Advisories ยป MGASA-2017-0482

Updated ruby-RubyGems packages fix security vulnerabilities

Publication date: 31 Dec 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-0899 , CVE-2017-0900 , CVE-2017-0901 , CVE-2017-0902 , CVE-2017-0903


An ANSI escape sequence vulnerability (CVE-2017-0899).

A DoS vulnerability in the query command (CVE-2017-0900).

A vulnerability in the gem installer that allowed a malicious gem to
overwrite arbitrary files (CVE-2017-0901).

A DNS request hijacking vulnerability (CVE-2017-0902).

An unsafe object deserialization vulnerability that allows an attacker
to inject an instance of an object of their choosing in the target
system. A clever attacker can inject an object that is able to interact
with the system in such a way that will allow the attacker to execute
arbitrary code (CVE-2017-0903).