Lucene search
DebianDEBIAN:DSA-4721-1:85B0AHistoryJul 08, 2020 - 3:31 p.m.
[SECURITY] [DSA 4721-1] ruby2.5 security update
2020-07-0815:31:57
lists.debian.org
132
EPSS
0.006
Percentile
79.5%
Debian Security Advisory DSA-4721-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
July 08, 2020 https://www.debian.org/security/faq
Package : ruby2.5
CVE ID : CVE-2020-10663 CVE-2020-10933
Several vulnerabilities have been discovered in the interpreter for the
Ruby language.
CVE-2020-10663
Jeremy Evans reported an unsafe object creation vulnerability in the
json gem bundled with Ruby. When parsing certain JSON documents, the
json gem can be coerced into creating arbitrary objects in the
target system.
CVE-2020-10933
Samuel Williams reported a flaw in the socket library which may lead
to exposure of possibly sensitive data from the interpreter.
For the stable distribution (buster), these problems have been fixed in
version 2.5.5-3+deb10u2.
We recommend that you upgrade your ruby2.5 packages.
For the detailed security status of ruby2.5 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/ruby2.5
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | mips64el | libruby2.5 | <Â 2.5.5-3+deb10u2 | libruby2.5_2.5.5-3+deb10u2_mips64el.deb |
| Debian | 10 | mips | ruby2.5-dbgsym | <Â 2.5.5-3+deb10u2 | ruby2.5-dbgsym_2.5.5-3+deb10u2_mips.deb |
| Debian | 9 | s390x | ruby2.3-tcltk-dbgsym | <Â 2.3.3-1+deb9u8 | ruby2.3-tcltk-dbgsym_2.3.3-1+deb9u8_s390x.deb |
| Debian | 9 | mipsel | ruby2.3-dbgsym | <Â 2.3.3-1+deb9u8 | ruby2.3-dbgsym_2.3.3-1+deb9u8_mipsel.deb |
| Debian | 10 | ppc64el | ruby2.5-dbgsym | <Â 2.5.5-3+deb10u2 | ruby2.5-dbgsym_2.5.5-3+deb10u2_ppc64el.deb |
| Debian | 9 | mips | ruby-json | <Â 2.0.1+dfsg-3+deb9u1 | ruby-json_2.0.1+dfsg-3+deb9u1_mips.deb |
| Debian | 9 | mips | ruby2.3-dev | <Â 2.3.3-1+deb9u8 | ruby2.3-dev_2.3.3-1+deb9u8_mips.deb |
| Debian | 10 | armhf | libruby2.5-dbgsym | <Â 2.5.5-3+deb10u2 | libruby2.5-dbgsym_2.5.5-3+deb10u2_armhf.deb |
| Debian | 9 | arm64 | ruby2.3-tcltk | <Â 2.3.3-1+deb9u8 | ruby2.3-tcltk_2.3.3-1+deb9u8_arm64.deb |
| Debian | 10 | amd64 | libruby2.5-dbgsym | <Â 2.5.5-3+deb10u2 | libruby2.5-dbgsym_2.5.5-3+deb10u2_amd64.deb |
Related
fedora
fedora
[SECURITY] Fedora 31 Update: ruby-2.6.6-125.fc31
2020-05-22 03:19:32
[SECURITY] Fedora 31 Update: rubygem-json-2.2.0-202.fc31
2020-05-03 04:55:27
[SECURITY] Fedora 30 Update: rubygem-json-2.2.0-202.fc30
2020-05-03 04:41:34
nessus
nessus
openSUSE Security Update : ruby2.5 (openSUSE-2020-586)
2020-05-04 00:00:00
SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2020:0995-1)
2020-04-16 00:00:00
Fedora 31 : ruby (2020-a95706b117)
2020-05-22 00:00:00
openvas
openvas
Fedora: Security Advisory for ruby (FEDORA-2020-a95706b117)
2020-05-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0995-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for ruby2.5 (openSUSE-SU-2020:0586-1)
2020-05-02 00:00:00
debian
debian
[SECURITY] [DSA 4721-1] ruby2.5 security update
2020-07-08 15:31:57
[SECURITY] [DLA 2190-1] ruby-json security update
2020-04-28 08:12:45
[SECURITY] [DLA 2192-1] ruby2.1 security update
2020-04-30 22:01:47
suse
suse
Security update for ruby2.5 (moderate)
2020-05-02 00:00:00
osv
osv
ruby2.5 - security update
2020-07-08 00:00:00
ruby2.3, ruby2.5, ruby2.7 vulnerabilities
