1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-201710-18

[GLSA-201710-18] Ruby: Multiple vulnerabilities

Severity Normal
Affected Packages 1
Unaffected Packages 1
CVEs 5
Info Packages References Vulnerabilities

Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code.

Background
Ruby is an interpreted object-oriented programming language. The
elaborate standard library includes an HTTP server (“WEBRick”) and a
class for XML parsing (“REXML”).

Description
Multiple vulnerabilities have been discovered in Ruby. Please review the
referenced CVE identifiers for details.

Impact
A remote attacker could execute arbitrary code, cause a Denial of
Service condition, or obtain sensitive information.

Workaround
There is no known workaround at this time.

Resolution
All Ruby users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.2.8"

Package Affected Version
pkg:ebuild/dev-lang/ruby?distro=gentoo < 2.2.8
Package Unaffected Version
pkg:ebuild/dev-lang/ruby?distro=gentoo >= 2.2.8
ID
GLSA-201710-18
Severity
normal
URL
https://security.gentoo.org/glsa/201710-18
Published
2017-10-18T00:00:00
(7 years ago)
Modified
2017-10-18T00:00:00
(7 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2016-2337 CVE-2016-2337 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2337
CVE CVE-2017-0898 CVE-2017-0898 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0898
CVE CVE-2017-10784 CVE-2017-10784 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10784
CVE CVE-2017-14033 CVE-2017-14033 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14033
CVE CVE-2017-14064 CVE-2017-14064 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14064
Bugzilla 605536 Bugzilla #605536 https://bugs.gentoo.org/show_bug.cgi?id=605536
Bugzilla 629484 Bugzilla #629484 https://bugs.gentoo.org/show_bug.cgi?id=629484
Bugzilla 631034 Bugzilla #631034 https://bugs.gentoo.org/show_bug.cgi?id=631034
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/dev-lang/ruby?distro=gentoo dev-lang ruby < 2.2.8 gentoo
Unaffected pkg:ebuild/dev-lang/ruby?distro=gentoo dev-lang ruby >= 2.2.8 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date