Updated ruby packages fix security vulnerabilities
Publication date: 20 Aug 2017Modification date: 20 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2015-9096 , CVE-2016-2337 , CVE-2016-2339
Description
It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A remote attacker could possibly use this issue to inject SMTP commands. (CVE-2015-9096) Marcin Noga discovered that Ruby incorrectly handled certain arguments in a TclTkIp class method. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2337) It was discovered that Ruby Fiddle::Function.new incorrectly handled certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339)
References
SRPMS
6/core
- ruby-2.2.7-1.mga6
5/core
- ruby-2.0.0.p648-1.4.mga5