[USN-6853-1] Ruby vulnerability
Severity
Critical
Affected Packages
12
CVEs
1
Ruby could be made to crash or expose sensitive information login if it processed certain strings.
It was discovered that Ruby incorrectly handled the ungetbyte and ungetc
methods. A remote attacker could use this issue to cause Ruby to crash,
resulting in a denial of service, or possibly obtain sensitive information.
| Package | Affected Version |
|---|---|
 pkg:deb/ubuntu/ruby3.1?distro=mantic
|
< 3.1.2-7ubuntu3.3 |
|
pkg:deb/ubuntu/ruby3.1-doc?distro=mantic
|
< 3.1.2-7ubuntu3.3 |
|
pkg:deb/ubuntu/ruby3.1-dev?distro=mantic
|
< 3.1.2-7ubuntu3.3 |
|
pkg:deb/ubuntu/ruby3.0?distro=jammy
|
< 3.0.2-7ubuntu2.7 |
|
pkg:deb/ubuntu/ruby3.0-doc?distro=jammy
|
< 3.0.2-7ubuntu2.7 |
|
pkg:deb/ubuntu/ruby3.0-dev?distro=jammy
|
< 3.0.2-7ubuntu2.7 |
|
pkg:deb/ubuntu/ruby2.7?distro=focal
|
< 2.7.0-5ubuntu1.14 |
|
pkg:deb/ubuntu/ruby2.7-doc?distro=focal
|
< 2.7.0-5ubuntu1.14 |
|
pkg:deb/ubuntu/ruby2.7-dev?distro=focal
|
< 2.7.0-5ubuntu1.14 |
|
pkg:deb/ubuntu/libruby3.1?distro=mantic
|
< 3.1.2-7ubuntu3.3 |
|
pkg:deb/ubuntu/libruby3.0?distro=jammy
|
< 3.0.2-7ubuntu2.7 |
|
pkg:deb/ubuntu/libruby2.7?distro=focal
|
< 2.7.0-5ubuntu1.14 |
- ID
- USN-6853-1
- Severity
- critical
- Severity from
- CVE-2024-27280
- URL
- https://ubuntu.com/security/notices/USN-6853-1
- Published
-
2024-06-26T12:27:29
(2 months ago) - Modified
-
2024-06-26T12:27:29
(2 months ago) - Other Advisories
-
-
ALPINE:CVE-2024-27280
-
ALSA-2024:3500
-
ALSA-2024:3546
-
ALSA-2024:3668
-
ALSA-2024:3670
-
ALSA-2024:3671
-
ALSA-2024:3838
-
ALSA-2024:4499
-
DSA-5677-1
-
ELSA-2024-3500
-
ELSA-2024-3546
-
ELSA-2024-3668
-
ELSA-2024-3670
-
ELSA-2024-3671
-
ELSA-2024-3838
-
ELSA-2024-4499
-
FEDORA-2024-14db7b21a2
-
FEDORA-2024-31cac8b8ec
-
FEDORA-2024-48bdd3abbf
-
RHSA-2024:3500
-
RHSA-2024:3546
-
RHSA-2024:3668
-
RHSA-2024:3670
-
RHSA-2024:3671
-
RHSA-2024:3838
-
RHSA-2024:4499
-
RUBYSEC:STRINGIO-2024-27280
-
SSA:2024-114-01
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:deb/ubuntu/ruby3.1?distro=mantic | ubuntu |
ruby3.1
|
< 3.1.2-7ubuntu3.3 | mantic | ||
| Affected | pkg:deb/ubuntu/ruby3.1-doc?distro=mantic | ubuntu |
ruby3.1-doc
|
< 3.1.2-7ubuntu3.3 | mantic | ||
| Affected | pkg:deb/ubuntu/ruby3.1-dev?distro=mantic | ubuntu |
ruby3.1-dev
|
< 3.1.2-7ubuntu3.3 | mantic | ||
| Affected | pkg:deb/ubuntu/ruby3.0?distro=jammy | ubuntu |
ruby3.0
|
< 3.0.2-7ubuntu2.7 | jammy | ||
| Affected | pkg:deb/ubuntu/ruby3.0-doc?distro=jammy | ubuntu |
ruby3.0-doc
|
< 3.0.2-7ubuntu2.7 | jammy | ||
| Affected | pkg:deb/ubuntu/ruby3.0-dev?distro=jammy | ubuntu |
ruby3.0-dev
|
< 3.0.2-7ubuntu2.7 | jammy | ||
| Affected | pkg:deb/ubuntu/ruby2.7?distro=focal | ubuntu |
ruby2.7
|
< 2.7.0-5ubuntu1.14 | focal | ||
| Affected | pkg:deb/ubuntu/ruby2.7-doc?distro=focal | ubuntu |
ruby2.7-doc
|
< 2.7.0-5ubuntu1.14 | focal | ||
| Affected | pkg:deb/ubuntu/ruby2.7-dev?distro=focal | ubuntu |
ruby2.7-dev
|
< 2.7.0-5ubuntu1.14 | focal | ||
| Affected | pkg:deb/ubuntu/libruby3.1?distro=mantic | ubuntu |
libruby3.1
|
< 3.1.2-7ubuntu3.3 | mantic | ||
| Affected | pkg:deb/ubuntu/libruby3.0?distro=jammy | ubuntu |
libruby3.0
|
< 3.0.2-7ubuntu2.7 | jammy | ||
| Affected | pkg:deb/ubuntu/libruby2.7?distro=focal | ubuntu |
libruby2.7
|
< 2.7.0-5ubuntu1.14 | focal |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |