You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ruby

Sigurnosni nedostaci programskog paketa ruby

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3945-1
April 11, 2019

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Ruby.

Software Description:
– ruby2.5: Interpreter of object-oriented scripting language Ruby
– ruby2.3: Object-oriented scripting language
– ruby1.9.1: Object-oriented scripting language
– ruby2.0: Object-oriented scripting language

Details:

It was discovered that Ruby incorrectly handled certain RubyGems.
An attacker could possibly use this issue to execute arbitrary
commands. (CVE-2019-8320)

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  libruby2.5                      2.5.1-5ubuntu4.3
  ruby2.5                         2.5.1-5ubuntu4.3

Ubuntu 18.04 LTS:
  libruby2.5                      2.5.1-1ubuntu1.2
  ruby2.5                         2.5.1-1ubuntu1.2

Ubuntu 16.04 LTS:
  libruby2.3                      2.3.1-2~16.04.12
  ruby2.3                         2.3.1-2~16.04.12

Ubuntu 14.04 LTS:
  libruby1.9.1                    1.9.3.484-2ubuntu1.14
  libruby2.0                      2.0.0.484-1ubuntu2.13
  ruby1.9.1                       1.9.3.484-2ubuntu1.14
  ruby1.9.3                       1.9.3.484-2ubuntu1.14
  ruby2.0                         2.0.0.484-1ubuntu2.13

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3945-1
  CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323,
  CVE-2019-8324, CVE-2019-8325

Package Information:
  https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-5ubuntu4.3
  https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.2
  https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~16.04.12
  https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.484-2ubuntu1.14
  https://launchpad.net/ubuntu/+source/ruby2.0/2.0.0.484-1ubuntu2.13—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJcr1GlAAoJEEW851uECx9pH60P/19qsD/az+g/AbqJtdlSdeSQ
z6DRJiCCpnqXuTg5Vx0y9Id4PZqa9Kivw6bHdszfWAfV3Sz3NlJQGixhweNe68va
Jf2EpbeaoIiO6fEbcvP2QRovlyEduGqakVHH9p9PkuVCyo8G1rK/OuBgAf0X/B8t
tJykmjkNz7zbWNBSssoMd4yWdYGWoF/Rm+/WgCDqCh4KxmAWyDKlJsO7wsxkG9B6
bqmcAAoiUIgZbNHRs0EuCHoc4MstEX/nKZr5tTIJj/1ajyobDe6EO+Vpa+1YJvGt
PzGCzs8j+EkmCl7Uv2BgyOARowwBphzzAbS2O5YO+bDZ1Ni/vWZmEWQm0lqwI/VS
BqaFybNlf8BTRYPY0EQq6DQvXi82lnJr+UpAiap93Otp+FFoWLlbrG/8H3406G3+
MOfzXsVPOoNfXFHG34aqsPCzRel9kWV2+j6giMqmvHYiOCZRQ83k5PuX8nf/4UT6
GM3KqPEAYxlJRmQZRnqlZAx0fRY/A9o/oMXKOAqtabCiri1AdAz97rBzBoO5jvRk
4ZNb/ITDsmELbsNYV1i8ZSHiW/zkwLul2+EOr2q3cu5fbY4RoBYamXnphd08PPiE
ho947qSTm8xTBFfPAT41hNes9s/7JXB39KGR+AvrFq98u2AdgIFUmoX34Q1UFfVP
+MulamLNctD7Tv/54LC+
=6oW9
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2019-04-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa rssh

Otkriveni su sigurnosni nedostaci u programskom paketu rssh za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnih naredbi...

Close