Advisories ยป MGASA-2017-0290

Updated ruby packages fix security vulnerabilities

Publication date: 20 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2015-9096 , CVE-2016-2337 , CVE-2016-2339

Description

It was discovered that Ruby Net::SMTP incorrectly handled CRLF
sequences. A remote attacker could possibly use this issue to inject
SMTP commands. (CVE-2015-9096)

Marcin Noga discovered that Ruby incorrectly handled certain arguments
in a TclTkIp class method. An attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-2337)

It was discovered that Ruby Fiddle::Function.new incorrectly handled
certain arguments. An attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-2339)
                

References

SRPMS

6/core

5/core