USN-3808-1: Ruby vulnerabilities
5 November 2018
Several security issues were fixed in Ruby.
Releases
Packages
Details
It was discovered that Ruby incorrectly handled certain X.509
certificates. An attacker could possibly use this issue to
bypass the certificate check. (CVE-2018-16395)
It was discovered that Ruby incorrectly handled certain
inputs. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2018-16396)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10
Ubuntu 18.04
Ubuntu 16.04
Ubuntu 14.04
-
libruby1.9.1
-
1.9.3.484-2ubuntu1.13
-
libruby2.0
-
2.0.0.484-1ubuntu2.11
-
ruby1.9.1
-
1.9.3.484-2ubuntu1.13
-
ruby1.9.3
-
1.9.3.484-2ubuntu1.13
-
ruby2.0
-
2.0.0.484-1ubuntu2.11
In general, a standard system update will make all the necessary changes.