Lucene search
UbuntuUSN-6055-2HistoryMay 05, 2023 - 12:00 a.m.
Ruby regression
2023-05-0500:00:00
ubuntu.com
31
Releases
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- ruby2.3 - Object-oriented scripting language
- ruby2.5 - Object-oriented scripting language
- ruby2.7 - Object-oriented scripting language
Details
USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression.
This update reverts the patches applied to CVE-2023-28755 in order to fix the regression
pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2023-28755)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 20.04 | noarch | ruby2.7 | < 2.7.0-5ubuntu1.10 | UNKNOWN |
| Ubuntu | 20.04 | noarch | libruby2.7 | < 2.7.0-5ubuntu1.10 | UNKNOWN |
| Ubuntu | 20.04 | noarch | libruby2.7-dbgsym | < 2.7.0-5ubuntu1.10 | UNKNOWN |
| Ubuntu | 20.04 | noarch | ruby2.7-dbgsym | < 2.7.0-5ubuntu1.10 | UNKNOWN |
| Ubuntu | 20.04 | noarch | ruby2.7-dev | < 2.7.0-5ubuntu1.10 | UNKNOWN |
| Ubuntu | 20.04 | noarch | ruby2.7-doc | < 2.7.0-5ubuntu1.10 | UNKNOWN |
| Ubuntu | 18.04 | noarch | ruby2.5 | < 2.5.1-1ubuntu1.15 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libruby2.5 | < 2.5.1-1ubuntu1.15 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libruby2.5-dbgsym | < 2.5.1-1ubuntu1.15 | UNKNOWN |
| Ubuntu | 18.04 | noarch | ruby2.5-dbgsym | < 2.5.1-1ubuntu1.15 | UNKNOWN |
Related
cgr
cgr
CVE-2023-28755 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2023-28755
2023-03-31 04:15:09
CVE-2023-36617
2023-06-29 13:15:09
nessus
nessus
EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-2366)
2023-07-18 00:00:00
FreeBSD : rubygem-uri -- ReDoS vulnerability (9b60bba1-cf18-11ed-bd44-080027f5fec9)
2023-03-30 00:00:00
EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-2392)
2023-07-18 00:00:00
cloudfoundry
cloudfoundry
USN-6055-2: Ruby regression | Cloud Foundry
2023-06-30 00:00:00
USN-6219-1: Ruby vulnerabilities | Cloud Foundry
2023-09-28 00:00:00
USN-6055-1: Ruby vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
debiancve
debiancve
CVE-2023-28755
2023-03-31 04:15:09
CVE-2023-36617
2023-06-29 13:15:09
osv
osv
ruby2.3, ruby2.5, ruby2.7 regression
2023-05-05 12:46:21
Ruby URI component ReDoS issue
2023-03-31 06:30:15
CVE-2023-28755
2023-03-31 04:15:09
github
github
Ruby URI component ReDoS issue
2023-03-31 06:30:15
URI gem has ReDoS vulnerability
2023-06-29 15:30:34
ubuntucve
ubuntucve
CVE-2023-28755
2023-03-31 00:00:00
CVE-2023-36617
2023-06-29 00:00:00
cvelist
cvelist
CVE-2023-28755
2023-03-31 00:00:00
CVE-2023-36617
2023-06-29 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6055-2)
2023-05-08 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2366)
2023-07-17 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2392)
2023-07-17 00:00:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-04-04 14:02:44
Regular Expression Denial Of Service (ReDoS)
2023-06-30 03:59:11
prion
prion
Authentication flaw
2023-03-31 04:15:00
Design/Logic Flaw
2023-06-29 13:15:00
freebsd
freebsd
rubygem-uri -- ReDoS vulnerability
2023-03-28 00:00:00
hackerone
hackerone
Ruby: URI parser's RFC3986 regular expression has poor performance when there are two # characters, leading to ReDoS
2022-01-09 14:12:19
Internet Bug Bounty: CVE-2023-28755: ReDoS vulnerability in URI
2023-04-13 02:03:53
Internet Bug Bounty: CVE-2023-36617: ReDoS vulnerability in URI (Ruby)
2023-07-17 05:09:41
alpinelinux
alpinelinux
CVE-2023-28755
2023-03-31 04:15:09
redhatcve
redhatcve
CVE-2023-28755
2023-04-03 14:43:40
CVE-2023-36617
2023-07-13 11:36:22
wolfi
wolfi
CVE-2023-28755 vulnerabilities
2024-05-20 21:07:18
ubuntu
ubuntu
Ruby vulnerabilities
2023-05-04 00:00:00
Ruby vulnerabilities
2023-05-18 00:00:00
Ruby vulnerabilities
2023-07-12 00:00:00
slackware
slackware
[slackware-security] ruby
2023-03-31 18:29:16
debian
debian
[SECURITY] [DLA 3447-1] ruby2.5 security update
2023-06-07 20:39:08
[SECURITY] [DLA 3408-1] jruby security update
2023-04-30 20:58:33
fedora
fedora
[SECURITY] Fedora 36 Update: ruby-3.1.4-175.fc36
2023-04-21 01:25:27
[SECURITY] Fedora 38 Update: ruby-3.2.2-180.fc38
2023-04-15 02:16:08
[SECURITY] Fedora 37 Update: ruby-3.1.4-175.fc37
2023-04-21 02:11:09
rubygems
rubygems
ReDoS vulnerability in URI
2023-06-28 21:00:00
rocky
rocky
ruby:2.7 security, bug fix, and enhancement update
2023-08-31 16:54:34
ruby:3.1 security, bug fix, and enhancement update
2024-03-27 04:34:32
ruby:3.1 security, bug fix, and enhancement update
2024-04-05 14:57:12
oraclelinux
oraclelinux
ruby:2.7 security, bug fix, and enhancement update
2023-07-08 00:00:00
ruby:3.1 security, bug fix, and enhancement update
2024-03-20 00:00:00
ruby:3.1 security, bug fix, and enhancement update
2024-04-02 00:00:00
almalinux
almalinux
Moderate: ruby:2.7 security, bug fix, and enhancement update
2023-06-27 00:00:00
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-03-19 00:00:00
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-04-01 00:00:00
redhat
redhat
thn
thn
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
ibm
ibm
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00