You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ruby

Sigurnosni nedostaci programskog paketa ruby

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3808-1
November 05, 2018

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Ruby.

Software Description:
– ruby2.5: Interpreter of object-oriented scripting language Ruby
– ruby2.3: Object-oriented scripting language
– ruby1.9.1: Object-oriented scripting language
– ruby2.0: Object-oriented scripting language

Details:

It was discovered that Ruby incorrectly handled certain X.509
certificates. An attacker could possibly use this issue to
bypass the certificate check. (CVE-2018-16395)

It was discovered that Ruby incorrectly handled certain
inputs. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2018-16396)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  libruby2.5                      2.5.1-5ubuntu4.1
  ruby2.5                         2.5.1-5ubuntu4.1

Ubuntu 18.04 LTS:
  libruby2.5                      2.5.1-1ubuntu1.1
  ruby2.5                         2.5.1-1ubuntu1.1

Ubuntu 16.04 LTS:
  libruby2.3                      2.3.1-2~16.04.11
  ruby2.3                         2.3.1-2~16.04.11

Ubuntu 14.04 LTS:
  libruby1.9.1                    1.9.3.484-2ubuntu1.13
  libruby2.0                      2.0.0.484-1ubuntu2.11
  ruby1.9.1                       1.9.3.484-2ubuntu1.13
  ruby1.9.3                       1.9.3.484-2ubuntu1.13
  ruby2.0                         2.0.0.484-1ubuntu2.11

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3808-1
  CVE-2018-16395, CVE-2018-16396

Package Information:
  https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-5ubuntu4.1
  https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~16.04.11
  https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.484-2ubuntu1.13
  https://launchpad.net/ubuntu/+source/ruby2.0/2.0.0.484-1ubuntu2.11—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJb4NMBAAoJEEW851uECx9ppzoQAJ6Uor2Lq6oq1WKtvhl/yuUo
eFYjtKZoRPYLN883kpkOCWbC0n++opK6jII3pCdVYuFoNhTrwXylw6Lv/5ClyvGH
zySB7TZwcQdiQwbvp00t+Hny5NMWRoCHGFvgM09+XI4VRLaHrJerIqq9CqnG3+of
KJBv+1HUtBs9g6lCdZ1dKiQSZ896/wKjd61GihvPJIG9kUdYniNCKuhB6OI5pWDB
cyThnvq6j3cpKFJtEbvOfhosTNmr7vkG22g3xM7F5VShtS2meN6twYMqbs8sjvY+
iRxfb9eIwByvxc9Cn4MSNqoJaC9186vmUFrqfWCH1vaGePQDm0mr5id2SNd/kGFt
YtBvtMZzbbQgq9BRwptZ3S/rNjQFKZDxoKNtEzhkoQhevBe/5ga3wHfF2IzRj/pN
LwrmTf99QrYTCO5UolxQt1XvIwlpIzNRfLCagt3PyznBFNkUIX4sVIWYU+bZofr5
mJ3MR4+GfGsXw2NhCcWvhddiWEZXo8y2QRpiBAnYT1HSHsdgfXCvccbktts84SUd
0Bl/KoAde+VbVMJxlljW4UWXxZv+YwlPVb8zs/VL0dQQQiYbLyTRvY4kWGoGQbOE
JwupNZaRpEqOWPySauDHd8GhPoi/L1M5Vn9/lCvjWE9voCXUAoiuVT1axP7rusm9
m/x5El3RBZH3XpMwtruT
=UOdi
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-11-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa ansible

Otkriven je sigurnosni nedostatak u programskom paketu ansible za operacijski sustav Red Hat. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih...

Close