Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2018-088-01
HistoryMar 29, 2018 - 10:43 p.m.

[slackware-security] ruby

2018-03-2922:43:54
Slackware Linux Project
www.slackware.com
54

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.008

Percentile

81.3%

JSON

New ruby packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/ruby-2.2.10-i586-1_slack14.2.txz: Upgraded.
This release includes some bug fixes and some security fixes:
HTTP response splitting in WEBrick.
Unintentional file and directory creation with directory traversal in
tempfile and tmpdir.
DoS by large request in WEBrick.
Buffer under-read in String#unpack.
Unintentional socket creation by poisoned NUL byte in UNIXServer
and UNIXSocket.
Unintentional directory traversal by poisoned NUL byte in Dir.
Multiple vulnerabilities in RubyGems.
For more information, see:
https://vulners.com/cve/CVE-2017-17742
https://vulners.com/cve/CVE-2018-6914
https://vulners.com/cve/CVE-2018-8777
https://vulners.com/cve/CVE-2018-8778
https://vulners.com/cve/CVE-2018-8779
https://vulners.com/cve/CVE-2018-8780
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ruby-2.2.10-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ruby-2.2.10-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/ruby-2.5.1-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/ruby-2.5.1-x86_64-1.txz

MD5 signatures:

Slackware 14.2 package:
6d9fe0b738bd69415ef3baa099ff080c ruby-2.2.10-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
7c78396305daa605f770ea4d41dc3ae8 ruby-2.2.10-x86_64-1_slack14.2.txz

Slackware -current package:
344aff109ec8333eb9b8528e4586c93e d/ruby-2.5.1-i586-1.txz

Slackware x86_64 -current package:
7769371ca9beb48b5a8188c91cabf32f d/ruby-2.5.1-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg ruby-2.2.10-i586-1_slack14.2.txz

