Debian alert DLA-2027-1 (jruby)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 2027-1] jruby security update | |
| Date: | Tue, 10 Dec 2019 13:43:11 +0100 | |
| Message-ID: | <50af7a96-5eed-280b-11a9-b164b7c51c91@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : jruby Version : 1.5.6-9+deb8u2 CVE ID : CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 Several security vulnerabilities were found in Ruby that also affected Debian's JRuby package, a pure-Java implementation of Ruby. Attackers were able to call arbitrary Ruby methods, cause a denial-of-service or inject input into HTTP response headers when using the WEBrick module. For Debian 8 "Jessie", these problems have been fixed in version 1.5.6-9+deb8u2. We recommend that you upgrade your jruby packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl3vkt9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQbOQ/9H3yEY3oZVYnQKZmwwB83vm5V0cLuyRBcNU8pQUz/t2TZkzaeg0UDkpE7 5C7hzjft/9W6HxKa45ZSGm3UE+tt1S5eOOxKyCT02+v7ac5KcdEji/u5HWefiWPZ 78utNgdSyZwzqgoMQG+9USSc/4RdYdSm7UR1g8xwH2qzyXhhsVezOyUlq5zr94eB IF0rsnXKijUv19uhHdhb24aR85V4Yo790tI+CTrq8pcIpHR3ktSylYimLWJeFN1k ExXjJs/RAiTR7cfHxjqlA1G4lPEsbcgtVtEZo0zvRLzGu5VPbi6WPRJEusMGej4W rOvg8/0nfBjGq2cKs7YrEKGNs+9Sr7gqKX2Pm1bL6vImBEkX9wWy/BRKwxrs4rGF w2gvltjLgAM8trVaVqgpT2TU/+cqoNxczeWbaX2KD501Gw80YbmE0ZYGeNMh+Viv mPXzTqL4xviD0EtB0J1Kh82fU7jRmiC11V4Dcbvr76W50pXltrf4wOWg97M0W7dq /yM1ZmtrgHtnLnAmui1tsEJcT6NepicwdPI7ZbQ8zF2Lp5QCbpGYp2EX0jn1+Rbk xzo63kchJHrxNy1th9yt+iJbDTIz58GRVm3ggCVXWI7KQWnhZ0mIZaQibC68LoKD vWXBKxgCwjo+tp92l/mA+TGx2SLAwGjG5eIuvUkomrsbed2SFVc= =PG2z -----END PGP SIGNATURE-----