UbuntuUpdates.org

Package "ruby2.0"

Name: ruby2.0

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Ruby/Tk for Ruby 2.0

Latest version: 2.0.0.484-1ubuntu2.9
Release: trusty (14.04)
Level: updates
Repository: universe

Links

Save this URL for the latest version of "ruby2.0": https://www.ubuntuupdates.org/ruby2.0



Other versions of "ruby2.0" in Trusty

Repository Area Version
base main 2.0.0.484-1ubuntu2
base universe 2.0.0.484-1ubuntu2
security main 2.0.0.484-1ubuntu2.9
security universe 2.0.0.484-1ubuntu2.9
updates main 2.0.0.484-1ubuntu2.9
PPA: Brightbox Ruby NG Experimental 2.0.0.648-654bbox1~trusty1

Packages in group

Deleted packages are displayed in grey.

ruby2.0-tcltk

Changelog

Version: 2.0.0.484-1ubuntu2.9 2018-04-16 21:07:18 UTC

  ruby2.0 (2.0.0.484-1ubuntu2.9) trusty-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/CVE-2018-6914.patch: fix in lib/tmpdir.rb,
      test/test_tempfile.rb.
    - CVE-2018-6914
  * SECURITY UPDATE: Buffer under-read
    - debian/patches/CVE-2018-8778.patch: fix in pack.c,
      test/ruby/test_pack.rb.
    - CVE-2018-8778
  * SECURITY UPDATE: Unintended socket
    - debian/patches/CVE-2018-8779.patch: fix in ext/socket/unixsocket.c,
      test/socket/test_unix.rb.
    - CVE-2018-8779
  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-8780.patch: fix in dir.c,
      test/ruby/test_dir.rb.
    - CVE-2018-8780

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 16 Apr 2018 11:03:32 -0300

Source diff to previous version
CVE-2018-6914 Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5
CVE-2018-8778 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (
CVE-2018-8779 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open method
CVE-2018-8780 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.emp

Version: 2.0.0.484-1ubuntu2.8 2018-04-13 19:06:41 UTC

  ruby2.0 (2.0.0.484-1ubuntu2.8) trusty-security; urgency=medium

  * SECURITY REGRESSION: The fix for CVE-2018-1000074 was incomplete
    and will be addressed in a future update.

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 13 Apr 2018 10:37:58 -0300

Source diff to previous version

Version: 2.0.0.484-1ubuntu2.6 2018-04-05 18:06:50 UTC

  ruby2.0 (2.0.0.484-1ubuntu2.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-1000073.patch: fix in
      lib/rubygems/package.rb.
    - CVE-2018-1000073
  * SECURITY UPDATE: Deserialization untrusted data
    - debian/patches/CVE-2018-1000074.patch fix in
      lib/rubygems/commands/owner_command.rb,
      test/rubygems/test_gem_commands_owner_command.rb.
    - CVE-2018-1000074
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-1000075.patch: fix in
      lib/rubygems/package/tar_header.rb,
      test/rubygems/test_gem_package_tar_header.rb.
    - CVE-2018-1000075
  * SECURITY UPDATE: Improper verification of crypto
    signature
    - debian/patches/CVE-2018-1000076.patch: fix in
      lib/rubygems/package.rb, lib/rubygems/pacage/tar_writer.rb,
      test/rubygems/test_gem_pacakge.rg
    - CVE-2018-1000076
  * SECURITY UPDATE: Validation vulnerability
    - debian/patches/CVE-2018-1000077.patch: fix in
      lib/rubygems/specification.rb,
      test/rubygems/test_gem_specification.rb.
    - CVE-2018-1000077
  * SECURITY UPDATE: Cross site scripting
    - debian/patches/CVE-2018-1000078.patch: fix in
      lib/rubygems/server.rb.
    - CVE-2018-1000078
  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-1000079.patch: fix in
      lib/rubygems/package.rb, test/rubygems/test_gem_package.rb.
    - CVE-2018-1000079

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 03 Apr 2018 15:37:15 -0300

Source diff to previous version

Version: 2.0.0.484-1ubuntu2.5 2018-01-04 18:06:24 UTC

  ruby2.0 (2.0.0.484-1ubuntu2.5) trusty-security; urgency=medium

  * SECURITY UPDATE: command injection through Net::FTP
    - debian/patches/CVE-2017-17405.patch: fix command injection
      in lib/net/ftp.rb, test/net/ftp/test_ftp.rb.
    - CVE-2017-17405

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 18 Dec 2017 15:53:12 -0300

Source diff to previous version
CVE-2017-17405 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to

Version: 2.0.0.484-1ubuntu2.4 2017-07-25 19:06:48 UTC

  ruby2.0 (2.0.0.484-1ubuntu2.4) trusty-security; urgency=medium

  * SECURITY UPDATE: incorrect hostname matching
    - debian/patches/CVE-2015-1855.patch: implement stricter hostname
      validation per RFC 6125 in ext/openssl/lib/openssl/ssl.rb, added
      tests to test/openssl/test_ssl.rb.
    - CVE-2015-1855
  * SECURITY UPDATE: DoS and possible code execution in Fiddle::Handle
    - debian/patches/CVE-2015-7551.patch: check tainted string arguments in
      ext/fiddle/handle.c, added tests to test/fiddle/test_handle.rb.
    - CVE-2015-7551
  * SECURITY UPDATE: SMTP command injection
    - debian/patches/CVE-2015-9096.patch: don't allow bare CR or LF in
      lib/net/smtp.rb, added test to test/net/smtp/test_smtp.rb.
    - CVE-2015-9096
  * SECURITY UPDATE: type confusion in tcltkip
    - debian/patches/CVE-2016-2337.patch: check argument in
      ext/tk/tcltklib.c.
    - CVE-2016-2337
  * SECURITY UPDATE: heap overflow in Fiddle::Function.new
    - debian/patches/CVE-2016-2339.patch: check arguments in
      ext/fiddle/function.c.
    - CVE-2016-2339
  * SECURITY UPDATE: use of same initialization vector (IV)
    - debian/patches/CVE-2016-7798.patch: don't set dummy key in
      ext/openssl/ossl_cipher.c, added test to test/openssl/test_cipher.rb.
    - CVE-2016-7798
  * debian/rules: add note on enabling the full test suite
  * debian/patches/fix_tests.patch: fix some broken tests.

 -- Marc Deslauriers <email address hidden> Tue, 20 Jun 2017 07:58:57 -0400

CVE-2015-1855 OpenSSL extension hostname matching implementation violates RFC 6125
CVE-2015-7551 The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple O
CVE-2015-9096 Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF
CVE-2016-2337 Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cau
CVE-2016-2339 An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "i
CVE-2016-7798 The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier fo



About   -   Send Feedback to @ubuntu_updates