Debian alert DLA-1112-1 (rubygems)
| From: | Antoine Beaupré <anarcat@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1112-1] rubygems security update | |
| Date: | Tue, 26 Sep 2017 22:19:34 -0400 | |
| Message-ID: | <20170927021934.bnfjvqoilpqhf2vf@curie.anarc.at> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : rubygems Version : 1.8.24-1+deb7u1 CVE ID : CVE-2017-0900 CVE-2017-0901 Debian Bug : 873802 Some vulnerabilities were found in the Rubygems package that affects the LTS distribution. CVE-2017-0900 DOS vulernerability in the query command CVE-2017-0901 gem installer allows a malicious gem to overwrite arbitrary files For Debian 7 "Wheezy", these problems have been fixed in version 1.8.24-1+deb7u1. We recommend that you upgrade your rubygems packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjckBzmQUbASK1Q+7eSFSUnt1kh4FAlnKw3sACgkQeSFSUnt1 kh4T3A/8DH24Vj9yZCFpIGjt8ylJ1jvqtDvLThW2jgmwNaLgVbL3TVOyN8JSVOdP PlbFmX2a9YycjXTMRbCvS7a3h9gjWC/rQ1muISEKE1gbQp3GndfP360UJkl4GVZe v55La/AoSWXvd57gCBE6UJmVhGIQtkPIIXLaIA+fNcaeS1CxyV7HDr1YrfUf3ncc +WDmqqU1SvBCzDmtRgJ/ahQqpNzHeAPvmk4j8d0gRXnHAxTrHggJKLuFHfev/NZG Fmc9kAhAoDZV02rLiN20XQMoRMBL3Spe/w6zOA4gMRMSyrmlL8X5gqqv2SMWvWvf amkjHICNkmT7u+WDiYrieNz1nMWOQkq1yTqt2786IwSxm0L7JoUbdKc+aHRPnVcf 2zSKgEcku6guZoSdVWhKKxKeWLDLpRL5BipH7bvbrgvOH8rxiXV/PIrEZhqQKf9t GP44bqqZTwVo2IcJbooO97HDBjwQYIz1lmMAWURzDG1DFUUK/6HL+EWzy6P4+Jt3 paAN3yLukKbroUwMYm7U/UdtaSF9YMT5S8iQWq0degMWuvlf1uc3l2I/eUmYy2dl LjlaicYRDwe34vwqEFQD+9KV3oMvZKiFXUZzQPLXQrpu8Tg6UenZSId7WY8oxViq 6Rbr2RcWr79eiPXSkRmbSDwOwdYqmA6elZUEgOlr8w/rFoIRMBs= =k2wH -----END PGP SIGNATURE-----