RubyGems: Delete directory using symlink when decompressing tar

In 2.7.6, the safety of symlink is confirmed with mkdirpsafe, Before that FileUtils.rmrf destination is running. Therefore, if tmp/dir is specified after tmp - /tmp, the following /tmp/dir is deleted. Proof of concept builder.rb ruby require 'rubygems/package' class GemBuiler def initialize spec,...

Debian: Security Advisory (DLA-1112-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RubyGems echor 'backplane.rb' remote command injection vulnerability

RubyGems echor is a Ruby-based Echo application developed by software developer Pedro Del Gallego. A remote command injection vulnerability exists in RubyGems echor, which stems from the program failing to adequately filter user-submitted input data. An attacker could use this vulnerability to...

RubyGems echor Plaintext Credential Local Information Disclosure Vulnerability

RubyGems echor is a Ruby-based Echo application developed by software developer Pedro Del Gallego. A local information disclosure vulnerability exists in RubyGems echor Plaintext Credential. A local attacker can exploit this vulnerability to obtain sensitive information such as credentials...

Fedora 27 : rubygems (2017-81cf93b7c2)

Update to RubyGems 2.6.13. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

MGASA-2017-0482 Updated ruby-RubyGems packages fix security vulnerabilities

An ANSI escape sequence vulnerability CVE-2017-0899. A DoS vulnerability in the query command CVE-2017-0900. A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files CVE-2017-0901. A DNS request hijacking vulnerability CVE-2017-0902. An unsafe object...

Updated ruby-RubyGems packages fix security vulnerabilities

An ANSI escape sequence vulnerability CVE-2017-0899. A DoS vulnerability in the query command CVE-2017-0900. A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files CVE-2017-0901. A DNS request hijacking vulnerability CVE-2017-0902. An unsafe object...

rubygems: DNS hijacking vulnerability

A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a rubygems.tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain...

rubygems: Unsafe object deserialization through YAML formatted gem specifications

A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter...

rubygems: No size limit in summary length of gem spec

It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary...

Moderate: Red Hat Security Advisory: rh-ruby24-ruby security, bug fix, and enhancement update

An update for rh-ruby24-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

rubygems: Escape sequence in the "summary" field of gemspec

A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences...

Debian DSA-4031-1 : ruby2.3 - security update

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-0898 aerodudrizzt reported a buffer underrun vulnerability in the sprintf method of the Kernel module resulting in...

RubyGems: [gem server] Stored XSS via crafted JavaScript URL inclusion in Gemspec

Hi, A JavaScript URL injection in the homepage field within a Gemspec file can be leveraged to achieve stored XSS on the default gem server web interface, referenced here. When you install RubyGems, it adds the gem server command to your system. This is the fastest way to start hosting gems. As...

Amazon Linux AMI : ruby24 (ALAS-2017-915)

Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte,...

Medium: ruby24

Issue Overview: Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a...

Rack rubygems receiving excessively long lines triggers out-of-memory error

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a long string in a Multipart HTTP packet...

GHSA-3PXH-H8HW-MJ8W Rack rubygems receiving excessively long lines triggers out-of-memory error

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a long string in a Multipart HTTP packet...

RubyGems: Negative size in tar header causes infinite loop

Proof of concept The attached file loop.gem causes an infinite loop in any command that tries to iterate over the entries in the tar container. gem install loop.gem gem unpack loop.gem gem specification loop.gem Summary Gem::Package::TarHeader.from uses oct to parse fields in the tar header. oct...

RubyGems Remote Code Execution Vulnerability

RubyGems is a package manager for Ruby that provides a standard format for distributing Ruby programs and libraries called "gems", and is designed to make it easy to manage gem installations and the servers used to distribute them. A remote code execution vulnerability exists in RubyGems, which c...