CVE-2017-0900: RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who…

CVE-2017-0900 [HIGH] CWE-20 RubyGems Improper Input Validation vulnerability RubyGems Improper Input Validation vulnerability RubyGems versions 2.6.12 and earlier are vulnerable to maliciously crafted gem specifications that cause a denial of service attack against RubyGems clients who have issued a `query` command.

CVE-2017-0900 [HIGH] RubyGems Improper Input Validation vulnerability RubyGems Improper Input Validation vulnerability RubyGems versions 2.6.12 and earlier are vulnerable to maliciously crafted gem specifications that cause a denial of service attack against RubyGems clients who have issued a `query` command.

CVE-2017-0898 [CRITICAL] ruby1.9.1 vulnerabilities ruby1.9.1 vulnerabilities It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) Yusuke Endoh discovered that Ruby incorrectly handled certain files. An attacker could use this to execute terminal escape sequences. (CVE-2017-0899) Yusuke Endoh discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a denial of service. (CVE-2017-0900) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-10784) It was discovered that Ruby incorrectly handled certain inp

CVE-2017-0900 [HIGH] CVE-2017-0900: RubyGems version 2 RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.

CVE-2017-0898 [CRITICAL] Ruby vulnerabilities Title: Ruby vulnerabilities Summary: Several security issues were fixed in Ruby. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) Yusuke Endoh discovered that Ruby incorrectly handled certain files. An attacker could use this to execute terminal escape sequences. (CVE-2017-0899) Yusuke Endoh discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a denial of service. (CVE-2017-0900) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-10784) It

CVE-2017-0900 [HIGH] CWE-138 rubygems: No size limit in summary length of gem spec rubygems: No size limit in summary length of gem spec RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. Statement: This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional inform

CVE-2017-0900 [HIGH] CVE-2017-0900: rubygems - RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem spe... RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. Scope: local bookworm: resolved (fixed in 3.2.0~rc.1-1) bullseye: resolved (fixed in 3.2.0~rc.1-1) forky: resolved (fixed in 3.2.0~rc.1-1) sid: resolved (fixed in 3.2.0~rc.1-1) trixie: resolved (fixed in 3.2.0~rc.1-1)

CVE-2017-0899 [CRITICAL] CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 rubygems: various flaws [fedora-all] CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 rubygems: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple sup

CVE-2017-0900 [HIGH] CVE-2017-0900 rubygems: No size limit in summary length of gem spec CVE-2017-0900 rubygems: No size limit in summary length of gem spec RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. Upstream patch: https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251 Bug report: https://hackerone.com/reports/243003 External References: http://blog.rubygems.org/2017/08/27/2.6.13-released.html Discussion: Created ruby193-rubygems tracking bugs for this issue: Affects: openshift-1 [bug 1487592] Created rubygems tracking bugs for this issue: Affects: fedora-all [bug 1487591] Affects: openshift-1 [bug 1487593] --- This issue has been addressed in the following products: Red Hat Software Coll