svn commit: r450148 - head/security/vuxml
Sunpoet Po-Chuan Hsieh
sunpoet at FreeBSD.org
Tue Sep 19 16:59:16 UTC 2017
Author: sunpoet
Date: Tue Sep 19 16:59:15 2017
New Revision: 450148
URL: https://svnweb.freebsd.org/changeset/ports/450148
Log:
Document Ruby vulnerability
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Sep 19 16:49:12 2017 (r450147)
+++ head/security/vuxml/vuln.xml Tue Sep 19 16:59:15 2017 (r450148)
@@ -58,6 +58,61 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="95b01379-9d52-11e7-a25c-471bafc3262f">
+ <topic>ruby -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ruby</name>
+ <range><ge>2.2.0</ge><lt>2.2.8</lt></range>
+ <range><ge>2.3.0</ge><lt>2.3.5</lt></range>
+ <range><ge>2.4.0</ge><lt>2.4.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ruby blog:</p>
+ <blockquote cite="https://www.ruby-lang.org/en/security/">
+ <p>CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf</p>
+ <p>If a malicious format string which contains a precious specifier (*)
+ is passed and a huge minus value is also passed to the specifier,
+ buffer underrun may be caused. In such situation, the result may
+ contains heap, or the Ruby interpreter may crash.</p>
+ <p>CVE-2017-10784: Escape sequence injection vulnerability in the Basic
+ authentication of WEBrick</p>
+ <p>When using the Basic authentication of WEBrick, clients can pass an
+ arbitrary string as the user name. WEBrick outputs the passed user name
+ intact to its log, then an attacker can inject malicious escape
+ sequences to the log and dangerous control characters may be executed
+ on a victim’s terminal emulator.</p>
+ <p>This vulnerability is similar to a vulnerability already fixed, but
+ it had not been fixed in the Basic authentication.</p>
+ <p>CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode</p>
+ <p>If a malicious string is passed to the decode method of OpenSSL::ASN1,
+ buffer underrun may be caused and the Ruby interpreter may crash.</p>
+ <p>CVE-2017-14064: Heap exposure vulnerability in generating JSON</p>
+ <p>The generate method of JSON module optionally accepts an instance of
+ JSON::Ext::Generator::State class. If a malicious instance is passed,
+ the result may include contents of heap.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.ruby-lang.org/en/security/</url>
+ <url>https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/</url>
+ <url>https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/</url>
+ <url>https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/</url>
+ <url>https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/</url>
+ <cvename>CVE-2017-0898</cvename>
+ <cvename>CVE-2017-10784</cvename>
+ <cvename>CVE-2017-14033</cvename>
+ <cvename>CVE-2017-14064</cvename>
+ </references>
+ <dates>
+ <discovery>2017-09-14</discovery>
+ <entry>2017-09-19</entry>
+ </dates>
+ </vuln>
+
<vuln vid="2bffdf2f-9d45-11e7-a25c-471bafc3262f">
<topic>rubygem-geminabox -- XSS & CSRF vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list