-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2330-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ August 16, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : jruby Version : 1.7.26-1+deb9u2 CVE ID : CVE-2017-17742 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 Debian Bug : 925987 Several vulnerabilities were fixed in JRuby, a 100% pure-Java implementation of Ruby. CVE-2017-17742 CVE-2019-16254 HTTP Response Splitting attacks in the HTTP server of WEBrick. CVE-2019-16201 Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication. CVE-2019-8320 Delete directory using symlink when decompressing tar. CVE-2019-8321 Escape sequence injection vulnerability in verbose. CVE-2019-8322 Escape sequence injection vulnerability in gem owner. CVE-2019-8323 Escape sequence injection vulnerability in API response handling. CVE-2019-8324 Installing a malicious gem may lead to arbitrary code execution. CVE-2019-8325 Escape sequence injection vulnerability in errors. CVE-2019-16255 Code injection vulnerability of Shell#[] and Shell#test. For Debian 9 stretch, these problems have been fixed in version 1.7.26-1+deb9u2. We recommend that you upgrade your jruby packages. For the detailed security status of jruby please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jruby Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl85MOcACgkQiNJCh6LY mLHXlg/+I80rdmvGGOG8v9e2Es2A93psdBdrVEPysWMA1t8qjGrRRSmdIy5IL73e ROmqCJuqcXzzHqXnHmGSp7YPMDbYe3JEk2ipF/lZB3Vzo8ya+lfBNQDM0TDWPRdg wS5ROTCgOUaLJYRdOcmje+R3Ip3GKX9rSUk50IhxWsa8MsmeMqf08IXowaoSFB/b b3ubdBlJoX7s1P3o1taAZ6gAZ7x+FTfug7N9RCXH+4QiybFu8vX87DMWSBq7BViq ROxhw5bmUTrI9JI/L+SA10JZzFcB+IIvtPdDJqpzTwGGC+8naLSFaVzLFntjBtAo FklrLr8pba9giXN49DADGGgkGjNEdED0gJvFaWczCCHxcwiNCfURyTtX1OHwflOW LXkQnLXIDakNqlOXh3RJfnhw/w7R4bbWi8w22dgI510txtQr80X8LFxiURi9sp3b HutHMO+2gHgg8EabaNpF1Z3i+vM6yLyiqd7BPv0qYkiA0dS4+0WCc0oaHEDKjktS hv+l17RukeENFb5DpKYD2Srg8CIEewpPuR9UPdI+fA/V2s45V5q3aN5Ug4KfYcex v46NqTFhmLBgCyNwoB6CFFSkStcJpddeO0HUrb+DZeITJIhvsI+tEtlB9/66CPJa KlPBzfTg8v9ika4iUGyztFWmr3awiC7/VDc5F8juDNQzAvJm0LE= =SiAb -----END PGP SIGNATURE-----