1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5066-1] ruby2.5 security update

    From Moritz Muehlenhoff@21:1/5 to All on Thu Feb 3 20:30:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5066-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 03, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : ruby2.5
    CVE ID : CVE-2021-28965 CVE-2021-31799 CVE-2021-31810
    CVE-2021-41817 CVE-2021-41819 CVE-2021-32066

    Several vulnerabilities have been discovered in the interpreter for the
    Ruby language and the Rubygems included, which may result on result in
    XML roundtrip attacks, the execution of arbitrary code, information
    disclosure, StartTLS stripping in IMAP or denial of service.

    For the oldstable distribution (buster), these problems have been fixed
    in version 2.5.5-3+deb10u4.

    We recommend that you upgrade your ruby2.5 packages.

    For the detailed security status of ruby2.5 please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/ruby2.5

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmH8KnkACgkQEMKTtsN8 TjbjRQ//fxv67xTROanUJfCRvAX1xWjQufJCKgs+hto3kvSdm/ONMVQNXqk4PxeH Rm3lYbjz9b4Phc2jLUcO56AHX8eAY+ukiSg5Vy/gNxzGo8jgciIqSs2UpJO8CYW3 EIqKGf2uM7CgTh8ufjqtC1udxoD2TYyw1EkFwFHYYVmIlKNXW8ZBU6AdBCvz6hn5 MyiBjtf8DHXTP43SjEmDA9tRC4cQiKXkrcDdcGqyuesUUgX3y/u5Le1y2KdMhsnW jv9X75YFcHHIrgT3zHKv5hPeLk0EpkD/llEiWyQzXe3YgAd7u6pe37m7HR51YlNR +36gV0g0zHoOA5ODsPqDEBwDQl97Y/6R7rGCYgZ13b0zBNURUWSRIhrvEpgJoVoC lEnGcq9B67oldYVi8cpfQ07rBjbRLPNmiVFZytG/V1/kXrM6HTYLha5/hj8s4NXA N3P4eBmZAANzQRoKDB94ItghbzdfZb2OlH+3LICJikVsAwWjA0vxgCO9MHrX6Amn n8+9Hgly+n2RZuCKu1gaOeORrESNNUj9CzUEXTUpoOStSbEdGSkjW2gMkTf1QhlL 1X4J6tCm7Gl9dmwSinIFRlCcnLcJb6fTUSwvPMWAuy2rVSvfbGlWuq0xT5txMP8x b8p3aXahA1elN1Y253UzBvcnaJS0EigTgJZz2loUoV4GyEWD624=
    =GDTs
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)