Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0440)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.10.2020.0440
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2020-0440)
Summary:	The remote host is missing an update for the 'jruby' package(s) announced via the MGASA-2020-0440 advisory.
Description:	Summary: The remote host is missing an update for the 'jruby' package(s) announced via the MGASA-2020-0440 advisory. Vulnerability Insight: Response Splitting attack in the HTTP server of WEBrick (CVE-2017-17742). Delete directory using symlink when decompressing tar (CVE-2019-8320). Escape sequence injection vulnerability in verbose (CVE-2019-8321). Escape sequence injection vulnerability in gem owner (CVE-2019-8322). Escape sequence injection vulnerability in API response handling (CVE-2019-8323). Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324). Escape sequence injection vulnerability in errors (CVE-2019-8325). Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication (CVE-2019-16201). HTTP Response Splitting attack in the HTTP server of WEBrick (CVE-2019-16254). Code injection vulnerability (CVE-2019-16255). A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick (bundled along with jruby) was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to 'smuggle' a request (CVE-2020-25613). Affected Software/OS: 'jruby' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 8.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-17742 BugTraq ID: 103684 http://www.securityfocus.com/bid/103684 Debian Security Information: DSA-4259 (Google Search) https://www.debian.org/security/2018/dsa-4259 https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html RedHat Security Advisories: RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3729 RedHat Security Advisories: RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3730 RedHat Security Advisories: RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2018:3731 RedHat Security Advisories: RHSA-2019:2028 https://access.redhat.com/errata/RHSA-2019:2028 http://www.securitytracker.com/id/1042004 SuSE Security Announcement: openSUSE-SU-2019:1771 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html https://usn.ubuntu.com/3685-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-16201 Bugtraq: 20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update (Google Search) https://seclists.org/bugtraq/2019/Dec/32 Bugtraq: 20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update (Google Search) https://seclists.org/bugtraq/2019/Dec/31 Debian Security Information: DSA-4587 (Google Search) https://www.debian.org/security/2019/dsa-4587 https://security.gentoo.org/glsa/202003-06 https://hackerone.com/reports/661722 https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html https://www.oracle.com/security-alerts/cpujan2020.html SuSE Security Announcement: openSUSE-SU-2020:0395 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html Common Vulnerability Exposure (CVE) ID: CVE-2019-16254 Debian Security Information: DSA-4586 (Google Search) https://www.debian.org/security/2019/dsa-4586 https://hackerone.com/reports/331984 Common Vulnerability Exposure (CVE) ID: CVE-2019-16255 https://hackerone.com/reports/327512 Common Vulnerability Exposure (CVE) ID: CVE-2019-8320 https://hackerone.com/reports/317321 RedHat Security Advisories: RHSA-2019:1429 https://access.redhat.com/errata/RHSA-2019:1429 Common Vulnerability Exposure (CVE) ID: CVE-2019-8321 https://hackerone.com/reports/317330 Common Vulnerability Exposure (CVE) ID: CVE-2019-8322 https://hackerone.com/reports/315087 Common Vulnerability Exposure (CVE) ID: CVE-2019-8323 https://hackerone.com/reports/315081 Common Vulnerability Exposure (CVE) ID: CVE-2019-8324 https://hackerone.com/reports/328571 RedHat Security Advisories: RHSA-2019:1972 https://access.redhat.com/errata/RHSA-2019:1972 Common Vulnerability Exposure (CVE) ID: CVE-2019-8325 https://hackerone.com/reports/317353 Common Vulnerability Exposure (CVE) ID: CVE-2020-25613 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV/ https://security.gentoo.org/glsa/202401-27 https://hackerone.com/reports/965267
Copyright	Copyright (C) 2022 Greenbone AG