AVG-1039 log

Package ruby
Status Fixed
Severity Medium
Type multiple issues
Affected 2.6.4-1
Fixed 2.6.5-1
Current 2.6.5-1 [extra]
Ticket FS#63977
Created Wed Oct 2 11:37:12 2019
Issue Severity Remote Type Description
CVE-2019-16255 Medium Yes Arbitrary code execution
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to code injection. Shell#[] and its alias Shell#test defined in lib/shell.rb...
CVE-2019-16254 Medium Yes Content spoofing
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to HTTP response splitting in WEBrick bundled with Ruby. If a program using...
CVE-2019-16201 Medium Yes Denial of service
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to denial of service via regular expressions in WEBrick's Digest access...
CVE-2019-15845 Medium Yes Insufficient validation
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to NUL injection in built-in methods (File.fnmatch and File.fnmatch?). An...
Date Advisory Package Description
02 Oct 2019 ASA-201910-2 ruby multiple issues
References
https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-6-5-released/