[FEDORA-2017-e136d63c99] Fedora 25: ruby
Severity
Critical
Affected Packages
1
CVEs
5
- Fix ANSI escape sequence vulnerability (CVE-2017-0899). * Fix DoS vulnerability in the query command (CVE-2017-0900). * Fix a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files (CVE-2017-0901). * Fix DNS request hijacking vulnerability (CVE-2017-0902). * Fix arbitrary heap exposure during a JSON.generate call (CVE-2017-14064).
Package | Affected Version |
---|---|
pkg:rpm/fedora/ruby?distro=fedora-25 | < 2.3.4.64.fc25 |
- ID
- FEDORA-2017-e136d63c99
- Severity
- critical
- Severity from
- CVE-2017-0899
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2017-e136d63c99
- Published
-
2017-09-16T03:24:34
(7 years ago) - Modified
-
2017-09-16T03:24:34
(7 years ago) - Rights
- Copyright 2017 Red Hat, Inc.
- Other Advisories
-
- ALAS-2017-906
- ALAS-2017-915
- ALPINE:CVE-2017-0899
- ALPINE:CVE-2017-0900
- ALPINE:CVE-2017-0901
- ALPINE:CVE-2017-0902
- ALPINE:CVE-2017-14064
- DSA-3966-1
- ELSA-2018-0378
- FEDORA-2017-20214ad330
- FEDORA-2017-81cf93b7c2
- FREEBSD:95B01379-9D52-11E7-A25C-471BAFC3262F
- GLSA-201710-01
- GLSA-201710-18
- RHSA-2018:0378
- RUBYSEC:RUBYGEMS-UPDATE-2017-0899
- RUBYSEC:RUBYGEMS-UPDATE-2017-0900
- RUBYSEC:RUBYGEMS-UPDATE-2017-0901
- RUBYSEC:RUBYGEMS-UPDATE-2017-0902
- SSA:2017-261-03
- SUSE-SU-2020:1570-1
- USN-3439-1
- USN-3528-1
- USN-3553-1
- USN-3685-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1487552 | Bug #1487552 - CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call | https://bugzilla.redhat.com/show_bug.cgi?id=1487552 |
Bugzilla | 1487588 | Bug #1487588 - CVE-2017-0900 rubygems: No size limit in summary length of gem spec | https://bugzilla.redhat.com/show_bug.cgi?id=1487588 |
Bugzilla | 1487589 | Bug #1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability | https://bugzilla.redhat.com/show_bug.cgi?id=1487589 |
Bugzilla | 1487587 | Bug #1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name | https://bugzilla.redhat.com/show_bug.cgi?id=1487587 |
Bugzilla | 1487590 | Bug #1487590 - CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec | https://bugzilla.redhat.com/show_bug.cgi?id=1487590 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/ruby?distro=fedora-25 | fedora | ruby | < 2.3.4.64.fc25 | fedora-25 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |