[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4259-1 ruby2.3 -- ruby2.3

ID: oval:org.secpod.oval:def:603472Date: (C)2018-08-07   (M)2024-01-29
Class: PATCHFamily: unix




Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.

Platform:
Debian 9.x
Product:
libruby2.3
ruby2.3
Reference:
DSA-4259-1
CVE-2017-17405
CVE-2017-17742
CVE-2017-17790
CVE-2018-6914
CVE-2018-8777
CVE-2018-8778
CVE-2018-8779
CVE-2018-8780
CVE-2018-1000073
CVE-2018-1000074
CVE-2018-1000075
CVE-2018-1000076
CVE-2018-1000077
CVE-2018-1000078
CVE-2018-1000079
CVE    15
CVE-2017-17790
CVE-2017-17742
CVE-2017-17405
CVE-2018-1000079
...
CPE    5
cpe:/o:debian:debian_linux:9.0
cpe:/a:ruby-lang:ruby2.3
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0
...

© SecPod Technologies