2021-03-18 17:00:33
BIT-ruby-2020-10933
2024-03-06 11:06:11
ubuntu
ubuntu
Ruby vulnerabilities
2021-03-18 00:00:00
cloudfoundry
cloudfoundry
USN-4882-1: Ruby vulnerabilities | Cloud Foundry
2021-04-14 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2020-0089
2020-05-13 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-1.0-0294
2020-05-14 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0089
2020-05-13 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-10933 affecting package ruby 2.6.3-3
2021-06-09 03:50:37
mageia
mageia
Updated ruby packages fix security vulnerability
2020-07-07 16:47:37
Updated ruby-json packages fix security vulnerability
2020-05-05 15:20:37
oraclelinux
oraclelinux
pcs security update
2020-06-12 00:00:00
ruby:2.5 security, bug fix, and enhancement update
2021-07-02 00:00:00
ruby:2.6 security, bug fix, and enhancement update
2021-07-07 00:00:00
rocky
rocky
pcs security and bug fix update
2021-07-22 18:18:27
ruby:2.5 security, bug fix, and enhancement update
2021-06-29 13:58:20
ruby:2.6 security, bug fix, and enhancement update
2021-06-29 13:58:40
cve
cve
CVE-2020-10933
2020-05-04 15:15:13
CVE-2020-10663
2020-04-28 21:15:11
nvd
nvd
CVE-2020-10933
2020-05-04 15:15:13
CVE-2020-10663
2020-04-28 21:15:11
alpinelinux
alpinelinux
CVE-2020-10933
2020-05-04 15:15:13
CVE-2020-10663
2020-04-28 21:15:11
ibm
ibm
Security Bulletin: IBM Sterling Global Mailbox vulnerable to security bypass due to Apache Zookeeper (CVE-2020-10663)
2023-01-04 06:11:50
Security Bulletin: Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime
2021-10-13 14:44:47
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-01-26 10:16:23
redhat
redhat
(RHSA-2020:2462) Moderate: pcs security and bug fix update
2020-06-10 08:54:00
(RHSA-2020:2473) Moderate: pcs security and bug fix update
2020-06-10 09:17:23
(RHSA-2020:2670) Moderate: pcs security and bug fix update
2020-06-23 12:35:01
cvelist
cvelist
CVE-2020-10933
2020-05-04 14:54:00
CVE-2020-10663
2020-04-28 20:58:30
redhatcve
redhatcve
CVE-2020-10933
2020-05-08 11:10:59
CVE-2020-10663
2020-04-24 04:33:39
veracode
veracode
Information Disclosure
2020-08-06 21:34:05
Denial Of Service (DoS)
2020-03-23 03:14:43
ubuntucve
ubuntucve
CVE-2020-10933
2020-05-04 00:00:00
CVE-2020-10663
2020-04-28 00:00:00
debiancve
debiancve
CVE-2020-10933
2020-05-04 15:15:13
CVE-2020-10663
2020-04-28 21:15:11
prion
prion
Heap overflow
2020-05-04 15:15:00
Design/Logic Flaw
2020-04-28 21:15:00
githubexploit
githubexploit
Exploit for Improper Input Validation in Json Project Json
2020-03-24 09:53:23
rubygems
rubygems
Heap exposure vulnerability in the socket library
2020-03-30 21:00:00
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
2020-03-18 21:00:00
amazon
amazon
Medium: rubygem-json
2020-08-26 23:09:00
Medium: ruby19, ruby21
2020-08-26 23:10:00
Medium: ruby20
2020-08-10 23:07:00
freebsd
freebsd
github
github
Unsafe object creation in json RubyGem
2020-07-27 18:08:21
almalinux
almalinux
Moderate: ruby:2.5 security, bug fix, and enhancement update
2021-06-29 13:58:20
Moderate: ruby:2.6 security, bug fix, and enhancement update
2021-06-29 13:58:40
kitploit
kitploit
apple
apple
About the security content of macOS Big Sur 11.0.1 - Apple Support
2021-02-18 06:14:03
About the security content of macOS Big Sur 11.0.1
2020-11-12 00:00:00