logo
DATABASE RESOURCES PRICING ABOUT US

Updated jruby packages fix security vulnerabilities

Description

Response Splitting attack in the HTTP server of WEBrick (CVE-2017-17742). Delete directory using symlink when decompressing tar (CVE-2019-8320). Escape sequence injection vulnerability in verbose (CVE-2019-8321). Escape sequence injection vulnerability in gem owner (CVE-2019-8322). Escape sequence injection vulnerability in API response handling (CVE-2019-8323). Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324). Escape sequence injection vulnerability in errors (CVE-2019-8325). Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication (CVE-2019-16201). HTTP Response Splitting attack in the HTTP server of WEBrick (CVE-2019-16254). Code injection vulnerability (CVE-2019-16255). A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick (bundled along with jruby) was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to "smuggle" a request (CVE-2020-25613).


Affected Package


OS OS Version Package Name Package Version
Mageia 7 jruby 1.7.22-7.2

Related