Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 649
    • Issues 649
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 181
    • Merge Requests 181
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #8747

Closed
Open
Opened Mar 29, 2018 by Natanael Copa@ncopaOwner
  • Report abuse
  • New issue
Report abuse New issue

[3.7] Ruby 2.2.9, 2.3.6, 2.4.3, 2.5.0 Multiple Vulnerabilities

Ruby has multiple vulnerabilities:

  • CVE-2017-17742: HTTP response splitting in WEBrick
  • CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
  • CVE-2018-8777: DoS by large request in WEBrick
  • CVE-2018-8778: Buffer under-read in String#unpack
  • CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
  • CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
  • Multiple vulnerabilities in RubyGems

Fixed in ruby 2.5.1, 2.4.4, 2.3.7, 2.2.10

(from redmine: issue id 8747, created on 2018-03-29, closed on 2018-04-03)

  • Relations:
    • parent #8746 (closed)
  • Changesets:
    • Revision 8e71f2e5 by Natanael Copa on 2018-03-29T14:19:52Z:
main/ruby: security upgrade to 2.5.1

CVE-2017-17742: HTTP response splitting in WEBrick

CVE-2018-6914: Unintentional file and directory creation with directory
               traversal in tempfile and tmpdir

CVE-2018-8777: DoS by large request in WEBrick

CVE-2018-8778: Buffer under-read in String#unpack

CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
               UNIXServer and UNIXSocket

CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in
               Dir

ref #8747
  • Revision 0bba1702 by Natanael Copa on 2018-03-29T14:25:15Z:
main/ruby: security upgrade to 2.4.4

CVE-2017-17742: HTTP response splitting in WEBrick

CVE-2018-6914: Unintentional file and directory creation with directory
               traversal in tempfile and tmpdir

CVE-2018-8777: DoS by large request in WEBrick

CVE-2018-8778: Buffer under-read in String#unpack

CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
               UNIXServer and UNIXSocket

CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in
               Dir

fixes #8747
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.7.1
Milestone
3.7.1 (Past due)
Assign milestone
Time tracking
None
Due date
None
3
Labels
Normal tag:security type:bug
Assign labels
  • View project labels
Reference: alpine/aports#8747