Package ruby

Source package: ruby
Version: 2.4.4-alt0.M80C.1
Build time:  May 24, 2018, 02:00 AM
 in the task #203550
Copied in the task: #206889
Category: Development/Ruby
Report package bug
License:  BSD (revised) or Ruby
Summary:  An Interpreted Object-Oriented Scripting Language
Ruby is an interpreted scripting language for quick and easy object-oriented
programming. It has many features for processing text files and performing system
management tasks (as in Perl). It is simple, straight-forward, and extensible.

This package contains interpreter of object-oriented scripting language Ruby.
List of rpms provided by this srpm: 
irb (noarch)
libruby (x86_64, i586)
libruby-debuginfo (x86_64, i586)
libruby-devel (x86_64, i586)
libruby-devel-static (x86_64, i586)
ri (noarch)
ruby (x86_64, i586)
ruby-debuginfo (x86_64, i586)
ruby-doc-ri (noarch)
ruby-stdlibs (x86_64, i586)
ruby-stdlibs-debuginfo (x86_64, i586)
ruby-tools (noarch)
Last changes:
April 5, 2018 Andrey Cherepanov 2.4.4-alt0.M80C.1
- New version.
- Fixes:
  + CVE-2017-17742: HTTP response splitting in WEBrick
  + CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
  + CVE-2018-8777: DoS by large request in WEBrick
  + CVE-2018-8778: Buffer under-read in String#unpack
  + CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
  + CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
Jan. 17, 2018 Andrey Cherepanov 2.4.3-alt0.M80C.1
- New version
- Fixes:
  + CVE-2017-17405: Command injection vulnerability in Net::FTP
Oct. 12, 2017 Andrey Cherepanov 2.4.2-alt1.M80C.1
- Backport new version with security fixes to c8 branch
- Merge rubygems-2.6.14 changes
- Fixes:
  + CVE-2017-0903 Unsafe Object Deserialization Vulnerability in RubyGems
  + CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf
  + CVE-2017-10784 Escape sequence injection vulnerability in the Basic authentication of WEBrick
  + CVE-2017-14033 Buffer underrun vulnerability in OpenSSL ASN1 decode
  + CVE-2017-14064 Heap exposure in generating JSON
  + CVE-2017-0902 A DNS request hijacking vulnerability
  + CVE-2017-0899 An ANSI escape sequence vulnerability
  + CVE-2017-0900 A DoS vulnerability in the query command
  + CVE-2017-0901 A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files

Back to Top