Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5677-1] ruby3.1 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5677-1] ruby3.1 security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5677-1] ruby3.1 security update
  • Date: Fri, 3 May 2024 19:47:02 +0000
  • List-archive: https://lists.debian.org/msgid-search/ZjU/NoKokK8qXjbn AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=eLVz5830LwHzZprjgejvPj2w8iJAoZJ7jBsQqXTk6+A=; b=L0 7umXHj5xRG6vUG+rAZoK92Co1dXNWMi21dHPL7vriU/Ew5DLjVusF+GSv8R7I/z2QWsWiaUnnRKLw r/M75a0aw9vfBVlQdAp2lpppZ7HmsXCGFBUCTqEQ3Gu0+nw4ovNF5xR0Nz/OqMJB0JObw9sm9zmae lua8+CIXhA7SJwhIx2EYgPklTJ5YEYIHGwZj4+2P8PMS7T2exEXi6JoXWlayF1wFG5LSnuLieGlKI mtjcLsZBCI7lp7WjYrBrDmMXpk/9ysk83vxhH0JyGulU3w/6r+UNWK3P9D0EV0Wu2yvmmA3grZEnX Kqg5RojMxUxcmbWG4mm3EDMw6A82PJYQ==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 3 May 2024 19:47:30 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <nnKd-DqxfY.A.d0G.S9TNmB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5677-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 03, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby3.1
CVE ID : CVE-2024-27280 CVE-2024-27281 CVE-2024-27282

Several vulnerabilities have been discovered in the interpreter for
the Ruby language, which may result in information disclosure, denial
of service or the execution of arbitrary code.

For the stable distribution (bookworm), these problems have been fixed in
version 3.1.2-7+deb12u1.

We recommend that you upgrade your ruby3.1 packages.

For the detailed security status of ruby3.1 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby3.1

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmY1PxYACgkQEMKTtsN8
TjZftBAAoJ8Fvgz0vhJl8HNpozdLc7nyThu/dZ8QCcSLgCt1xJQYModeC+1PnQds
wTnEXDjWKTVB4N+xot663SmdnKptCgqqI9zb7ZLZQodo9euZAOyT/cXmaa7+/QPg
kULr3rGco8xh2yirKLhoEwpOvVQ7dKePc66Pnj1ni9mnMRCYPRjfXrBsPHkt+KiH
2MAHdeP5Na5rWzlXvKS7W5hRU8siovSnqg5Apc8Zx1MKuOI2ni7dm0i9s9DeWsNT
J54Y5Q+6QxqpajzmowL3dQNHJHebyzRbBWhqOhmQojVkyIY2s0WOOHXRD6gS+wwE
MJGVnluBTAuUHn8JMXHX5A2I5d8vhDkUq1QZZxSjNbNqU/FXKuyfAGKQNvtedesu
10nfq5StWPoV24aKBp+bMuopO6jVExXNvAmPHTpXC59a2N3WBmUuXOas4tJHBTfJ
6XgP6JX8hom24/LUjrS1xOlfCt5BEKoU6FICVv3Vx3Uc8yeBD2/bSxaY/qbotnN7
EgdZ6MhzAga2OxMzSqJJ7iUZLBg3C2A1AdoQRYfp8i9NFu8vvd3Ra3pjn38ELJUa
xQAvpFw6xhuYsY4HyIcHqQ3SnrFRH3DrEHjncD2L9iRZktpKpRJJ5os/Fs1Wd4gJ
wfGic7yfmKOyDQYRPrZgWyyezwHsWy1YeffVXATlBJHvvuXiuFY=
=+u3s
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5677-1] ruby3.1 security update, Moritz Muehlenhoff, 03.05.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang