CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
84.4%
Debian LTS Advisory DLA-3408-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
April 30, 2023 https://wiki.debian.org/LTS
Package : jruby
Version : 9.1.17.0-3+deb10u1
CVE ID : CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255
CVE-2020-25613 CVE-2021-31810 CVE-2021-32066 CVE-2023-28755
CVE-2023-28756
Debian Bug : 972230 1014818
Several vulnerabilities were fixed in JRuby, a Java implementation of
the Ruby programming language.
CVE-2017-17742
CVE-2019-16254
HTTP Response Splitting attacks in the HTTP server of WEBrick.
CVE-2019-16201
Regular Expression Denial of Service vulnerability of WEBrick's
Digest access authentication.
CVE-2019-16255
Code injection vulnerability of Shell#[] and Shell#test.
CVE-2020-25613
HTTP Request Smuggling attack in WEBrick.
CVE-2021-31810
Trusting FTP PASV responses vulnerability in Net::FTP.
CVE-2021-32066
Net::IMAP did not raise an exception when StartTLS fails with an an
unknown response.
CVE-2023-28755
Quadratic backtracking on invalid URI.
CVE-2023-28756
The Time parser mishandled invalid strings that have specific characters.
For Debian 10 buster, these problems have been fixed in version
9.1.17.0-3+deb10u1.
We recommend that you upgrade your jruby packages.
For the detailed security status of jruby please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jruby
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 10 | amd64 | ruby2.5-dev | < 2.5.5-3+deb10u3 | ruby2.5-dev_2.5.5-3+deb10u3_amd64.deb |
Debian | 8 | amd64 | ruby2.1 | < 2.1.5-2+deb8u8 | ruby2.1_2.1.5-2+deb8u8_amd64.deb |
Debian | 9 | ppc64el | ruby2.3-dbgsym | < 2.3.3-1+deb9u3 | ruby2.3-dbgsym_2.3.3-1+deb9u3_ppc64el.deb |
Debian | 10 | amd64 | libruby2.5 | < 2.5.5-3+deb10u4 | libruby2.5_2.5.5-3+deb10u4_amd64.deb |
Debian | 10 | s390x | ruby2.5-dbgsym | < 2.5.5-3+deb10u4 | ruby2.5-dbgsym_2.5.5-3+deb10u4_s390x.deb |
Debian | 10 | s390x | libruby2.5-dbgsym | < 2.5.5-3+deb10u4 | libruby2.5-dbgsym_2.5.5-3+deb10u4_s390x.deb |
Debian | 11 | i386 | libruby2.7-dbgsym | < 2.7.4-1+deb11u2 | libruby2.7-dbgsym_2.7.4-1+deb11u2_i386.deb |
Debian | 9 | ppc64el | ruby2.3 | < 2.3.3-1+deb9u3 | ruby2.3_2.3.3-1+deb9u3_ppc64el.deb |
Debian | 9 | i386 | ruby2.3-tcltk | < 2.3.3-1+deb9u3 | ruby2.3-tcltk_2.3.3-1+deb9u3_i386.deb |
Debian | 10 | s390x | libruby2.5 | < 2.5.5-3+deb10u1 | libruby2.5_2.5.5-3+deb10u1_s390x.deb |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
84.4%