|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for jruby (DLA-2330-1)|
|Summary:||The remote host is missing an update for the 'jruby'; package(s) announced via the DLA-2330-1 advisory.|
The remote host is missing an update for the 'jruby'
package(s) announced via the DLA-2330-1 advisory.
Several vulnerabilities were fixed in JRuby,
a 100% pure-Java implementation of Ruby.
HTTP Response Splitting attacks in the HTTP server of WEBrick.
Regular Expression Denial of Service vulnerability of WEBrick's
Digest access authentication.
Delete directory using symlink when decompressing tar.
Escape sequence injection vulnerability in verbose.
Escape sequence injection vulnerability in gem owner.
Escape sequence injection vulnerability in API response handling.
Installing a malicious gem may lead to arbitrary code execution.
Escape sequence injection vulnerability in errors.
Code injection vulnerability of Shell# and Shell#test.
'jruby' package(s) on Debian Linux.
For Debian 9 stretch, these problems have been fixed in version
We recommend that you upgrade your jruby packages.
Common Vulnerability Exposure (CVE) ID: CVE-2019-8320|
RedHat Security Advisories: RHSA-2019:1429
SuSE Security Announcement: openSUSE-SU-2019:1771 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2019-8321
Common Vulnerability Exposure (CVE) ID: CVE-2019-8322
Common Vulnerability Exposure (CVE) ID: CVE-2019-8323
Common Vulnerability Exposure (CVE) ID: CVE-2019-8324
RedHat Security Advisories: RHSA-2019:1972
Common Vulnerability Exposure (CVE) ID: CVE-2019-8325
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.