Updated jruby packages fix security vulnerability
Publication date: 13 Feb 2019Modification date: 13 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1000073 , CVE-2018-1000074 , CVE-2018-1000075 , CVE-2018-1000076 , CVE-2018-1000077 , CVE-2018-1000078 , CVE-2018-1000079
Description
Several vulnerabilities were discovered in jruby. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code (CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079).
References
- https://bugs.mageia.org/show_bug.cgi?id=23158
- https://www.debian.org/security/2018/dsa-4219
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079
SRPMS
6/core
- jruby-1.7.22-5.1.mga6