Bugs fixes in "ruby1.9.1"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2017-0901 | RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on th | 2017-10-05 |
| CVE | CVE-2017-0900 | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clie | 2017-10-05 |
| CVE | CVE-2017-0899 | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem | 2017-10-05 |
| CVE | CVE-2017-0898 | Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such | 2017-10-05 |
| CVE | CVE-2016-7798 | The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier fo | 2017-07-25 |
| CVE | CVE-2016-2339 | An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "i | 2017-07-25 |
| CVE | CVE-2016-2337 | Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cau | 2017-07-25 |
| CVE | CVE-2015-9096 | Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF | 2017-07-25 |
| CVE | CVE-2015-1855 | OpenSSL extension hostname matching implementation violates RFC 6125 | 2017-07-25 |
| CVE | CVE-2009-5147 | DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. | 2017-07-25 |
| CVE | CVE-2016-7798 | The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier fo | 2017-07-25 |
| CVE | CVE-2016-2339 | An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "i | 2017-07-25 |
| CVE | CVE-2016-2337 | Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cau | 2017-07-25 |
| CVE | CVE-2015-9096 | Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF | 2017-07-25 |
| CVE | CVE-2015-1855 | OpenSSL extension hostname matching implementation violates RFC 6125 | 2017-07-25 |
| CVE | CVE-2009-5147 | DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. | 2017-07-25 |
| CVE | CVE-2016-7798 | The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier fo | 2017-07-25 |
| CVE | CVE-2016-2339 | An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "i | 2017-07-25 |
| CVE | CVE-2016-2337 | Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cau | 2017-07-25 |
| CVE | CVE-2015-9096 | Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF | 2017-07-25 |
About
-
Send Feedback to @ubuntu_updates
