1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-5020-1

[USN-5020-1] Ruby vulnerabilities

Severity Medium
Affected Packages 21
CVEs 3
Info Packages Vulnerabilities

Several security issues were fixed in Ruby.

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-31799)

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to conduct
port scans and service banner extractions. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-31810)

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to perform
machine-in-the-middle attackers to bypass the TLS protection.
(CVE-2021-32066)

Package Affected Version
pkg:deb/ubuntu/ruby2.7?distro=hirsute < 2.7.2-4ubuntu1.2
pkg:deb/ubuntu/ruby2.7?distro=groovy < 2.7.1-3ubuntu1.4
pkg:deb/ubuntu/ruby2.7?distro=focal < 2.7.0-5ubuntu1.5
pkg:deb/ubuntu/ruby2.7-doc?distro=hirsute < 2.7.2-4ubuntu1.2
pkg:deb/ubuntu/ruby2.7-doc?distro=groovy < 2.7.1-3ubuntu1.4
pkg:deb/ubuntu/ruby2.7-doc?distro=focal < 2.7.0-5ubuntu1.5
pkg:deb/ubuntu/ruby2.7-dev?distro=hirsute < 2.7.2-4ubuntu1.2
pkg:deb/ubuntu/ruby2.7-dev?distro=groovy < 2.7.1-3ubuntu1.4
pkg:deb/ubuntu/ruby2.7-dev?distro=focal < 2.7.0-5ubuntu1.5
pkg:deb/ubuntu/ruby2.5?distro=bionic < 2.5.1-1ubuntu1.10
pkg:deb/ubuntu/ruby2.5-doc?distro=bionic < 2.5.1-1ubuntu1.10
pkg:deb/ubuntu/ruby2.5-dev?distro=bionic < 2.5.1-1ubuntu1.10
pkg:deb/ubuntu/ruby2.3?distro=xenial < 2.3.1-2~ubuntu16.04.16+esm1
pkg:deb/ubuntu/ruby2.3-tcltk?distro=xenial < 2.3.1-2~ubuntu16.04.16+esm1
pkg:deb/ubuntu/ruby2.3-doc?distro=xenial < 2.3.1-2~ubuntu16.04.16+esm1
pkg:deb/ubuntu/ruby2.3-dev?distro=xenial < 2.3.1-2~ubuntu16.04.16+esm1
pkg:deb/ubuntu/libruby2.7?distro=hirsute < 2.7.2-4ubuntu1.2
pkg:deb/ubuntu/libruby2.7?distro=groovy < 2.7.1-3ubuntu1.4
pkg:deb/ubuntu/libruby2.7?distro=focal < 2.7.0-5ubuntu1.5
pkg:deb/ubuntu/libruby2.5?distro=bionic < 2.5.1-1ubuntu1.10
pkg:deb/ubuntu/libruby2.3?distro=xenial < 2.3.1-2~ubuntu16.04.16+esm1
ID
USN-5020-1
Severity
medium
URL
https://ubuntu.com/security/notices/USN-5020-1
Published
2021-07-21T14:20:02
(3 years ago)
Modified
2021-07-21T14:20:02
(3 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/ruby2.7?distro=hirsute ubuntu ruby2.7 < 2.7.2-4ubuntu1.2 hirsute
Affected pkg:deb/ubuntu/ruby2.7?distro=groovy ubuntu ruby2.7 < 2.7.1-3ubuntu1.4 groovy
Affected pkg:deb/ubuntu/ruby2.7?distro=focal ubuntu ruby2.7 < 2.7.0-5ubuntu1.5 focal
Affected pkg:deb/ubuntu/ruby2.7-doc?distro=hirsute ubuntu ruby2.7-doc < 2.7.2-4ubuntu1.2 hirsute
Affected pkg:deb/ubuntu/ruby2.7-doc?distro=groovy ubuntu ruby2.7-doc < 2.7.1-3ubuntu1.4 groovy
Affected pkg:deb/ubuntu/ruby2.7-doc?distro=focal ubuntu ruby2.7-doc < 2.7.0-5ubuntu1.5 focal
Affected pkg:deb/ubuntu/ruby2.7-dev?distro=hirsute ubuntu ruby2.7-dev < 2.7.2-4ubuntu1.2 hirsute
Affected pkg:deb/ubuntu/ruby2.7-dev?distro=groovy ubuntu ruby2.7-dev < 2.7.1-3ubuntu1.4 groovy
Affected pkg:deb/ubuntu/ruby2.7-dev?distro=focal ubuntu ruby2.7-dev < 2.7.0-5ubuntu1.5 focal
Affected pkg:deb/ubuntu/ruby2.5?distro=bionic ubuntu ruby2.5 < 2.5.1-1ubuntu1.10 bionic
Affected pkg:deb/ubuntu/ruby2.5-doc?distro=bionic ubuntu ruby2.5-doc < 2.5.1-1ubuntu1.10 bionic
Affected pkg:deb/ubuntu/ruby2.5-dev?distro=bionic ubuntu ruby2.5-dev < 2.5.1-1ubuntu1.10 bionic
Affected pkg:deb/ubuntu/ruby2.3?distro=xenial ubuntu ruby2.3 < 2.3.1-2~ubuntu16.04.16+esm1 xenial
Affected pkg:deb/ubuntu/ruby2.3-tcltk?distro=xenial ubuntu ruby2.3-tcltk < 2.3.1-2~ubuntu16.04.16+esm1 xenial
Affected pkg:deb/ubuntu/ruby2.3-doc?distro=xenial ubuntu ruby2.3-doc < 2.3.1-2~ubuntu16.04.16+esm1 xenial
Affected pkg:deb/ubuntu/ruby2.3-dev?distro=xenial ubuntu ruby2.3-dev < 2.3.1-2~ubuntu16.04.16+esm1 xenial
Affected pkg:deb/ubuntu/libruby2.7?distro=hirsute ubuntu libruby2.7 < 2.7.2-4ubuntu1.2 hirsute
Affected pkg:deb/ubuntu/libruby2.7?distro=groovy ubuntu libruby2.7 < 2.7.1-3ubuntu1.4 groovy
Affected pkg:deb/ubuntu/libruby2.7?distro=focal ubuntu libruby2.7 < 2.7.0-5ubuntu1.5 focal
Affected pkg:deb/ubuntu/libruby2.5?distro=bionic ubuntu libruby2.5 < 2.5.1-1ubuntu1.10 bionic
Affected pkg:deb/ubuntu/libruby2.3?distro=xenial ubuntu libruby2.3 < 2.3.1-2~ubuntu16.04.16+esm1 xenial
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date