logo
DATABASE RESOURCES PRICING ABOUT US

ruby2.1 - security update

Description

Several flaws have been found in ruby2.1, an interpreter of an object-oriented scripting language. * [CVE-2019-15845](https://security-tracker.debian.org/tracker/CVE-2019-15845) Path matching might pass in File.fnmatch and File.fnmatch? due to a NUL character injection. * [CVE-2019-16201](https://security-tracker.debian.org/tracker/CVE-2019-16201) A loop caused by a wrong regular expression could lead to a denial of service of a WEBrick service. * [CVE-2019-16254](https://security-tracker.debian.org/tracker/CVE-2019-16254) This is the same issue as [CVE-2017-17742](https://security-tracker.debian.org/tracker/CVE-2017-17742), whose fix was not complete. * [CVE-2019-16255](https://security-tracker.debian.org/tracker/CVE-2019-16255) Giving untrusted data to the first argument of Shell#[] and Shell#test might lead to a code injection vulnerability. For Debian 8 Jessie, these problems have been fixed in version 2.1.5-2+deb8u8. We recommend that you upgrade your ruby2.1 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: <https://wiki.debian.org/LTS>


Affected Software


CPE Name Name Version
ruby2.1 2.1.5-2+deb8u3
ruby2.1 2.1.5-2+deb8u4
ruby2.1 2.1.5-2+deb8u2
ruby2.1 2.1.5-2+deb8u7
ruby2.1 2.1.5-2+deb8u1
ruby2.1 2.1.5-2+deb8u5
ruby2.1 2.1.5-2+deb8u6
ruby2.1 2.1.5-2

Related