MGASA-2019-0408
- Source
- https://advisories.mageia.org/MGASA-2019-0408.html
- Import Source
- https://advisories.mageia.org/MGASA-2019-0408.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2019-0408
- Related
- Published
- 2019-12-25T19:08:41Z
- Modified
- 2019-12-25T18:51:53Z
- Summary
- Updated ruby packages fix security vulnerabilities
- Details
-
Updated ruby packages fix security vulnerabilities:
It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access (CVE-2019-15845).
It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to cause a denial of service (CVE-2019-16201).
It was discovered that Ruby incorrectly handled certain HTTP headers. An attacker could possibly use this issue to execute arbitrary code (CVE-2019-16254).
It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code (CVE-2019-16255).
- References
-
- https://advisories.mageia.org/MGASA-2019-0408.html
- https://bugs.mageia.org/show_bug.cgi?id=25564
- https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/
- https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
- https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/
- https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
- https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-5-7-released/
- https://usn.ubuntu.com/4201-1/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / ruby
Package
- Name
- ruby
- Purl
- pkg:rpm/mageia/ruby?distro=mageia-7