ID de Prueba:	1.3.6.1.4.1.25623.1.0.703966
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 3966-1 (ruby2.3 - security update)
Resumen:	Multiple vulnerabilities were discovered in the interpreter for the Ruby;language:;;CVE-2015-9096;SMTP command injection in Net::SMTP.;;CVE-2016-7798;Incorrect handling of initialization vector in the GCM mode in the;OpenSSL extension.;;CVE-2017-0900;Denial of service in the RubyGems client.;;CVE-2017-0901;Potential file overwrite in the RubyGems client.;;CVE-2017-0902;DNS hijacking in the RubyGems client.;;CVE-2017-14064;Heap memory disclosure in the JSON library.
Descripción:	Summary: Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2015-9096 SMTP command injection in Net::SMTP. CVE-2016-7798 Incorrect handling of initialization vector in the GCM mode in the OpenSSL extension. CVE-2017-0900 Denial of service in the RubyGems client. CVE-2017-0901 Potential file overwrite in the RubyGems client. CVE-2017-0902 DNS hijacking in the RubyGems client. CVE-2017-14064 Heap memory disclosure in the JSON library. Affected Software/OS: ruby2.3 on Debian Linux Solution: For the stable distribution (stretch), these problems have been fixed in version 2.3.3-1+deb9u1. This update also hardens RubyGems against malicious terminal escape sequences (CVE-2017-0899 ). We recommend that you upgrade your ruby2.3 packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-9096 Debian Security Information: DSA-3966 (Google Search) https://www.debian.org/security/2017/dsa-3966 http://www.mbsd.jp/Whitepaper/smtpi.pdf https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee https://github.com/rubysec/ruby-advisory-db/issues/215 https://hackerone.com/reports/137631 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2016-7798 BugTraq ID: 93031 http://www.securityfocus.com/bid/93031 http://www.openwall.com/lists/oss-security/2016/09/19/9 http://www.openwall.com/lists/oss-security/2016/09/30/6 http://www.openwall.com/lists/oss-security/2016/10/01/2 Common Vulnerability Exposure (CVE) ID: CVE-2017-0899 BugTraq ID: 100576 http://www.securityfocus.com/bid/100576 https://security.gentoo.org/glsa/201710-01 http://blog.rubygems.org/2017/08/27/2.6.13-released.html https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1 https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491 https://hackerone.com/reports/226335 RedHat Security Advisories: RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2017:3485 RedHat Security Advisories: RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0378 RedHat Security Advisories: RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0583 RedHat Security Advisories: RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2018:0585 http://www.securitytracker.com/id/1039249 Common Vulnerability Exposure (CVE) ID: CVE-2017-0900 BugTraq ID: 100579 http://www.securityfocus.com/bid/100579 https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251 https://hackerone.com/reports/243003 Common Vulnerability Exposure (CVE) ID: CVE-2017-0901 BugTraq ID: 100580 http://www.securityfocus.com/bid/100580 https://www.exploit-db.com/exploits/42611/ https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2 https://hackerone.com/reports/243156 https://usn.ubuntu.com/3553-1/ https://usn.ubuntu.com/3685-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-0902 BugTraq ID: 100586 http://www.securityfocus.com/bid/100586 https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d32 https://hackerone.com/reports/218088
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.