Ruby: Multiple vulnerabilities — GLSA 201710-18

Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code.

Affected packages

dev-lang/ruby on all architectures
Affected versions < 2.2.8
Unaffected versions >= 2.2.8

Background

Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server (“WEBRick”) and a class for XML parsing (“REXML”).

Description

Multiple vulnerabilities have been discovered in Ruby. Please review the referenced CVE identifiers for details.

Impact

A remote attacker could execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Ruby users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.2.8"
 

References

Release date
October 18, 2017

Latest revision
October 18, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries