ruby-2.0.0.648-33.0.1.el7.AXS7

エラータID: AXSA:2018-2583:01

Release date: 
Thursday, March 1, 2018 - 18:55
Subject: 
ruby-2.0.0.648-33.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

* It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)

* A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter. (CVE-2017-0898)

* It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. (CVE-2017-0901)

* A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)

* A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter. (CVE-2017-0903)

* It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)

* It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)

* A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899)

* It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900)

* A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory. (CVE-2017-14064)

* The "lazy_initialize" function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands. (CVE-2017-17790)

CVE-2017-0898
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious
format string which contains a precious specifier (*) with a huge
minus value. Such situation can lead to a buffer overrun, resulting in
a heap memory corruption or an information disclosure from the heap.
CVE-2017-0899
RubyGems version 2.6.12 and earlier is vulnerable to maliciously
crafted gem specifications that include terminal escape characters.
Printing the gem specification would execute terminal escape
sequences.
CVE-2017-0900
RubyGems version 2.6.12 and earlier is vulnerable to maliciously
crafted gem specifications to cause a denial of service attack against
RubyGems clients who have issued a `query` command.
CVE-2017-0901
RubyGems version 2.6.12 and earlier fails to validate specification
names, allowing a maliciously crafted gem to potentially overwrite any
file on the filesystem.
CVE-2017-0902
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking
vulnerability that allows a MITM attacker to force the RubyGems client
to download and install gems from a server that the attacker controls.
CVE-2017-0903
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a
possible remote code execution vulnerability. YAML deserialization of
gem specifications can bypass class white lists. Specially crafted
serialized objects can possibly be used to escalate to remote code
execution.
CVE-2017-10784
The Basic authentication code in WEBrick library in Ruby before 2.2.8,
2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to
inject terminal emulator escape sequences into its log and possibly
execute arbitrary commands via a crafted user name.
CVE-2017-14033
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8,
2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause
a denial of service (interpreter crash) via a crafted string.
CVE-2017-14064
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can
expose arbitrary memory during a JSON.generate call. The issues lies in
using strdup in ext/json/ext/generator/generator.c, which will stop
after encountering a '\0' byte, returning a pointer to a string of
length zero, which is not the length stored in space_len.
CVE-2017-17405
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get,
getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use
Kernel#open to open a local file. If the localfile argument starts with
the "|" pipe character, the command following the pipe character is
executed. The default value of localfile is File.basename(remotefile),
so malicious FTP servers could cause arbitrary command execution.
CVE-2017-17790
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3
uses Kernel#open, which might allow Command Injection attacks, as
demonstrated by a Resolv::Hosts::new argument beginning with a '|'
character, a different vulnerability than CVE-2017-17405. NOTE:
situations with untrusted input may be highly unlikely.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. ruby-2.0.0.648-33.0.1.el7.AXS7.src.rpm
    MD5: 2731e45a5e841683b79cafac9ef56442
    SHA-256: b05ca266df7ad3ac58a4a8f4657af807b062b48183d09fb6616abc0ced40834e
    Size: 10.20 MB

Asianux Server 7 for x86_64
  1. ruby-2.0.0.648-33.0.1.el7.AXS7.x86_64.rpm
    MD5: 6065d3d3105e8c871e21b256d3e289ea
    SHA-256: 34ead422d06508829b614677122dc1547917b741c1b0e6fe1ad0f82634691e7a
    Size: 70.08 kB
  2. rubygem-bigdecimal-1.2.0-33.0.1.el7.AXS7.x86_64.rpm
    MD5: 3086a86ebc0bd0c2d4e607dd763300f1
    SHA-256: 57a062d634b7b94b9d0da8acf64f0d4993ed564618045ade05f5c44d08bd1c8d
    Size: 81.91 kB
  3. rubygem-io-console-0.4.2-33.0.1.el7.AXS7.x86_64.rpm
    MD5: be8b9d9f6fcef751e2cc2bd7fdb54913
    SHA-256: df5c4017e6be449597b8b9f783af05433f3c5177aa1c08564bf771c28cab0c2c
    Size: 52.97 kB
  4. rubygem-json-1.7.7-33.0.1.el7.AXS7.x86_64.rpm
    MD5: 083cc5b74eb8a2d24ca793d7b40cb111
    SHA-256: 432193f7bdbef3a0e8a67c2230802280e0b4f2f0d26bce10ba9c9278278343cf
    Size: 78.49 kB
  5. rubygem-psych-2.0.0-33.0.1.el7.AXS7.x86_64.rpm
    MD5: e80dc2ac22a319eedb43a990ab321085
    SHA-256: 6051819ef2c645b4f6d1197ae0c6a035df53173c73ee77f0c0e5e6f7a483031b
    Size: 81.45 kB
  6. rubygem-rdoc-4.0.0-33.0.1.el7.AXS7.noarch.rpm
    MD5: b2ec45692e2830b9053aeceac60bb938
    SHA-256: df39bffb293a07db3a3f5d06730966d25d9c0f5bf1df68e5eb909f59181a887a
    Size: 320.80 kB
  7. rubygems-2.0.14.1-33.0.1.el7.AXS7.noarch.rpm
    MD5: 037239069a6da7f1dd99d31fcec58189
    SHA-256: c3e8b66f07b302e302072d7ac65c91e75df6103b596db00e69e94f09289e9fc3
    Size: 218.38 kB
  8. ruby-irb-2.0.0.648-33.0.1.el7.AXS7.noarch.rpm
    MD5: 0933aa1b8f16701f34c51254d14022ad
    SHA-256: e399925b66a4ab19715adef1fba827f02e803f5d444a8ea3a743bc2d2acce0bf
    Size: 91.08 kB
  9. ruby-libs-2.0.0.648-33.0.1.el7.AXS7.x86_64.rpm
    MD5: 794cf265523c4959d97ec6432a287f9c
    SHA-256: c66cceb1a416532b5052b5b6923d7dc9b4eefeaf3d42ec94c2371a7da856b4f2
    Size: 2.79 MB
  10. ruby-libs-2.0.0.648-33.0.1.el7.AXS7.i686.rpm
    MD5: a6a5a48532721623cf914b2305892f88
    SHA-256: d8a14c3047fec8343f3ab60d890e7a68e9f10d2c57e010539133dbd0465dd560
    Size: 2.83 MB