Bugs fixes in "ruby2.3"
Origin | Bug number | Title | Date fixed |
---|---|---|---|
CVE | CVE-2017-14064 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using st | 2018-01-10 |
CVE | CVE-2017-14033 | The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of | 2018-01-10 |
CVE | CVE-2017-10784 | The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject | 2018-01-10 |
CVE | CVE-2017-17790 | The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by | 2018-01-10 |
CVE | CVE-2017-17405 | Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to | 2018-01-04 |
CVE | CVE-2017-17405 | Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to | 2018-01-04 |
CVE | CVE-2017-17405 | Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to | 2018-01-04 |
CVE | CVE-2017-17405 | Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to | 2018-01-04 |
CVE | CVE-2016-7798 | The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier fo | 2017-07-25 |
CVE | CVE-2015-9096 | Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF | 2017-07-25 |
CVE | CVE-2016-7798 | The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier fo | 2017-07-25 |
CVE | CVE-2015-9096 | Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF | 2017-07-25 |
CVE | CVE-2016-7798 | The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier fo | 2017-07-25 |
CVE | CVE-2015-9096 | Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF | 2017-07-25 |
CVE | CVE-2016-7798 | The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier fo | 2017-07-25 |
CVE | CVE-2015-9096 | Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF | 2017-07-25 |
Launchpad | 1556783 | ruby2.3 test failures on s390x | 2016-06-29 |
Launchpad | 1589271 | SRU: backport ruby 2.3.1 to 16.04 LTS | 2016-06-29 |
Launchpad | 1556783 | ruby2.3 test failures on s390x | 2016-06-29 |
Launchpad | 1589271 | SRU: backport ruby 2.3.1 to 16.04 LTS | 2016-06-29 |
About
-
Send Feedback to @ubuntu_updates