Test ID:	1.3.6.1.4.1.25623.1.0.843684
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3528-1)
Summary:	The remote host is missing an update for the 'ruby1.9.1, ruby2.3' package(s) announced via the USN-3528-1 advisory.
Description:	Summary: The remote host is missing an update for the 'ruby1.9.1, ruby2.3' package(s) announced via the USN-3528-1 advisory. Vulnerability Insight: It was discovered that Ruby incorrectly handled certain terminal emulator escape sequences. An attacker could use this to execute arbitrary code via a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-10784) It was discovered that Ruby incorrectly handled certain strings. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-14033) It was discovered that Ruby incorrectly handled some generating JSON. An attacker could use this to possible expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-14064) It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-17790) Affected Software/OS: 'ruby1.9.1, ruby2.3' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 17.10. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-10784 BugTraq ID: 100853 http://www.securityfocus.com/bid/100853 Debian Security Information: DSA-4031 (Google Search) https://www.debian.org/security/2017/dsa-4031 https://security.gentoo.org/glsa/201710-18 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html RedHat Security Advisories: RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2017:3485 RedHat Security Advisories: RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0378 RedHat Security Advisories: RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0583 RedHat Security Advisories: RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2018:0585 http://www.securitytracker.com/id/1039363 http://www.securitytracker.com/id/1042004 https://usn.ubuntu.com/3528-1/ https://usn.ubuntu.com/3685-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-14033 BugTraq ID: 100868 http://www.securityfocus.com/bid/100868 Common Vulnerability Exposure (CVE) ID: CVE-2017-14064 BugTraq ID: 100890 http://www.securityfocus.com/bid/100890 Debian Security Information: DSA-3966 (Google Search) https://www.debian.org/security/2017/dsa-3966 https://bugs.ruby-lang.org/issues/13853 https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85 https://hackerone.com/reports/209949 Common Vulnerability Exposure (CVE) ID: CVE-2017-17790 Debian Security Information: DSA-4259 (Google Search) https://www.debian.org/security/2018/dsa-4259 https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html RedHat Security Advisories: RHSA-2018:0584 https://access.redhat.com/errata/RHSA-2018:0584
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.