Updated ruby packages fix security vulnerabilities
Publication date: 20 Aug 2017Modification date: 20 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2015-9096 , CVE-2016-2337 , CVE-2016-2339
Description
It was discovered that Ruby Net::SMTP incorrectly handled CRLF
sequences. A remote attacker could possibly use this issue to inject
SMTP commands. (CVE-2015-9096)
Marcin Noga discovered that Ruby incorrectly handled certain arguments
in a TclTkIp class method. An attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-2337)
It was discovered that Ruby Fiddle::Function.new incorrectly handled
certain arguments. An attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-2339)
References
- https://bugs.mageia.org/show_bug.cgi?id=20625
- https://usn.ubuntu.com/usn/usn-3365-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2337
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2339
SRPMS
5/core
- ruby-2.0.0.p648-1.4.mga5
6/core
- ruby-2.2.7-1.mga6