|
|
Subscribe / Log in / New account

Ubuntu alert USN-7256-2 (ruby2.7)



From:
              Nishit Majithia <nishit.majithia@canonical.com>


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7256-2] Ruby regression


Date:
              Thu, 13 Feb 2025 13:26:31 +0530


Message-ID:
              <assleqqdlr7b54hfts6fyirvvyk6i2ouzoabl3ckdraer3tnry@5fr4gc7hgs62>


==========================================================================
Ubuntu Security Notice USN-7256-2
February 13, 2025

ruby2.7 regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

USN-7256-1 caused some minor regressions in Ruby

Software Description:
- ruby2.7: Object-oriented scripting language

Details:

USN-7256-1 fixed vulnerabilities in Ruby. The update introduced a minor
regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that Ruby incorrectly handled parsing of an XML document
 that has specific XML characters in an attribute value using REXML gem. An
 attacker could use this issue to cause Ruby to crash, resulting in a
 denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  libruby2.7                      2.7.0-5ubuntu1.17
  ruby2.7                         2.7.0-5ubuntu1.17

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7256-2
  https://ubuntu.com/security/notices/USN-7256-1
  https://launchpad.net/bugs/2097527

Package Information:
  https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubunt...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQGzBAABCgAdFiEEs16801xnF7wK3rCK7Ic6ztRocjwFAmetpaoACgkQ7Ic6ztRo
cjy7wAv8Dk7xic83niiwnsf5mble8rVGOubGXaOS3/Cucjs8LCkA0j3WJINNjDLg
9QcYtX0jmkTrxDPSXR0sSQE6ED1M5ua0zzoTseymsj+jkShWdz1gZeDZSunSkoLN
uC5WGQ7ngxXxV2qOjA0u1/F8S8u4caKnLfe60mqbDGx10ttQDJ+acKDhJ4X4Lw7v
JYwtvBYyRyC2ozRPs99EtXMsqUOS+XCtNNvq03SjYWzQP1hKsxDJBpP0r1to1LxQ
zP5viaBfhhgcreinjkhiNWTWxscAxC1vQTQfC+fD6v7brCCUi3esptfRSZZIl6cA
ItJuISttEk0ec7UAuwbglt2BNSvkjITlG0/rLi+T52+ftoKdmcKsHt0qowjPU+FC
H7Z/lCiKfsPfXrkPp9M2AmL+lgqd+98q/eNx2omKyr0FQcxXoST9eitIAH3WiDEH
qqcHEiaLQ3Ih6NimLJ13pq6WOK5pcytpbUukiH1rAG2XGvb0WShyV1poG5wuOMBy
343x/6UR
=qQPA
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds