Vulnerability Manager Plus

Ruby security update (CESA-2018:0378) rubygems-devel-2.0.14.1-33.el7_4.noarch.rpm

Risk Information

Base Score

9.1

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Score

Exploitation Probability

18.555%

CVE Information

Source CVE
CVE-2017-0901

Associated CVE
CVE-2017-0901
CVE-2017-17405
CVE-2017-0898

Patch Details

No records found

References

http://blog.rubygems.org/2017/08/27/2.6.13-released.html
http://www.securityfocus.com/bid/100580
http://www.securityfocus.com/bid/100862
http://www.securityfocus.com/bid/102204
http://www.securitytracker.com/id/1039249
http://www.securitytracker.com/id/1039363
http://www.securitytracker.com/id/1042004
https://access.redhat.com/errata/RHSA-2017:3485
https://access.redhat.com/errata/RHSA-2018:0378
https://access.redhat.com/errata/RHSA-2018:0583
https://access.redhat.com/errata/RHSA-2018:0584
https://access.redhat.com/errata/RHSA-2018:0585
https://github.com/mruby/mruby/issues/3722
https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2
https://hackerone.com/reports/212241
https://hackerone.com/reports/243156
https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html
https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
https://security.gentoo.org/glsa/201710-01
https://security.gentoo.org/glsa/201710-18
https://usn.ubuntu.com/3553-1/
https://www.debian.org/security/2017/dsa-3966
https://www.debian.org/security/2017/dsa-4031
https://www.debian.org/security/2018/dsa-4259
https://www.exploit-db.com/exploits/42611/
https://www.exploit-db.com/exploits/43381/
https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/
https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/
https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/