DSA-3966-1 ruby2.3 -- ruby2.3ID: oval:org.secpod.oval:def:53129 | Date: (C)2019-04-04 (M)2024-01-29 |
Class: PATCH | Family: unix |
Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2015-9096 SMTP command injection in Net::SMTP. CVE-2016-7798 Incorrect handling of initialization vector in the GCM mode in the OpenSSL extension. CVE-2017-0900 Denial of service in the RubyGems client. CVE-2017-0901 Potential file overwrite in the RubyGems client. CVE-2017-0902 DNS hijacking in the RubyGems client. CVE-2017-14064 Heap memory disclosure in the JSON library.