<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>==============================<wbr>==============================<wbr>==============<br>
</p>
<div id="m_2459192197258752390m_6295755532737553021:1cg"> Ubuntu
Security Notice USN-5806-1<br>
January 17, 2023<br>
<br>
ruby2.3 vulnerability<br>
==============================<wbr>==============================<wbr>==============<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 16.04 ESM<br>
<br>
Summary:<br>
<br>
Ruby could allow for internet traffic to be modified if<br>
a vulnerable application processed malicious user input.<br>
<br>
Software Description:<br>
- ruby2.3: Object-oriented scripting language<br>
<br>
Details:<br>
<br>
Hiroshi Tokumaru discovered that Ruby did not properly handle
certain<br>
user input for applications which generate HTTP responses using
cgi gem.<br>
An attacker could possibly use this issue to maliciously modify
the<br>
response a user would receive from a vulnerable application.<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 16.04 ESM:<br>
libruby2.3 2.3.1-2~ubuntu16.04.16+esm4<br>
ruby2.3 2.3.1-2~ubuntu16.04.16+esm4<br>
<br>
In general, a standard system update will make all the necessary
changes.<br>
<br>
References:<br>
<a href="https://ubuntu.com/security/notices/USN-5806-1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-5806-1&source=gmail&ust=1674059316352000&usg=AOvVaw16VkKID3C-zEkkzoietxJL">https://ubuntu.com/security/no<wbr>tices/USN-5806-1</a><br>
CVE-2021-33621</div>
<p></p>
</body>
</html>