SB2017090615 - Fedora 25 update for ruby

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Security restrictions bypass (CVE-ID: CVE-2017-0899)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to unknown error. A remote attacker can escape ANSI.

2) Denial of service (CVE-ID: CVE-2017-0900)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input. A local attacker can supply a specially crafted 'query' command and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Improper input validation (CVE-ID: CVE-2017-0901)

The vulnerability allows a remote attacker to overwrite arbitrary files on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into installing a specially crafted RubyGem and overwrite arbitrary files.

4) Session hijacking (CVE-ID: CVE-2017-0902)

The vulnerability allows a remote attacker to hijack the target user's session.

The weakness exists due to improper access control. A remote attacker can hijack DNS sessions.

5) Information disclosure (CVE-ID: CVE-2017-14064)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an issue with using strdup in ext/json/ext/generator/generator.c during a JSON generate call. A remote attacker can send a specially crafted request, stop strdup after encountering a '' byte, returning a pointer to a string of length zero, which is not the length stored in space_len and expose arbitrary memory.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2017-e136d63c99