Ubuntu Update For Ruby2.0 USN-2397-1 Network Vulnerability

Summary

Check the version of ruby2.0

Solution

Please Install the Updated Packages.

Insight

Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2014-4975) Willis Vandevanter discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service. (CVE-2014-8080)

Affected

ruby2.0 on Ubuntu 14.04 LTS , Ubuntu 12.04 LTS

Detection

Get the installed version with the help of detect NVT and check if the version is vulnerable or not.

Severity

Classification

CVE CVE-2014-4975, CVE-2014-8080
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Ubuntu Update for curl USN-2097-1
Ubuntu Update for cups USN-2144-1
Ubuntu Update for compiz-fusion-plugins-main vulnerability USN-688-1
Ubuntu Update for bzip2 vulnerability USN-986-1
Ubuntu Update for apache2 USN-1765-1

Ubuntu Update for ruby2.0 USN-2397-1

Take action and discover your vulnerabilities