- Vulnerability/
- USN-6181-1
USN-6181-1: Ruby vulnerabilities
First published: Wed Jun 21 2023(Updated: )
Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. This issue only affected Ubuntu 22.10. (CVE-2021-33621) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-28755, CVE-2023-28756)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/ruby3.1 | <3.1.2-6ubuntu0.23.04.1 | 3.1.2-6ubuntu0.23.04.1 |
| Ubuntu | =23.04 | |
| All of | ||
| ubuntu/libruby3.1 | <3.1.2-6ubuntu0.23.04.1 | 3.1.2-6ubuntu0.23.04.1 |
| Ubuntu | =23.04 | |
| All of | ||
| ubuntu/ruby3.1 | <3.1.2-2ubuntu0.22.10.1 | 3.1.2-2ubuntu0.22.10.1 |
| Ubuntu | =22.10 | |
| All of | ||
| ubuntu/libruby3.1 | <3.1.2-2ubuntu0.22.10.1 | 3.1.2-2ubuntu0.22.10.1 |
| Ubuntu | =22.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-28755
- https://ubuntu.com/security/CVE-2021-33621
- https://ubuntu.com/security/CVE-2023-28756
- https://ubuntu.com/security/notices/USN-6055-1
- https://ubuntu.com/security/notices/USN-6055-2
- https://ubuntu.com/security/notices/USN-6087-1
- https://ubuntu.com/security/notices/USN-6219-1
- https://ubuntu.com/security/notices/USN-5806-1
- https://ubuntu.com/security/notices/USN-5806-2
- https://ubuntu.com/security/notices/USN-5806-3
- https://launchpad.net/ubuntu/+source/ruby3.1/3.1.2-6ubuntu0.23.04.1
- https://launchpad.net/ubuntu/+source/ruby3.1/3.1.2-2ubuntu0.22.10.1
- https://ubuntu.com/security/notices/USN-6181-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-6181-1.
What software versions are affected by this vulnerability?
The software versions affected are ruby3.1 (version 3.1.2-6ubuntu0.23.04.1) and libruby3.1 (version 3.1.2-6ubuntu0.23.04.1) in Ubuntu 23.04, as well as ruby3.1 (version 3.1.2-2ubuntu0.22.10.1) and libruby3.1 (version 3.1.2-2ubuntu0.22.10.1) in Ubuntu 22.10.
What is the impact of this vulnerability?
This vulnerability could allow an attacker to maliciously modify the response a user would receive from a vulnerable application that generates HTTP responses using the cgi gem.
How can I fix this vulnerability?
To fix this vulnerability, update ruby3.1 to version 3.1.2-6ubuntu0.23.04.1 and libruby3.1 to version 3.1.2-6ubuntu0.23.04.1 if you are using Ubuntu 23.04, or update ruby3.1 to version 3.1.2-2ubuntu0.22.10.1 and libruby3.1 to version 3.1.2-2ubuntu0.22.10.1 if you are using Ubuntu 22.10.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability in the Ubuntu Security Notices at the following references: [CVE-2023-28755](https://ubuntu.com/security/CVE-2023-28755), [CVE-2021-33621](https://ubuntu.com/security/CVE-2021-33621), [CVE-2023-28756](https://ubuntu.com/security/CVE-2023-28756).
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/title
- agent/description
- agent/references
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/23.04
- version/ubuntu/22.10