1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-201710-01

[GLSA-201710-01] RubyGems: Multiple vulnerabilities

Severity Normal
Affected Packages 1
Unaffected Packages 1
CVEs 4
Info Packages References Vulnerabilities

Multiple vulnerabilities were found in RubyGems, the worst of which allows execution of arbitrary code.

Background
RubyGems is a sophisticated package manager for Ruby.

Description
Multiple vulnerabilities have been discovered in RubyGems. Please review
the referenced CVE identifiers for details.

Impact
A remote attacker, by enticing a user to install a specially crafted
gem, could possibly execute arbitrary code with the privileges of the
process or cause a Denial of Service condition.

Workaround
There is no known workaround at this time.

Resolution
All RubyGems users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-ruby/rubygems-2.6.13"

Package Affected Version
pkg:ebuild/dev-ruby/rubygems?distro=gentoo < 2.6.13
Package Unaffected Version
pkg:ebuild/dev-ruby/rubygems?distro=gentoo >= 2.6.13
ID
GLSA-201710-01
Severity
normal
URL
https://security.gentoo.org/glsa/201710-01
Published
2017-10-08T00:00:00
(7 years ago)
Modified
2017-10-08T00:00:00
(7 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2017-0899 CVE-2017-0899 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0899
CVE CVE-2017-0900 CVE-2017-0900 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0900
CVE CVE-2017-0901 CVE-2017-0901 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0901
CVE CVE-2017-0902 CVE-2017-0902 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0902
Bugzilla 629230 Bugzilla #629230 https://bugs.gentoo.org/show_bug.cgi?id=629230
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/dev-ruby/rubygems?distro=gentoo dev-ruby rubygems < 2.6.13 gentoo
Unaffected pkg:ebuild/dev-ruby/rubygems?distro=gentoo dev-ruby rubygems >= 2.6.13 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date