1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-5462-2

[USN-5462-2] Ruby vulnerability

Severity Low
Affected Packages 5
CVEs 1
Info Packages Vulnerabilities

Ruby could be made to crash or read sensitive information when processing certain input.

USN-5462-1 fixed several vulnerabilities in Ruby. This update provides
the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.

Package Affected Version
pkg:deb/ubuntu/ruby2.3?distro=xenial < 2.3.1-2~ubuntu16.04.16+esm3
pkg:deb/ubuntu/ruby2.3-tcltk?distro=xenial < 2.3.1-2~ubuntu16.04.16+esm3
pkg:deb/ubuntu/ruby2.3-doc?distro=xenial < 2.3.1-2~ubuntu16.04.16+esm3
pkg:deb/ubuntu/ruby2.3-dev?distro=xenial < 2.3.1-2~ubuntu16.04.16+esm3
pkg:deb/ubuntu/libruby2.3?distro=xenial < 2.3.1-2~ubuntu16.04.16+esm3
ID
USN-5462-2
Severity
low
URL
https://ubuntu.com/security/notices/USN-5462-2
Published
2022-06-06T22:21:58
(2 years ago)
Modified
2022-06-06T22:21:58
(2 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/ruby2.3?distro=xenial ubuntu ruby2.3 < 2.3.1-2~ubuntu16.04.16+esm3 xenial
Affected pkg:deb/ubuntu/ruby2.3-tcltk?distro=xenial ubuntu ruby2.3-tcltk < 2.3.1-2~ubuntu16.04.16+esm3 xenial
Affected pkg:deb/ubuntu/ruby2.3-doc?distro=xenial ubuntu ruby2.3-doc < 2.3.1-2~ubuntu16.04.16+esm3 xenial
Affected pkg:deb/ubuntu/ruby2.3-dev?distro=xenial ubuntu ruby2.3-dev < 2.3.1-2~ubuntu16.04.16+esm3 xenial
Affected pkg:deb/ubuntu/libruby2.3?distro=xenial ubuntu libruby2.3 < 2.3.1-2~ubuntu16.04.16+esm3 xenial
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date