UbuntuUpdates.org

Bugs fixes in "ruby2.3"

Origin Bug number Title Date fixed
CVE CVE-2017-14064 Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using st 2018-01-10
CVE CVE-2017-14033 The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of 2018-01-10
CVE CVE-2017-10784 The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject 2018-01-10
CVE CVE-2017-17790 The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by 2018-01-10
CVE CVE-2017-17405 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to 2018-01-04
CVE CVE-2017-17405 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to 2018-01-04
CVE CVE-2017-17405 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to 2018-01-04
CVE CVE-2017-17405 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to 2018-01-04
CVE CVE-2016-7798 The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier fo 2017-07-25
CVE CVE-2015-9096 Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF 2017-07-25
CVE CVE-2016-7798 The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier fo 2017-07-25
CVE CVE-2015-9096 Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF 2017-07-25
CVE CVE-2016-7798 The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier fo 2017-07-25
CVE CVE-2015-9096 Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF 2017-07-25
CVE CVE-2016-7798 The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier fo 2017-07-25
CVE CVE-2015-9096 Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF 2017-07-25
Launchpad 1556783 ruby2.3 test failures on s390x 2016-06-29
Launchpad 1589271 SRU: backport ruby 2.3.1 to 16.04 LTS 2016-06-29
Launchpad 1556783 ruby2.3 test failures on s390x 2016-06-29
Launchpad 1589271 SRU: backport ruby 2.3.1 to 16.04 LTS 2016-06-29



About   -   Send Feedback to @ubuntu_updates