Bugs fixes in "ruby2.3"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2017-0903 | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specificatio | 2018-01-31 |
| CVE | CVE-2017-0902 | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to downlo | 2018-01-31 |
| CVE | CVE-2017-0901 | RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on th | 2018-01-31 |
| CVE | CVE-2017-0903 | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specificatio | 2018-01-31 |
| CVE | CVE-2017-0902 | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to downlo | 2018-01-31 |
| CVE | CVE-2017-0901 | RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on th | 2018-01-31 |
| CVE | CVE-2017-17405 | Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to | 2018-01-12 |
| CVE | CVE-2017-17405 | Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to | 2018-01-12 |
| CVE | CVE-2017-14064 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using st | 2018-01-10 |
| CVE | CVE-2017-14033 | The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of | 2018-01-10 |
| CVE | CVE-2017-10784 | The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject | 2018-01-10 |
| CVE | CVE-2017-17790 | The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by | 2018-01-10 |
| CVE | CVE-2017-14064 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using st | 2018-01-10 |
| CVE | CVE-2017-14033 | The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of | 2018-01-10 |
| CVE | CVE-2017-10784 | The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject | 2018-01-10 |
| CVE | CVE-2017-17790 | The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by | 2018-01-10 |
| CVE | CVE-2017-14064 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using st | 2018-01-10 |
| CVE | CVE-2017-14033 | The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of | 2018-01-10 |
| CVE | CVE-2017-10784 | The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject | 2018-01-10 |
| CVE | CVE-2017-17790 | The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by | 2018-01-10 |
About
-
Send Feedback to @ubuntu_updates
