1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-3365-1

[USN-3365-1] Ruby vulnerabilities

Severity Medium
Affected Packages 18
CVEs 7
Info Packages Vulnerabilities

Several security issues were fixed in Ruby.

It was discovered that Ruby DL::dlopen incorrectly handled opening
libraries. An attacker could possibly use this issue to open libraries with
tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147)

Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby
OpenSSL extension incorrectly handled hostname wildcard matching. This
issue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855)

Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly
handled certain crafted strings. An attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code. This issue only
applied to Ubuntu 14.04 LTS. (CVE-2015-7551)

It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A
remote attacker could possibly use this issue to inject SMTP commands.
(CVE-2015-9096)

Marcin Noga discovered that Ruby incorrectly handled certain arguments in
a TclTkIp class method. An attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-2337)

It was discovered that Ruby Fiddle::Function.new incorrectly handled
certain arguments. An attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339)

It was discovered that Ruby incorrectly handled the initialization vector
(IV) in GCM mode. An attacker could possibly use this issue to bypass
encryption. (CVE-2016-7798)

Package Affected Version
pkg:deb/ubuntu/ruby2.3?distro=xenial < 2.3.1-2~16.04.2
pkg:deb/ubuntu/ruby2.3-tcltk?distro=xenial < 2.3.1-2~16.04.2
pkg:deb/ubuntu/ruby2.3-doc?distro=xenial < 2.3.1-2~16.04.2
pkg:deb/ubuntu/ruby2.3-dev?distro=xenial < 2.3.1-2~16.04.2
pkg:deb/ubuntu/ruby2.0?distro=trusty < 2.0.0.484-1ubuntu2.4
pkg:deb/ubuntu/ruby2.0-tcltk?distro=trusty < 2.0.0.484-1ubuntu2.4
pkg:deb/ubuntu/ruby2.0-doc?distro=trusty < 2.0.0.484-1ubuntu2.4
pkg:deb/ubuntu/ruby2.0-dev?distro=trusty < 2.0.0.484-1ubuntu2.4
pkg:deb/ubuntu/ruby1.9.3?distro=trusty < 1.9.3.484-2ubuntu1.3
pkg:deb/ubuntu/ruby1.9.1?distro=trusty < 1.9.3.484-2ubuntu1.3
pkg:deb/ubuntu/ruby1.9.1-full?distro=trusty < 1.9.3.484-2ubuntu1.3
pkg:deb/ubuntu/ruby1.9.1-examples?distro=trusty < 1.9.3.484-2ubuntu1.3
pkg:deb/ubuntu/ruby1.9.1-dev?distro=trusty < 1.9.3.484-2ubuntu1.3
pkg:deb/ubuntu/ri1.9.1?distro=trusty < 1.9.3.484-2ubuntu1.3
pkg:deb/ubuntu/libtcltk-ruby1.9.1?distro=trusty < 1.9.3.484-2ubuntu1.3
pkg:deb/ubuntu/libruby2.3?distro=xenial < 2.3.1-2~16.04.2
pkg:deb/ubuntu/libruby2.0?distro=trusty < 2.0.0.484-1ubuntu2.4
pkg:deb/ubuntu/libruby1.9.1?distro=trusty < 1.9.3.484-2ubuntu1.3
ID
USN-3365-1
Severity
medium
URL
https://ubuntu.com/security/notices/USN-3365-1
Published
2017-07-25T17:52:34
(7 years ago)
Modified
2017-07-25T17:52:34
(7 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/ruby2.3?distro=xenial ubuntu ruby2.3 < 2.3.1-2~16.04.2 xenial
Affected pkg:deb/ubuntu/ruby2.3-tcltk?distro=xenial ubuntu ruby2.3-tcltk < 2.3.1-2~16.04.2 xenial
Affected pkg:deb/ubuntu/ruby2.3-doc?distro=xenial ubuntu ruby2.3-doc < 2.3.1-2~16.04.2 xenial
Affected pkg:deb/ubuntu/ruby2.3-dev?distro=xenial ubuntu ruby2.3-dev < 2.3.1-2~16.04.2 xenial
Affected pkg:deb/ubuntu/ruby2.0?distro=trusty ubuntu ruby2.0 < 2.0.0.484-1ubuntu2.4 trusty
Affected pkg:deb/ubuntu/ruby2.0-tcltk?distro=trusty ubuntu ruby2.0-tcltk < 2.0.0.484-1ubuntu2.4 trusty
Affected pkg:deb/ubuntu/ruby2.0-doc?distro=trusty ubuntu ruby2.0-doc < 2.0.0.484-1ubuntu2.4 trusty
Affected pkg:deb/ubuntu/ruby2.0-dev?distro=trusty ubuntu ruby2.0-dev < 2.0.0.484-1ubuntu2.4 trusty
Affected pkg:deb/ubuntu/ruby1.9.3?distro=trusty ubuntu ruby1.9.3 < 1.9.3.484-2ubuntu1.3 trusty
Affected pkg:deb/ubuntu/ruby1.9.1?distro=trusty ubuntu ruby1.9.1 < 1.9.3.484-2ubuntu1.3 trusty
Affected pkg:deb/ubuntu/ruby1.9.1-full?distro=trusty ubuntu ruby1.9.1-full < 1.9.3.484-2ubuntu1.3 trusty
Affected pkg:deb/ubuntu/ruby1.9.1-examples?distro=trusty ubuntu ruby1.9.1-examples < 1.9.3.484-2ubuntu1.3 trusty
Affected pkg:deb/ubuntu/ruby1.9.1-dev?distro=trusty ubuntu ruby1.9.1-dev < 1.9.3.484-2ubuntu1.3 trusty
Affected pkg:deb/ubuntu/ri1.9.1?distro=trusty ubuntu ri1.9.1 < 1.9.3.484-2ubuntu1.3 trusty
Affected pkg:deb/ubuntu/libtcltk-ruby1.9.1?distro=trusty ubuntu libtcltk-ruby1.9.1 < 1.9.3.484-2ubuntu1.3 trusty
Affected pkg:deb/ubuntu/libruby2.3?distro=xenial ubuntu libruby2.3 < 2.3.1-2~16.04.2 xenial
Affected pkg:deb/ubuntu/libruby2.0?distro=trusty ubuntu libruby2.0 < 2.0.0.484-1ubuntu2.4 trusty
Affected pkg:deb/ubuntu/libruby1.9.1?distro=trusty ubuntu libruby1.9.1 < 1.9.3.484-2ubuntu1.3 trusty
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date