Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5066-1] ruby2.5 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5066-1] ruby2.5 security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5066-1] ruby2.5 security update
  • Date: Thu, 3 Feb 2022 19:26:40 +0000
  • List-archive: https://lists.debian.org/msgid-search/20220203192640.GA32234 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=y6O0X+MYC+JIJn0oDONliMboBLeGXwin/zTOj1c9Rgg=; b=Wj QMhEvlNA6bqzymBo3B8oUk6yEiWmLvf7w5/GGL0M+85xma+Ks5OKIsj9p+rzBOHGZmpEwkt7pNvzn Q4Xm2+zomb8mams2bISffBbXE5agZu/GxUyVDsmiXMU0rjvVrJ2943OPMx6DSsD2vNX5e7sPSQ2ew b3FHjziSfsu+DsMjiVdryjiCiYgfP4J2FPCnStN374ZMALyKIx33eBB/Nn+eN+68nCcPyUbdL+rCk RUagMbOrglvIZB8GBNxTFm0uJXMuQHrlZNNcCM3aUWCnKgvGKAyhIZijgHUZuLZxdgtgsB28nEdye PgOg7mi7FnFMgrJcxIIBjbkJmxqMAlJQ==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Thu, 3 Feb 2022 19:26:59 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <rdJsN8vdOuL.A.ba.DyC_hB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5066-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 03, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby2.5
CVE ID : CVE-2021-28965 CVE-2021-31799 CVE-2021-31810
CVE-2021-41817 CVE-2021-41819 CVE-2021-32066

Several vulnerabilities have been discovered in the interpreter for the
Ruby language and the Rubygems included, which may result on result in
XML roundtrip attacks, the execution of arbitrary code, information
disclosure, StartTLS stripping in IMAP or denial of service.

For the oldstable distribution (buster), these problems have been fixed
in version 2.5.5-3+deb10u4.

We recommend that you upgrade your ruby2.5 packages.

For the detailed security status of ruby2.5 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby2.5

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmH8KnkACgkQEMKTtsN8
TjbjRQ//fxv67xTROanUJfCRvAX1xWjQufJCKgs+hto3kvSdm/ONMVQNXqk4PxeH
Rm3lYbjz9b4Phc2jLUcO56AHX8eAY+ukiSg5Vy/gNxzGo8jgciIqSs2UpJO8CYW3
EIqKGf2uM7CgTh8ufjqtC1udxoD2TYyw1EkFwFHYYVmIlKNXW8ZBU6AdBCvz6hn5
MyiBjtf8DHXTP43SjEmDA9tRC4cQiKXkrcDdcGqyuesUUgX3y/u5Le1y2KdMhsnW
jv9X75YFcHHIrgT3zHKv5hPeLk0EpkD/llEiWyQzXe3YgAd7u6pe37m7HR51YlNR
+36gV0g0zHoOA5ODsPqDEBwDQl97Y/6R7rGCYgZ13b0zBNURUWSRIhrvEpgJoVoC
lEnGcq9B67oldYVi8cpfQ07rBjbRLPNmiVFZytG/V1/kXrM6HTYLha5/hj8s4NXA
N3P4eBmZAANzQRoKDB94ItghbzdfZb2OlH+3LICJikVsAwWjA0vxgCO9MHrX6Amn
n8+9Hgly+n2RZuCKu1gaOeORrESNNUj9CzUEXTUpoOStSbEdGSkjW2gMkTf1QhlL
1X4J6tCm7Gl9dmwSinIFRlCcnLcJb6fTUSwvPMWAuy2rVSvfbGlWuq0xT5txMP8x
b8p3aXahA1elN1Y253UzBvcnaJS0EigTgJZz2loUoV4GyEWD624=
=GDTs
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5066-1] ruby2.5 security update, Moritz Muehlenhoff, 03.02.2022

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang