AVG-1040 log

Package ruby2.5
Status Fixed
Severity Medium
Type multiple issues
Affected 2.5.6-1
Fixed 2.5.7-1
Current 2.5.7-1 [community]
Ticket FS#63977
Created Wed Oct 2 11:37:40 2019
Issue Severity Remote Type Description
CVE-2019-16255 Medium Yes Arbitrary code execution
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to code injection. Shell#[] and its alias Shell#test defined in lib/shell.rb...
CVE-2019-16254 Medium Yes Content spoofing
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to HTTP response splitting in WEBrick bundled with Ruby. If a program using...
CVE-2019-16201 Medium Yes Denial of service
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to denial of service via regular expressions in WEBrick's Digest access...
CVE-2019-15845 Medium Yes Insufficient validation
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to NUL injection in built-in methods (File.fnmatch and File.fnmatch?). An...
CVE-2015-9251 Medium Yes Cross-site scripting
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing...
CVE-2012-6708 Medium Yes Cross-site scripting
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a...
Date Advisory Package Description
02 Oct 2019 ASA-201910-5 ruby2.5 multiple issues
References
https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-5-7-released/
Notes
RDoc is a static documentation generation tool, patching the tool itself is insufficient to mitigate these vulnerabilities. Documentations generated with previous versions have to be re-generated with newer RDoc.