Fedora Update Notification
2018-04-15 02:32:41.338102

Name        : ruby
Product     : Fedora 28
Version     : 2.5.1
Release     : 92.fc28
URL         : http://ruby-lang.org/
Summary     : An interpreter of object-oriented scripting language
Description :
Ruby is the interpreted scripting language for quick and easy
object-oriented programming.  It has many features to process text
files and to do system management tasks (as in Perl).  It is simple,
straight-forward, and extensible.

Update Information:

* Rebase to Ruby 2.5.1. * Several CVE fixes. * Conflict requirement needs to
generate dependency. * Stop using --with-setjmp-type=setjmp on aarch64.

  [ 1 ] Bug #1561947 - CVE-2018-6914 ruby: Unintentional file and directory 
creation with directory traversal in tempfile and tmpdir
  [ 2 ] Bug #1561948 - CVE-2018-8779 ruby: Unintentional socket creation by 
poisoned NUL byte in UNIXServer and UNIXSocket
  [ 3 ] Bug #1561949 - CVE-2018-8780 ruby: Unintentional directory traversal by 
poisoned NUL byte in Dir
  [ 4 ] Bug #1561950 - CVE-2018-8777 ruby: DoS by large request in WEBrick
  [ 5 ] Bug #1561952 - CVE-2017-17742 ruby: HTTP response splitting in WEBrick
  [ 6 ] Bug #1561953 - CVE-2018-8778 ruby: Buffer under-read in String#unpack

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade ruby' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-le...@lists.fedoraproject.org

Reply via email to