[USN-3528-1] Ruby vulnerabilities
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed Jan 10 15:00:37 UTC 2018
Ubuntu Security Notice USN-3528-1
January 10, 2018
ruby1.9.1, ruby2.3 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Several security issues were fixed in Ruby.
- ruby2.3: Interpreter of object-oriented scripting language Ruby
- ruby1.9.1: Interpreter of object-oriented scripting language Ruby
It was discovered that Ruby incorrectly handled certain terminal
emulator escape sequences. An attacker could use this to execute
arbitrary code via a crafted user name. This issue only affected Ubuntu
16.04 LTS and Ubuntu 17.10. (CVE-2017-10784)
It was discovered that Ruby incorrectly handled certain strings.
An attacker could use this to cause a denial of service. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-14033)
It was discovered that Ruby incorrectly handled some generating JSON.
An attacker could use this to possible expose sensitive information.
This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to execute arbitrary code.
The problem can be corrected by updating your system to the following
Ubuntu 16.04 LTS:
Ubuntu 14.04 LTS:
In general, a standard system update will make all the necessary
CVE-2017-10784, CVE-2017-14033, CVE-2017-14064, CVE-2017-17790
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part
More information about the ubuntu-security-announce