FEDORA-2018-7be77249d4 — security update for ruby

stable

ruby-2.4.4-88.fc26

FEDORA-2018-7be77249d4 created by pvalena 7 years ago for Fedora 26

Rebase to Ruby 2.4.4. Includes several CVE fixes. https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-7be77249d4

This update has been submitted for testing by pvalena.

7 years ago

This update has been pushed to testing.

7 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for batched by pvalena.

6 years ago

This update has been submitted for stable by pvalena.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Dates

submitted

7 years ago

in testing

7 years ago

in stable

6 years ago

Builds

ruby-2.4.4-88.fc26

BZ#1561947 CVE-2018-6914 ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir

BZ#1561948 CVE-2018-8779 ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

BZ#1561949 CVE-2018-8780 ruby: Unintentional directory traversal by poisoned NULL byte in Dir

BZ#1561950 CVE-2018-8777 ruby: DoS by large request in WEBrick

BZ#1561952 CVE-2017-17742 ruby: HTTP response splitting in WEBrick

BZ#1561953 CVE-2018-8778 ruby: Buffer under-read in String#unpack

BZ#1561957 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 ruby: various flaws [fedora-all]

ruby-2.4.4-88.fc26

Automated Test Results

ignored