March 2018 Archives
Ruby 2.2.10 Released
Ruby 2.2.10 has been released. This release includes several security fixes. Please check the topics below for details.
Posted by usa on 28 Mar 2018
CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby, because it uses tmpdir internally. This vulnerability has been assigned the CVE identifier CVE-2018-6914.
Posted by usa on 28 Mar 2018
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby.
And there is also a unintentional socket access vulnerability in UNIXSocket.open method.
This vulnerability has been assigned the CVE identifier CVE-2018-8779.
Posted by usa on 28 Mar 2018
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
There is an unintentional directory traversal in some methods in Dir.
This vulnerability has been assigned the CVE identifier CVE-2018-8780.
Posted by usa on 28 Mar 2018
CVE-2018-8777: DoS by large request in WEBrick
There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2018-8777.
Posted by usa on 28 Mar 2018
CVE-2017-17742: HTTP response splitting in WEBrick
There is an HTTP response splitting vulnerability in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2017-17742.
Posted by usa on 28 Mar 2018
CVE-2018-8778: Buffer under-read in String#unpack
There is a buffer under-read vulnerability in String#unpack method.
This vulnerability has been assigned the CVE identifier CVE-2018-8778.
Posted by usa on 28 Mar 2018