Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.892330
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for jruby (DLA-2330-1)
Summary:The remote host is missing an update for the 'jruby'; package(s) announced via the DLA-2330-1 advisory.
Description:Summary:
The remote host is missing an update for the 'jruby'
package(s) announced via the DLA-2330-1 advisory.

Vulnerability Insight:
Several vulnerabilities were fixed in JRuby,
a 100% pure-Java implementation of Ruby.

CVE-2017-17742
CVE-2019-16254

HTTP Response Splitting attacks in the HTTP server of WEBrick.

CVE-2019-16201

Regular Expression Denial of Service vulnerability of WEBrick's
Digest access authentication.

CVE-2019-8320

Delete directory using symlink when decompressing tar.

CVE-2019-8321

Escape sequence injection vulnerability in verbose.

CVE-2019-8322

Escape sequence injection vulnerability in gem owner.

CVE-2019-8323

Escape sequence injection vulnerability in API response handling.

CVE-2019-8324

Installing a malicious gem may lead to arbitrary code execution.

CVE-2019-8325

Escape sequence injection vulnerability in errors.

CVE-2019-16255

Code injection vulnerability of Shell#[] and Shell#test.

Affected Software/OS:
'jruby' package(s) on Debian Linux.

Solution:
For Debian 9 stretch, these problems have been fixed in version
1.7.26-1+deb9u2.

We recommend that you upgrade your jruby packages.

CVSS Score:
8.8

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-8320
https://hackerone.com/reports/317321
https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
RedHat Security Advisories: RHSA-2019:1429
https://access.redhat.com/errata/RHSA-2019:1429
SuSE Security Announcement: openSUSE-SU-2019:1771 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-8321
https://hackerone.com/reports/317330
Common Vulnerability Exposure (CVE) ID: CVE-2019-8322
https://hackerone.com/reports/315087
Common Vulnerability Exposure (CVE) ID: CVE-2019-8323
https://hackerone.com/reports/315081
Common Vulnerability Exposure (CVE) ID: CVE-2019-8324
https://hackerone.com/reports/328571
RedHat Security Advisories: RHSA-2019:1972
https://access.redhat.com/errata/RHSA-2019:1972
Common Vulnerability Exposure (CVE) ID: CVE-2019-8325
https://hackerone.com/reports/317353
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.