Related

fedora 3
debian 6
openvas 26
nessus 50
freebsd 1
osv 13
f5 1
ubuntu 3
mageia 1
redhat 10
centos 1
amazon 3
oraclelinux 1
redhatcve 7
prion 7
hackerone 6
cvelist 7
rubygems 7
suse 1
veracode 6
ubuntucve 7
debiancve 7
cve 7
alpinelinux 7
nvd 7
apple 2
archlinux 2
fedora
fedora
[SECURITY] Fedora 27 Update: ruby-2.4.4-89.fc27
2018-06-06 12:59:35
[SECURITY] Fedora 28 Update: ruby-2.5.1-92.fc28
2018-04-15 02:45:12
[SECURITY] Fedora 26 Update: ruby-2.4.4-88.fc26
2018-05-29 11:09:55
debian
debian
[SECURITY] [DLA 1359-1] ruby1.8 security update
2018-04-23 09:51:58
[SECURITY] [DLA 1358-1] ruby1.9.1 security update
2018-04-23 09:51:06
[SECURITY] [DSA 4259-1] ruby2.3 security update
2018-07-31 21:40:30
openvas
openvas
Debian: Security Advisory (DLA-1359-1)
2018-04-24 00:00:00
Fedora Update for ruby FEDORA-2018-7be77249d4
2018-05-30 00:00:00
Slackware: Security Advisory (SSA:2018-088-01)
2022-04-21 00:00:00
nessus
nessus
Slackware 14.2 / current : ruby (SSA:2018-088-01)
2018-03-30 00:00:00
FreeBSD : ruby -- multiple vulnerabilities (eb69bcf2-18ef-4aa2-bb0c-83b263364089)
2018-03-30 00:00:00
Fedora 28 : ruby (2018-dd8162c004)
2019-01-03 00:00:00
freebsd
freebsd
ruby -- multiple vulnerabilities
2018-03-28 00:00:00
osv
osv
ruby1.8 - security update
2018-04-23 00:00:00
ruby1.9.1 - security update
2018-04-23 00:00:00
ruby2.3 - security update
2018-07-31 00:00:00
f5
f5
K80173446 : Multiple Ruby vulnerabilities
2018-05-08 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2018-04-16 00:00:00
Ruby vulnerabilities
2018-06-13 00:00:00
Ruby regression
2021-03-25 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerability
2018-10-26 21:47:14
redhat
redhat
(RHSA-2020:2288) Moderate: ruby security update
2020-05-26 08:52:58
(RHSA-2020:2212) Moderate: ruby security update
2020-05-19 13:16:01
(RHSA-2020:1963) Moderate: ruby security update
2020-04-29 09:03:52
centos
centos
ruby, rubygem, rubygems security update
2019-08-30 04:17:17
amazon
amazon
Medium: ruby20, ruby22, ruby23, ruby24
2018-04-04 23:18:00
Medium: ruby
2019-08-23 03:41:00
Important: ruby
2024-02-29 10:03:00
oraclelinux
oraclelinux
ruby security update
2019-08-13 00:00:00
redhatcve
redhatcve
CVE-2018-8780
2020-01-03 15:50:00
CVE-2017-17742
2018-03-29 09:19:31
CVE-2018-6914
2019-12-22 15:43:51
prion
prion
Directory traversal
2018-04-03 22:29:00
Directory traversal
2018-04-03 22:29:00
Design/Logic Flaw
2018-04-03 22:29:00
hackerone
hackerone
Ruby: The possibility that unintended file operation may be performed because some methods of `Dir` do not check NULL characters.
2018-01-04 10:03:14
Ruby: Unintentional file creation caused at Tempfile with directory traversal
2018-01-04 05:45:49
Ruby: Response splitting vulnerability in WEBrick
2016-07-25 20:33:08
cvelist
cvelist
CVE-2018-8780
2018-04-03 22:00:00
CVE-2017-17742
2018-04-03 00:00:00
CVE-2018-6914
2018-04-03 22:00:00
rubygems
rubygems
Unintentional directory traversal by poisoned NUL byte in Dir
2018-03-27 21:00:00
Unintentional file and directory creation with directory traversal in tempfile and tmpdir
2018-03-27 21:00:00
HTTP response splitting in WEBrick
2018-03-27 21:00:00
suse
suse
Security update for ruby-bundled-gems-rpmhelper, ruby2.5 (important)
2019-07-21 00:00:00
veracode
veracode
Directory Traversal
2019-05-16 03:22:57
HTTP Response Splitting
2019-01-15 09:27:07
Directory Traversal
2018-04-04 00:43:42
ubuntucve
ubuntucve
CVE-2018-8780
2018-04-03 00:00:00
CVE-2017-17742
2018-04-03 00:00:00
CVE-2018-6914
2018-04-03 00:00:00
debiancve
debiancve
CVE-2018-8780
2018-04-03 22:29:00
CVE-2018-6914
2018-04-03 22:29:00
CVE-2017-17742
2018-04-03 22:29:00
cve
cve
CVE-2018-8780
2018-04-03 22:29:00
CVE-2018-6914
2018-04-03 22:29:00
CVE-2017-17742
2018-04-03 22:29:00
alpinelinux
alpinelinux
CVE-2018-8780
2018-04-03 22:29:00
CVE-2018-6914
2018-04-03 22:29:00
CVE-2017-17742
2018-04-03 22:29:00
nvd
nvd
CVE-2018-6914
2018-04-03 22:29:00
CVE-2017-17742
2018-04-03 22:29:00
CVE-2018-8780
2018-04-03 22:29:00
apple
apple
About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan - Apple Support
2020-07-28 05:29:11
About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
2018-07-09 00:00:00
archlinux
archlinux
[ASA-201910-2] ruby: multiple issues
2019-10-02 00:00:00
[ASA-201910-5] ruby2.5: multiple issues
2019-10-02 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.008

Percentile

81.3%

JSON
Related for SSA-2018-088-01
fedora3debian6openvas26nessus50freebsd1osv13f51ubuntu3mageia1redhat10centos1amazon3oraclelinux1redhatcve7prion7hackerone6cvelist7rubygems7suse1veracode6ubuntucve7debiancve7cve7alpinelinux7nvd7apple2archlinux2