Mageia Advisory: MGASA-2019-0062 - Updated jruby packages fix security vulnerability

Updated jruby packages fix security vulnerability

Publication date: 13 Feb 2019
Modification date: 13 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1000073 , CVE-2018-1000074 , CVE-2018-1000075 , CVE-2018-1000076 , CVE-2018-1000077 , CVE-2018-1000078 , CVE-2018-1000079

Description

Several vulnerabilities were discovered in jruby. They would allow an
attacker to use specially crafted gem files to mount cross-site scripting
attacks, cause denial of service through an infinite loop, write arbitrary
files, or run malicious code (CVE-2018-1000073, CVE-2018-1000074,
CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078,
CVE-2018-1000079).

References

https://bugs.mageia.org/show_bug.cgi?id=23158
https://www.debian.org/security/2018/dsa-4219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079

SRPMS

6/core

jruby-1.7.22-5.1.mga6

Advisories » MGASA-2019-0062

Updated jruby packages fix security vulnerability

Description

References

SRPMS

6/core