language
Details:
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libruby2.7 2.7.0-5ubuntu1.16
ruby2.7 2.7.0-5ubuntu1.16
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7256-1
CVE-2024-39908, CVE-2024-43398
Package Information:
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.16
--z54jzmvgis3jnidi
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEEs16801xnF7wK3rCK7Ic6ztRocjwFAmekXEUACgkQ7Ic6ztRo
cjzcTQwAjWGZekMj+HJYsRNrkB74ifwrDYnJm5jBUoG+QAOKoWOKmlWwCok0Kzeb
13JvZzKXH11GuNLR8yfIRZ0qDVwhD8hDrIY1lfGnyb1FRmRUKvwrPkYg4c9OST1k
gESBVrzU1XwSBAHnrnN6f8xFvfbhEfDRYEOgkZ+m97wqfwc0cgbp2mOOR0nDZyXo
00lVEks1OnENvXUdfFaSAm1uS3Ub3BOvlRBdxupb778GucF0k26FXSALidwIi+Of
vIbFu3AN+G4fUUYpI7EvZh5GwfDD3gD2+DN3LV0ED3BbJtKCaxkHJTKa7/RP25TM
QUu7qEZS5bq262c5L++3EvlNOteNrhFbjlCXi+dCxbnYqWqWUv3JipUhG2TuxugY
GPGrNDxfcK44MeJx/nfiNQddtsZ6mU0ZKRjnCKOAZfQQDOo2Ik6k8mDm9U7rbxcn
A73DMIheaI4Z7Jd9mFaQSMDJsUvegu1b9uGnjr/AauXKfQa1kuKDwYrvNPkNXDWa
6c8uR9sg
=DSZx
-----END PGP SIGNATURE-----
--z54jzmvgis3jnidi--
--===============5684366604399481936==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--===============5684366604399481936==--
|
|
|
|
