{"id":"MGASA-2019-0408","summary":"Updated ruby packages fix security vulnerabilities","details":"Updated ruby packages fix security vulnerabilities:\n\nIt was discovered that Ruby incorrectly handled certain files. An attacker\ncould possibly use this issue to pass path matching what can lead to an\nunauthorized access (CVE-2019-15845).\n\nIt was discovered that Ruby incorrectly handled certain regular expressions.\nAn attacker could use this issue to cause a denial of service\n(CVE-2019-16201).\n\nIt was discovered that Ruby incorrectly handled certain HTTP headers. An\nattacker could possibly use this issue to execute arbitrary code\n(CVE-2019-16254).\n\nIt was discovered that Ruby incorrectly handled certain inputs. An attacker\ncould possibly use this issue to execute arbitrary code (CVE-2019-16255).\n","modified":"2026-02-04T04:19:34.711316Z","published":"2019-12-25T19:08:41Z","related":["CVE-2019-15845","CVE-2019-16201","CVE-2019-16254","CVE-2019-16255"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0408.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25564"},{"type":"REPORT","url":"https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/"},{"type":"REPORT","url":"https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/"},{"type":"REPORT","url":"https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/"},{"type":"REPORT","url":"https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/"},{"type":"REPORT","url":"https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-5-7-released/"},{"type":"REPORT","url":"https://usn.ubuntu.com/4201-1/"}],"affected":[{"package":{"name":"ruby","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/ruby?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.7-20.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0408.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}