==========================================================================
Ubuntu Security Notice USN-3626-1
April 16, 2018

ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Ruby.

Software Description:
– ruby2.3: Object-oriented scripting language
– ruby1.9.1: Object-oriented scripting language
– ruby2.0: Object-oriented scripting language

Details:

It was discovered that Ruby incorrectly handled certain inputs. An
attacker could possibly use this to execute arbitrary code.
(CVE-2018-6914)

It was discovered that Ruby incorrectly handled certain inputs. An
attacker could possibly use this to access sensitive information.
(CVE-2018-8778, CVE-2018-8780)

It was discovered that Ruby incorrectly handled certain inputs. An
attacker could possibly use this to connect to an unintended socket.
(CVE-2018-8779)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
libruby2.3                      2.3.3-1ubuntu1.5
ruby2.3                         2.3.3-1ubuntu1.5

Ubuntu 16.04 LTS:
libruby2.3                      2.3.1-2~16.04.9
ruby2.3                         2.3.1-2~16.04.9

Ubuntu 14.04 LTS:
libruby1.9.1                    1.9.3.484-2ubuntu1.11
libruby2.0                      2.0.0.484-1ubuntu2.9
ruby1.9.1                       1.9.3.484-2ubuntu1.11
ruby1.9.3                       1.9.3.484-2ubuntu1.11
ruby2.0                         2.0.0.484-1ubuntu2.9

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3626-1
CVE-2018-6914, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780

Package Information:
https://launchpad.net/ubuntu/+source/ruby2.3/2.3.3-1ubuntu1.5
https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~16.04.9
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.484-2ubuntu1.11
https://launchpad.net/ubuntu/+source/ruby2.0/2.0.0.484-1ubuntu2.9—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJa1PD8AAoJEEW851uECx9pd3gP/0wIbVr1UQRtrTTZvZW027I0
4wp92zv5Xu9hjeD0wzfNNQVz69ScH2CMpLPw1SCX0T6t+FfHHmOi+d6AZbsCdDqw
M7FVcNkGa9ZPDPS283iLFk6VIKkZZ4rXYW2887Pxs1eT9YTaQZry5OllC6lkN9th
M/4ZrTiFCAiO3eaVuDjuskBDWNtfU3QTO4iG/yEIDGHFBWQuoOR9QQ30zAJ9ISl2
MFJD6lfmQYemqZQeQyaCp8Pe87h5qvPHmYQJXJIHxPK5D6cAP5wpF8jJeaJ9kznZ
ml+pMOiAGhWuep3q3+bQpJQwHz1vPEx5KrvMsH4aevb9Wh6EE0OdTEkfNmOCWkFd
SW4bdpJZt/YoXeUX/SWhNxz6XLsH9Qrn/vygbgHAeQMqcgck5EHj32uKvMHgLw6C
jk9o2vDQzflStLnuFpM7Z6fZQMXklAnnnuRL7cb9ERwfugHENSNMnaGZ6CmBut+z
N1z2WE7Rqn+y6eDcz+7/QLUWozUplFb39UYuno4ARswG0g1ILAz7M/Ai1nYJzN/R
k/6UHuK+4UdjyoDCBAb0vx//fW/KrbhWyOTRFGm3/EZ7ZswSQ0NhlbbITivVbLP/
55O70lRcPPYRjeNcbJO01rZw2rdwexKvjC7jMd3P5mOs3hglL7Emo7mwpzT48kcZ
L2eSApLCnUUqO0KVsirU
=UB0c
—–END PGP SIGNATURE—–
—