Package "ruby2.0"
Name: |
ruby2.0
|
Description: |
Interpreter of object-oriented scripting language Ruby
|
Latest version: |
2.0.0.648-654bbox1~xenial1 |
Release: |
xenial (16.04) |
Level: |
base |
Repository: |
main |
Links
Download "ruby2.0"
Other versions of "ruby2.0" in Xenial
No other version of this package is available
in the Xenial release.
Packages in group
Deleted packages are displayed in grey.
Changelog
ruby2.0 (2.0.0.648-654bbox1~xenial1) xenial; urgency=medium
.
* Backported CVE-2017-17742: HTTP response splitting in
WEBrick
* Backported CVE-2018-6914: Unintentional file and directory
creation with directory traversal in tempfile and tmpdir
* Backported CVE-2018-8778: Buffer under-read in String#unpack
* Backported CVE-2018-8779: Unintentional socket creation by poisoned
NUL byte in UNIXServer and UNIXSocket
* Backported CVE-2018-8780: Unintentional directory traversal by
poisoned NUL byte in Dir
|
Source diff to previous version |
CVE-2017-17742 |
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attac |
CVE-2018-6914 |
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5 |
CVE-2018-8778 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format ( |
CVE-2018-8779 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method |
CVE-2018-8780 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp |
|
ruby2.0 (2.0.0.648-653bbox1~xenial1) xenial; urgency=medium
.
* Backported fixes for CVE-2017-17405 Net::FTP
* Backported Unsafe Object Deserialization Vulnerability in RubyGems
|
Source diff to previous version |
CVE-2017-17405 |
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to |
|
ruby2.0 (2.0.0.648-652bbox2~xenial1) xenial; urgency=medium
.
* Backported fixes for CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064
* Backported rubygems fixes for CVE-2017-0902, CVE-2017-0899,
CVE-2017-0900 and CVE-2017-0901
|
Source diff to previous version |
ruby2.0 (2.0.0.648-2bbox1~xenial2) xenial; urgency=low
.
* Fix alternatives priority to match the other ruby pkgs
|
About
-
Send Feedback to @ubuntu_updates