==========================================================================
Ubuntu Security Notice USN-8556-1
July 16, 2026

ruby2.3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Ruby.

Software Description:
- ruby2.3: Object-oriented scripting language

Details:

It was discovered that the Net::IMAP client in Ruby did not properly
sanitize Symbol arguments passed to IMAP commands. A remote attacker
controlling a malicious IMAP server, or able to influence command
arguments, could use this to inject arbitrary IMAP commands via CRLF
sequences. (CVE-2026-42258)

It was discovered that the Zlib::GzipReader in Ruby did not correctly
ensure sufficient buffer capacity in the zstream_buffer_ungets function.
An attacker could use this to craft a gzip stream that, when processed,
could cause a buffer overflow, resulting in memory corruption and possibly
arbitrary code execution. (CVE-2026-27820)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  libruby2.3                      2.3.1-2~ubuntu16.04.16+esm15
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8556-1
  CVE-2026-27820, CVE-2026-42258

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to