| Beschreibung: | Summary:
The remote host is missing an update for the 'ruby' package(s) announced via the MGASA-2018-0411 advisory.
Vulnerability Insight:
Ruby before 2.2.10 allows an HTTP Response Splitting attack. An attacker
can inject a crafted key and value into an HTTP response for the HTTP
server of WEBrick (CVE-2017-17742).
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir
library in Ruby before 2.2.10 might allow attackers to create arbitrary
directories or files via a .. (dot dot) in the prefix argument
(CVE-2018-6914).
In Ruby before 2.2.10, an attacker can pass a large HTTP request with a
crafted header to WEBrick server or a crafted body to WEBrick
server/handler and cause a denial of service (memory consumption)
(CVE-2018-8777).
In Ruby before 2.2.10, an attacker controlling the unpacking format
(similar to format string vulnerabilities) can trigger a buffer under-read
in the String#unpack method, resulting in a massive and controlled
information disclosure (CVE-2018-8778).
In Ruby before 2.2.10, the UNIXServer.open and UNIXSocket.open methods are
not checked for null characters. It may be connected to an unintended
socket (CVE-2018-8779).
In Ruby before 2.2.10, the Dir.open, Dir.new, Dir.entries and Dir.empty?
methods do not check NULL characters. When using the corresponding method,
unintentional directory traversal may be performed (CVE-2018-8780).
Due to a bug in the equality check of OpenSSL::X509::Name, if a malicious
X.509 certificate is passed to compare with an existing certificate, there
is a possibility to be judged incorrectly that they are equal
(CVE-2018-16395).
In Array#pack and String#unpack with some formats, the tainted flags of
the original data are not propagated to the returned string/array
(CVE-2018-16396).
Affected Software/OS:
'ruby' package(s) on Mageia 6.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
