[USN-5235-1] Ruby vulnerabilities
Severity
Medium
Affected Packages
21
CVEs
3
Several security issues were fixed in Ruby.
It was discovered that Ruby incorrectly handled certain HTML files.
An attacker could possibly use this issue to cause a crash. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10.
(CVE-2021-41816)
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a regular expression
denial of service. (CVE-2021-41817)
It was discovered that Ruby incorrectly handled certain cookie names.
An attacker could possibly use this issue to access or expose
sensitive information. (CVE-2021-41819)
- ID
- USN-5235-1
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-5235-1
- Published
-
2022-01-18T17:13:18
(2 years ago) - Modified
-
2022-01-18T17:13:18
(2 years ago) - Other Advisories
-
- ALAS2-2023-2345
- ALAS2-2024-2486
- ALPINE:CVE-2021-41816
- ALPINE:CVE-2021-41817
- ALPINE:CVE-2021-41819
- ALSA-2022:0543
- ALSA-2022:5779
- ALSA-2022:6447
- ALSA-2022:6450
- DSA-5066-1
- DSA-5067-1
- ELSA-2022-0543
- ELSA-2022-5779
- ELSA-2022-6447
- ELSA-2022-6450
- FEDORA-2022-82a9edac27
- FEDORA-2022-8cf0124add
- FREEBSD:2C6AF5C3-4D36-11EC-A539-0800270512F4
- FREEBSD:4548EC97-4D38-11EC-A539-0800270512F4
- FREEBSD:6916EA94-4628-11EC-BBE2-0800270512F4
- GLSA-202401-27
- MS:CVE-2021-41817
- MS:CVE-2021-41819
- RHSA-2022:0543
- RHSA-2022:5779
- RHSA-2022:6447
- RHSA-2022:6450
- RLSA-2022:0543
- RLSA-2022:5779
- RLSA-2022:6447
- RLSA-2022:6450
- RUBYSEC:CGI-2021-41816
- RUBYSEC:CGI-2021-41819
- RUBYSEC:DATE-2021-41817
- SUSE-SU-2022:1512-1
- SUSE-SU-2022:3292-1
- SUSE-SU-2023:4176-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/ruby2.7?distro=impish | ubuntu | ruby2.7 | < 2.7.4-1ubuntu3.1 | impish | ||
Affected | pkg:deb/ubuntu/ruby2.7?distro=hirsute | ubuntu | ruby2.7 | < 2.7.2-4ubuntu1.3 | hirsute | ||
Affected | pkg:deb/ubuntu/ruby2.7?distro=focal | ubuntu | ruby2.7 | < 2.7.0-5ubuntu1.6 | focal | ||
Affected | pkg:deb/ubuntu/ruby2.7-doc?distro=impish | ubuntu | ruby2.7-doc | < 2.7.4-1ubuntu3.1 | impish | ||
Affected | pkg:deb/ubuntu/ruby2.7-doc?distro=hirsute | ubuntu | ruby2.7-doc | < 2.7.2-4ubuntu1.3 | hirsute | ||
Affected | pkg:deb/ubuntu/ruby2.7-doc?distro=focal | ubuntu | ruby2.7-doc | < 2.7.0-5ubuntu1.6 | focal | ||
Affected | pkg:deb/ubuntu/ruby2.7-dev?distro=impish | ubuntu | ruby2.7-dev | < 2.7.4-1ubuntu3.1 | impish | ||
Affected | pkg:deb/ubuntu/ruby2.7-dev?distro=hirsute | ubuntu | ruby2.7-dev | < 2.7.2-4ubuntu1.3 | hirsute | ||
Affected | pkg:deb/ubuntu/ruby2.7-dev?distro=focal | ubuntu | ruby2.7-dev | < 2.7.0-5ubuntu1.6 | focal | ||
Affected | pkg:deb/ubuntu/ruby2.5?distro=bionic | ubuntu | ruby2.5 | < 2.5.1-1ubuntu1.11 | bionic | ||
Affected | pkg:deb/ubuntu/ruby2.5-doc?distro=bionic | ubuntu | ruby2.5-doc | < 2.5.1-1ubuntu1.11 | bionic | ||
Affected | pkg:deb/ubuntu/ruby2.5-dev?distro=bionic | ubuntu | ruby2.5-dev | < 2.5.1-1ubuntu1.11 | bionic | ||
Affected | pkg:deb/ubuntu/ruby2.3?distro=xenial | ubuntu | ruby2.3 | < 2.3.1-2~ubuntu16.04.16+esm2 | xenial | ||
Affected | pkg:deb/ubuntu/ruby2.3-tcltk?distro=xenial | ubuntu | ruby2.3-tcltk | < 2.3.1-2~ubuntu16.04.16+esm2 | xenial | ||
Affected | pkg:deb/ubuntu/ruby2.3-doc?distro=xenial | ubuntu | ruby2.3-doc | < 2.3.1-2~ubuntu16.04.16+esm2 | xenial | ||
Affected | pkg:deb/ubuntu/ruby2.3-dev?distro=xenial | ubuntu | ruby2.3-dev | < 2.3.1-2~ubuntu16.04.16+esm2 | xenial | ||
Affected | pkg:deb/ubuntu/libruby2.7?distro=impish | ubuntu | libruby2.7 | < 2.7.4-1ubuntu3.1 | impish | ||
Affected | pkg:deb/ubuntu/libruby2.7?distro=hirsute | ubuntu | libruby2.7 | < 2.7.2-4ubuntu1.3 | hirsute | ||
Affected | pkg:deb/ubuntu/libruby2.7?distro=focal | ubuntu | libruby2.7 | < 2.7.0-5ubuntu1.6 | focal | ||
Affected | pkg:deb/ubuntu/libruby2.5?distro=bionic | ubuntu | libruby2.5 | < 2.5.1-1ubuntu1.11 | bionic | ||
Affected | pkg:deb/ubuntu/libruby2.3?distro=xenial | ubuntu | libruby2.3 | < 2.3.1-2~ubuntu16.04.16+esm2 | xenial |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |