[GLSA-201710-01] RubyGems: Multiple vulnerabilities
Severity
Normal
Affected Packages
1
Unaffected Packages
1
CVEs
4
Multiple vulnerabilities were found in RubyGems, the worst of which allows execution of arbitrary code.
Background
RubyGems is a sophisticated package manager for Ruby.
Description
Multiple vulnerabilities have been discovered in RubyGems. Please review
the referenced CVE identifiers for details.
Impact
A remote attacker, by enticing a user to install a specially crafted
gem, could possibly execute arbitrary code with the privileges of the
process or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All RubyGems users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-ruby/rubygems-2.6.13"
Package | Affected Version |
---|---|
pkg:ebuild/dev-ruby/rubygems?distro=gentoo | < 2.6.13 |
Package | Unaffected Version |
---|---|
pkg:ebuild/dev-ruby/rubygems?distro=gentoo | >= 2.6.13 |
- ID
- GLSA-201710-01
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/201710-01
- Published
-
2017-10-08T00:00:00
(7 years ago) - Modified
-
2017-10-08T00:00:00
(7 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
-
- ALAS-2017-906
- ALAS-2017-915
- ALPINE:CVE-2017-0899
- ALPINE:CVE-2017-0900
- ALPINE:CVE-2017-0901
- ALPINE:CVE-2017-0902
- DSA-3966-1
- ELSA-2018-0378
- FEDORA-2017-20214ad330
- FEDORA-2017-81cf93b7c2
- FEDORA-2017-e136d63c99
- RHSA-2018:0378
- RUBYSEC:RUBYGEMS-UPDATE-2017-0899
- RUBYSEC:RUBYGEMS-UPDATE-2017-0900
- RUBYSEC:RUBYGEMS-UPDATE-2017-0901
- RUBYSEC:RUBYGEMS-UPDATE-2017-0902
- SSA:2017-261-03
- SUSE-SU-2020:1570-1
- USN-3439-1
- USN-3553-1
- USN-3685-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2017-0899 | CVE-2017-0899 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0899 |
CVE | CVE-2017-0900 | CVE-2017-0900 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0900 |
CVE | CVE-2017-0901 | CVE-2017-0901 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0901 |
CVE | CVE-2017-0902 | CVE-2017-0902 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0902 |
Bugzilla | 629230 | Bugzilla #629230 | https://bugs.gentoo.org/show_bug.cgi?id=629230 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |