[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 5066-1] ruby2.5 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5066-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 03, 2022                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ruby2.5
CVE ID         : CVE-2021-28965 CVE-2021-31799 CVE-2021-31810  
                 CVE-2021-41817 CVE-2021-41819 CVE-2021-32066

Several vulnerabilities have been discovered in the interpreter for the
Ruby language and the Rubygems included, which may result on result in
XML roundtrip attacks, the execution of arbitrary code, information
disclosure, StartTLS stripping in IMAP or denial of service.

For the oldstable distribution (buster), these problems have been fixed
in version 2.5.5-3+deb10u4.

We recommend that you upgrade your ruby2.5 packages.

For the detailed security status of ruby2.5 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby2.5

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmH8KnkACgkQEMKTtsN8
TjbjRQ//fxv67xTROanUJfCRvAX1xWjQufJCKgs+hto3kvSdm/ONMVQNXqk4PxeH
Rm3lYbjz9b4Phc2jLUcO56AHX8eAY+ukiSg5Vy/gNxzGo8jgciIqSs2UpJO8CYW3
EIqKGf2uM7CgTh8ufjqtC1udxoD2TYyw1EkFwFHYYVmIlKNXW8ZBU6AdBCvz6hn5
MyiBjtf8DHXTP43SjEmDA9tRC4cQiKXkrcDdcGqyuesUUgX3y/u5Le1y2KdMhsnW
jv9X75YFcHHIrgT3zHKv5hPeLk0EpkD/llEiWyQzXe3YgAd7u6pe37m7HR51YlNR
+36gV0g0zHoOA5ODsPqDEBwDQl97Y/6R7rGCYgZ13b0zBNURUWSRIhrvEpgJoVoC
lEnGcq9B67oldYVi8cpfQ07rBjbRLPNmiVFZytG/V1/kXrM6HTYLha5/hj8s4NXA
N3P4eBmZAANzQRoKDB94ItghbzdfZb2OlH+3LICJikVsAwWjA0vxgCO9MHrX6Amn
n8+9Hgly+n2RZuCKu1gaOeORrESNNUj9CzUEXTUpoOStSbEdGSkjW2gMkTf1QhlL
1X4J6tCm7Gl9dmwSinIFRlCcnLcJb6fTUSwvPMWAuy2rVSvfbGlWuq0xT5txMP8x
b8p3aXahA1elN1Y253UzBvcnaJS0EigTgJZz2loUoV4GyEWD624=
=GDTs
-----END PGP SIGNATURE-----


Reply to: