Lucene search

UbuntuUSN-3621-2

HistoryApr 13, 2018 - 12:00 a.m.

Ruby regression

2018-04-1300:00:00

ubuntu.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.2%

JSON

Releases

Ubuntu 14.04 ESM

Packages

ruby1.9.1 - Object-oriented scripting language
ruby2.0 - Object-oriented scripting language

Details

USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due
to an incomplete patch for CVE-2018-1000074. This update reverts the
problematic patch pending further investigation.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Ruby incorrectly handled certain inputs. An attacker
could possibly use this to access sensitive information. (CVE-2018-1000073)

It was discovered that Ruby incorrectly handled certain files. An attacker
could possibly use this to execute arbitrary code. (CVE-2018-1000074)

It was discovered that Ruby incorrectly handled certain files. An attacker
could possibly use this to cause a denial of service. (CVE-2018-1000075)

It was discovered that Ruby incorrectly handled certain crypto signatures.
An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000076)

It was discovered that Ruby incorrectly handled certain inputs. An attacker
could possibly use this to execute arbitrary code. (CVE-2018-1000077,
CVE-2018-1000078, CVE-2018-1000079)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchlibruby1.9.1< 1.9.3.484-2ubuntu1.10UNKNOWN
Ubuntu14.04noarchlibruby1.9.1-dbg< 1.9.3.484-2ubuntu1.10UNKNOWN
Ubuntu14.04noarchlibruby1.9.1-dbgsym< 1.9.3.484-2ubuntu1.10UNKNOWN
Ubuntu14.04noarchlibtcltk-ruby1.9.1< 1.9.3.484-2ubuntu1.10UNKNOWN
Ubuntu14.04noarchlibtcltk-ruby1.9.1-dbgsym< 1.9.3.484-2ubuntu1.10UNKNOWN
Ubuntu14.04noarchruby1.9.1< 1.9.3.484-2ubuntu1.10UNKNOWN
Ubuntu14.04noarchruby1.9.1-dbgsym< 1.9.3.484-2ubuntu1.10UNKNOWN
Ubuntu14.04noarchruby1.9.1-dev< 1.9.3.484-2ubuntu1.10UNKNOWN
Ubuntu14.04noarchruby1.9.1-dev-dbgsym< 1.9.3.484-2ubuntu1.10UNKNOWN
Ubuntu14.04noarchlibruby2.0< 2.0.0.484-1ubuntu2.8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	14.04	noarch	libruby1.9.1	< 1.9.3.484-2ubuntu1.10	UNKNOWN
Ubuntu	14.04	noarch	libruby1.9.1-dbg	< 1.9.3.484-2ubuntu1.10	UNKNOWN
Ubuntu	14.04	noarch	libruby1.9.1-dbgsym	< 1.9.3.484-2ubuntu1.10	UNKNOWN
Ubuntu	14.04	noarch	libtcltk-ruby1.9.1	< 1.9.3.484-2ubuntu1.10	UNKNOWN
Ubuntu	14.04	noarch	libtcltk-ruby1.9.1-dbgsym	< 1.9.3.484-2ubuntu1.10	UNKNOWN
Ubuntu	14.04	noarch	ruby1.9.1	< 1.9.3.484-2ubuntu1.10	UNKNOWN
Ubuntu	14.04	noarch	ruby1.9.1-dbgsym	< 1.9.3.484-2ubuntu1.10	UNKNOWN
Ubuntu	14.04	noarch	ruby1.9.1-dev	< 1.9.3.484-2ubuntu1.10	UNKNOWN
Ubuntu	14.04	noarch	ruby1.9.1-dev-dbgsym	< 1.9.3.484-2ubuntu1.10	UNKNOWN
Ubuntu	14.04	noarch	libruby2.0	< 2.0.0.484-1ubuntu2.8	UNKNOWN