FS#58065 - [ruby] 2.5.0 has multiple security issues, fixes in new Ruby version (2.5.1)
Attached to Project:
Arch Linux
Opened by killerwolf (killerwolf) - Sunday, 01 April 2018, 13:23 GMT
Last edited by Doug Newgard (Scimmia) - Monday, 02 April 2018, 00:37 GMT
Opened by killerwolf (killerwolf) - Sunday, 01 April 2018, 13:23 GMT
Last edited by Doug Newgard (Scimmia) - Monday, 02 April 2018, 00:37 GMT
|
Details
Description:
On the 28.3.2018 ruby 2.5.1 was released [1]. This version fixes some security issues: * CVE-2017-17742: HTTP response splitting in WEBrick * CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir * CVE-2018-8777: DoS by large request in WEBrick * CVE-2018-8778: Buffer under-read in String#unpack * CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket * CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir [1] https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/ Note that the version containing the fixes is already in testing. Steps to reproduce: $ pacman -Syu ruby $ ruby --version ruby 2.5.0p0 (2017-12-25 revision 61468) [x86_64-linux] |
This task depends upon
Closed by Doug Newgard (Scimmia)
Monday, 02 April 2018, 00:37 GMT
Reason for closing: Fixed
Additional comments about closing: ruby 2.5.1-1 has been in the repos for 4 days
Monday, 02 April 2018, 00:37 GMT
Reason for closing: Fixed
Additional comments about closing: ruby 2.5.1-1 has been in the repos for 4 days