You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ruby

Sigurnosni nedostaci programskog paketa ruby

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2017-09-15 19:28:03.391730

Name : ruby
Product : Fedora 25
Version : 2.3.4
Release : 64.fc25
Summary : An interpreter of object-oriented scripting language
Description :
Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.

Update Information:

* Fix ANSI escape sequence vulnerability (CVE-2017-0899). * Fix DoS
vulnerability in the query command (CVE-2017-0900). * Fix a vulnerability in the
gem installer that allowed a malicious gem to overwrite arbitrary files
(CVE-2017-0901). * Fix DNS request hijacking vulnerability (CVE-2017-0902). *
Fix arbitrary heap exposure during a JSON.generate call (CVE-2017-14064).

[ 1 ] Bug #1487590 – CVE-2017-0899 rubygems: Escape sequence in the “summary” field of gemspec
[ 2 ] Bug #1487588 – CVE-2017-0900 rubygems: No size limit in summary length of gem spec
[ 3 ] Bug #1487587 – CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name
[ 4 ] Bug #1487589 – CVE-2017-0902 rubygems: DNS hijacking vulnerability
[ 5 ] Bug #1487552 – CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade ruby’ at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to

AutorDanijel Kozinovic
Cert idNCERT-REF-2017-09-0112-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa gdm

Otkriven je sigurnosni nedostatak u programskom paketu gdm za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja....