[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1112-1] rubygems security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : rubygems
Version        : 1.8.24-1+deb7u1
CVE ID         : CVE-2017-0900 CVE-2017-0901
Debian Bug     : 873802

Some vulnerabilities were found in the Rubygems package that affects
the LTS distribution.

CVE-2017-0900

    DOS vulernerability in the query command

CVE-2017-0901

    gem installer allows a malicious gem to overwrite arbitrary files

For Debian 7 "Wheezy", these problems have been fixed in version
1.8.24-1+deb7u1.

We recommend that you upgrade your rubygems packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEjckBzmQUbASK1Q+7eSFSUnt1kh4FAlnKw3sACgkQeSFSUnt1
kh4T3A/8DH24Vj9yZCFpIGjt8ylJ1jvqtDvLThW2jgmwNaLgVbL3TVOyN8JSVOdP
PlbFmX2a9YycjXTMRbCvS7a3h9gjWC/rQ1muISEKE1gbQp3GndfP360UJkl4GVZe
v55La/AoSWXvd57gCBE6UJmVhGIQtkPIIXLaIA+fNcaeS1CxyV7HDr1YrfUf3ncc
+WDmqqU1SvBCzDmtRgJ/ahQqpNzHeAPvmk4j8d0gRXnHAxTrHggJKLuFHfev/NZG
Fmc9kAhAoDZV02rLiN20XQMoRMBL3Spe/w6zOA4gMRMSyrmlL8X5gqqv2SMWvWvf
amkjHICNkmT7u+WDiYrieNz1nMWOQkq1yTqt2786IwSxm0L7JoUbdKc+aHRPnVcf
2zSKgEcku6guZoSdVWhKKxKeWLDLpRL5BipH7bvbrgvOH8rxiXV/PIrEZhqQKf9t
GP44bqqZTwVo2IcJbooO97HDBjwQYIz1lmMAWURzDG1DFUUK/6HL+EWzy6P4+Jt3
paAN3yLukKbroUwMYm7U/UdtaSF9YMT5S8iQWq0degMWuvlf1uc3l2I/eUmYy2dl
LjlaicYRDwe34vwqEFQD+9KV3oMvZKiFXUZzQPLXQrpu8Tg6UenZSId7WY8oxViq
6Rbr2RcWr79eiPXSkRmbSDwOwdYqmA6elZUEgOlr8w/rFoIRMBs=
=k2wH
-----END PGP SIGNATURE-----


Reply to: