[SECURITY] [DLA 1352-1] jruby security update

2018-04-17T22:53:21
ID DEBIAN:DLA-1352-1:18209
Type debian
Reporter Debian
Modified 2018-04-17T22:53:21

Description

Package : jruby Version : 1.5.6-5+deb7u2 CVE ID : CVE-2018-1000074

An unsafe object deserialization vulnerability was found in jruby, a 100% pure-Java implementation of Ruby. An attacker can use this flaw to run arbitrary code when gem owner is run on a specially crafted YAML file.

For Debian 7 "Wheezy", these problems have been fixed in version 1.5.6-5+deb7u2.

We recommend that you upgrade your jruby packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS