|
|
Log in / Subscribe / Register

Debian alert DLA-1114-1 (ruby1.9.1)



From:
    	      Antoine Beaupré <anarcat@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 1114-1] ruby1.9.1 security update 


Date:
    	      Tue, 26 Sep 2017 17:16:53 -0400


Message-ID:
    	      <20170926211653.6einsrut3xnligb6@curie.anarc.at>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ruby1.9.1
Version        : 1.9.3.194-8.1+deb7u6
CVE ID         : CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 
                 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064
Debian Bug     : 873802 873906 875928 875931 875936

Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor.

CVE-2017-0898

    Buffer underrun vulnerability in Kernel.sprintf

CVE-2017-0899

    ANSI escape sequence vulnerability

CVE-2017-0900

    DOS vulernerability in the query command

CVE-2017-0901

    gem installer allows a malicious gem to overwrite arbitrary files

CVE-2017-10784

    Escape sequence injection vulnerability in the Basic
    authentication of WEBrick

CVE-2017-14033

    Buffer underrun vulnerability in OpenSSL ASN1 decode

CVE-2017-14064

    Heap exposure vulnerability in generating JSON

For Debian 7 "Wheezy", these problems have been fixed in version
1.9.3.194-8.1+deb7u6.

We recommend that you upgrade your ruby1.9.1 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEjckBzmQUbASK1Q+7eSFSUnt1kh4FAlnKw6QACgkQeSFSUnt1
kh58ug/+KLoUc2eV81pwVpCSZbExrMh1s26XmF/EmobOO70gp6vpUN1rpDn/jV6W
4y7gzviUUtIJ7de2EV6U6YfohBbKZs/PHis+uGfblsYUvWsROETonJh5O27ggMn0
fQ9U0shBRrUogvWYB6/DasjAn7EyxQMvaINBgC6oMIl0n4AzfFW31TAbOTYBxddD
I5vy+hC6KfpAUjVxW+qMEfTcZLVAwFDKYnSJa9soCvJgL1xmTItDq4l2a16IoGR+
qB0KdtPCap7yKieTm5Lo8HJYx11z80Q2Xt35jCHjMd4dPqGXjg6sbdT3AsWfF4XR
FprHrno/ynIsR+BquSauDSOWx8Y/DCj43ZK09a6DH3C3yxFA4c2uCcVZUm6awY0s
nWPl6uAFH5zyiaEIEU2VjgGZickObr6FP5ekyyZL4PUd4aPyNJ2EELypDok+DJYd
jVvIsFxIINc86UJayrmVG6nchOaVP/WnKdo+O7DGSfwcpTKXhrdGi0C7jx1mI9Dk
IuhB7Q+/KinBcw4SRqveyLpg8j0gG/99xgn+Nt7UrYZU5kfRNP0b5QnzsjbYM0LH
Bhouq4ID1//guAGh6N7mzIa9qvwqaLiehiX4JHufl+axTSVQRO09wJBsH5+Q54X9
CN/VAVHFN/5bRxiI5Js46LI8N2YQYBLw2NIhbhGfwFJ27qVbNH4=
=E5Rs
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds