Mehrere Probleme in Ruby
ID: | DSA-3966-1 |
Distribution: | Debian |
Plattformen: | Debian stretch |
Datum: | Mi, 6. September 2017, 08:12 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902 |
Applikationen: | Ruby |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3966-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby2.3 CVE ID : CVE-2015-9096 CVE-2016-7798 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-14064 Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2015-9096 SMTP command injection in Net::SMTP. CVE-2016-7798 Incorrect handling of initialization vector in the GCM mode in the OpenSSL extension. CVE-2017-0900 Denial of service in the RubyGems client. CVE-2017-0901 Potential file overwrite in the RubyGems client. CVE-2017-0902 DNS hijacking in the RubyGems client. CVE-2017-14064 Heap memory disclosure in the JSON library. For the stable distribution (stretch), these problems have been fixed in version 2.3.3-1+deb9u1. This update also hardens RubyGems against malicious termonal escape sequences (CVE-2017-0899). We recommend that you upgrade your ruby2.3 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlmvBdcACgkQEMKTtsN8 TjZ4lA/+OnJv4dBBAoaGZkDusm2OtBRUZTjH19i1CqwrP6BrSt7tlGXRx9y9rSES uwLYy0C6CIFpsubUUwtM0bUksDO9/uQ2oqzIXj+iSkkRmZPeqLtrYYyhRLbvmUyL LSYYAcZ4olk61XffsRC+lfmSINQ1CgFo1W6HuCdPAaitsXXSCKqdI1IBFoXCH0KQ lwQzD3lQaldqq4aqJTk8Lp4ubx4ZZfJtq7V7BLayUTpsvaqarbkpSneCUMY8/GBP 4TvGFXW8cco1DneG4EpaKuIvo8RVr5QbnBu/a9egBX/qseCkn37d951PFS8HyMWN APmRssNzKkeXzUCAKwJ5scXQnCILW3KNkQlaX1Tc+wV+FET6EHK9puAaEqJGpLDT hkO0RenljeyJaQdkYhs53F6gOpL+wYNgMi7J2at/pOA/UEfs7UTREntFE69a4KLo 3N5FrXNlo9CpLCUHcvw230gF5dRIa7vqdE+abZewl4UTULJ5cE+NmEm+0dUJi0AD Nf/T7+L7k0XsGhCQR9YtbLJQPzxArKfzVmInKOJZupO9IDWWG0o1cGVeDDkbNzya 8b9fgNl7WhS0bwl7cilx1sbnPq4QF+tCnldXOqVjzfmEIaKH7NfMSHdedW1z3Erf n5lSEM+bMaCR5CJFlB57v1ur8wPmB1jSJUKuhfLFNQCIfqYEuPI= =2Vkr -----END PGP SIGNATURE----- |