Ruby vulnerabilities


It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10663) It was discovered that Ruby incorrectly handled certain socket memory operations. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-10933) It was discovered that Ruby incorrectly handled certain transfer-encoding headers when using Webrick. A remote attacker could possibly use this issue to bypass a reverse proxy. (CVE-2020-25613)

Affected Package

OS OS Version Package Name Package Version
Ubuntu 20.10 libruby2.7 2.7.1-3ubuntu1.2
Ubuntu 20.10 ruby2.7 2.7.1-3ubuntu1.2
Ubuntu 20.04 libruby2.7 2.7.0-5ubuntu1.3
Ubuntu 20.04 libruby2.7-dbgsym 2.7.0-5ubuntu1.3
Ubuntu 20.04 ruby2.7 2.7.0-5ubuntu1.3
Ubuntu 20.04 ruby2.7-dbgsym 2.7.0-5ubuntu1.3
Ubuntu 20.04 ruby2.7-dev 2.7.0-5ubuntu1.3
Ubuntu 20.04 ruby2.7-doc 2.7.0-5ubuntu1.3
Ubuntu 18.04 libruby2.5 2.5.1-1ubuntu1.8
Ubuntu 18.04 libruby2.5-dbgsym 2.5.1-1ubuntu1.8
Ubuntu 18.04 ruby2.5 2.5.1-1ubuntu1.8
Ubuntu 18.04 ruby2.5-dbgsym 2.5.1-1ubuntu1.8
Ubuntu 18.04 ruby2.5-dev 2.5.1-1ubuntu1.8
Ubuntu 18.04 ruby2.5-doc 2.5.1-1ubuntu1.8
Ubuntu 16.04 libruby2.3 2.3.1-2~ubuntu16.04.15
Ubuntu 16.04 libruby2.3-dbg 2.3.1-2~ubuntu16.04.15
Ubuntu 16.04 libruby2.3-dbgsym 2.3.1-2~ubuntu16.04.15
Ubuntu 16.04 ruby2.3 2.3.1-2~ubuntu16.04.15
Ubuntu 16.04 ruby2.3-dbgsym 2.3.1-2~ubuntu16.04.15
Ubuntu 16.04 ruby2.3-dev 2.3.1-2~ubuntu16.04.15
Ubuntu 16.04 ruby2.3-dev-dbgsym 2.3.1-2~ubuntu16.04.15
Ubuntu 16.04 ruby2.3-doc 2.3.1-2~ubuntu16.04.15
Ubuntu 16.04 ruby2.3-tcltk 2.3.1-2~ubuntu16.04.15
Ubuntu 16.04 ruby2.3-tcltk-dbgsym 2.3.1-2~ubuntu16.04.15