{"id":"MGASA-2018-0411","summary":"Updated ruby packages fix security vulnerability","details":"Ruby before 2.2.10 allows an HTTP Response Splitting attack. An attacker\ncan inject a crafted key and value into an HTTP response for the HTTP\nserver of WEBrick (CVE-2017-17742).\n\nDirectory traversal vulnerability in the Dir.mktmpdir method in the tmpdir\nlibrary in Ruby before 2.2.10 might allow attackers to create arbitrary\ndirectories or files via a .. (dot dot) in the prefix argument\n(CVE-2018-6914).\n\nIn Ruby before 2.2.10, an attacker can pass a large HTTP request with a\ncrafted header to WEBrick server or a crafted body to WEBrick\nserver/handler and cause a denial of service (memory consumption)\n(CVE-2018-8777).\n\nIn Ruby before 2.2.10, an attacker controlling the unpacking format\n(similar to format string vulnerabilities) can trigger a buffer under-read\nin the String#unpack method, resulting in a massive and controlled\ninformation disclosure (CVE-2018-8778).\n\nIn Ruby before 2.2.10, the UNIXServer.open and UNIXSocket.open methods are\nnot checked for null characters. It may be connected to an unintended\nsocket (CVE-2018-8779).\n\nIn Ruby before 2.2.10, the Dir.open, Dir.new, Dir.entries and Dir.empty?\nmethods do not check NULL characters. When using the corresponding method,\nunintentional directory traversal may be performed (CVE-2018-8780).\n\nDue to a bug in the equality check of OpenSSL::X509::Name, if a malicious\nX.509 certificate is passed to compare with an existing certificate, there\nis a possibility to be judged incorrectly that they are equal\n(CVE-2018-16395).\n\nIn Array#pack and String#unpack with some formats, the tainted flags of\nthe original data are not propagated to the returned string/array\n(CVE-2018-16396).\n","modified":"2026-04-16T06:24:13.040782300Z","published":"2018-10-26T18:47:14Z","upstream":["CVE-2017-17742","CVE-2018-16395","CVE-2018-16396","CVE-2018-6914","CVE-2018-8777","CVE-2018-8778","CVE-2018-8779","CVE-2018-8780"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0411.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22844"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"}],"affected":[{"package":{"name":"ruby","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/ruby?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.10-16.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0411.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}