[FEDORA-2017-e136d63c99] Fedora 25: ruby
Severity
Critical
Affected Packages
1
CVEs
5
- Fix ANSI escape sequence vulnerability (CVE-2017-0899). * Fix DoS vulnerability in the query command (CVE-2017-0900). * Fix a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files (CVE-2017-0901). * Fix DNS request hijacking vulnerability (CVE-2017-0902). * Fix arbitrary heap exposure during a JSON.generate call (CVE-2017-14064).
| Package | Affected Version |
|---|---|
 pkg:rpm/fedora/ruby?distro=fedora-25
|
< 2.3.4.64.fc25 |
- ID
- FEDORA-2017-e136d63c99
- Severity
- critical
- Severity from
- CVE-2017-0899
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2017-e136d63c99
- Published
-
2017-09-16T03:24:34
(7 years ago) - Modified
-
2017-09-16T03:24:34
(7 years ago) - Rights
- Copyright 2017 Red Hat, Inc.
- Other Advisories
-
-
ALAS-2017-906
-
ALAS-2017-915
-
ALPINE:CVE-2017-0899
-
ALPINE:CVE-2017-0900
-
ALPINE:CVE-2017-0901
-
ALPINE:CVE-2017-0902
-
ALPINE:CVE-2017-14064
-
DSA-3966-1
-
ELSA-2018-0378
-
FEDORA-2017-20214ad330
-
FEDORA-2017-81cf93b7c2
-
FREEBSD:95B01379-9D52-11E7-A25C-471BAFC3262F
-
GLSA-201710-01
-
GLSA-201710-18
-
RHSA-2018:0378
-
RUBYSEC:RUBYGEMS-UPDATE-2017-0899
-
RUBYSEC:RUBYGEMS-UPDATE-2017-0900
-
RUBYSEC:RUBYGEMS-UPDATE-2017-0901
-
RUBYSEC:RUBYGEMS-UPDATE-2017-0902
-
SSA:2017-261-03
-
SUSE-SU-2020:1570-1
-
USN-3439-1
-
USN-3528-1
-
USN-3553-1
-
USN-3685-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 1487552 | Bug #1487552 - CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call |
|
| Bugzilla | 1487588 | Bug #1487588 - CVE-2017-0900 rubygems: No size limit in summary length of gem spec |
|
| Bugzilla | 1487589 | Bug #1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability |
|
| Bugzilla | 1487587 | Bug #1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name |
|
| Bugzilla | 1487590 | Bug #1487590 - CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/fedora/ruby?distro=fedora-25 | fedora |
ruby
|
< 2.3.4.64.fc25 | fedora-25 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |