Advisories ยป MGASA-2019-0408

Updated ruby packages fix security vulnerabilities

Publication date: 25 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-15845 , CVE-2019-16201 , CVE-2019-16254 , CVE-2019-16255

Description

Updated ruby packages fix security vulnerabilities:

It was discovered that Ruby incorrectly handled certain files. An attacker
could possibly use this issue to pass path matching what can lead to an
unauthorized access (CVE-2019-15845).

It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could use this issue to cause a denial of service
(CVE-2019-16201).

It was discovered that Ruby incorrectly handled certain HTTP headers. An
attacker could possibly use this issue to execute arbitrary code
(CVE-2019-16254).

It was discovered that Ruby incorrectly handled certain inputs. An attacker
could possibly use this issue to execute arbitrary code (CVE-2019-16255).
                

References

SRPMS

7/core