USN-6219-1: Ruby vulnerabilities

Reference Links

• https://ubuntu.com/security/CVE-2023-36617
• https://ubuntu.com/security/CVE-2023-28755
• https://ubuntu.com/security/notices/USN-6055-1
• https://ubuntu.com/security/notices/USN-6055-2
• https://ubuntu.com/security/notices/USN-6087-1
• https://ubuntu.com/security/notices/USN-6181-1
• https://launchpad.net/ubuntu/+source/ruby3.1/3.1.2-6ubuntu0.23.04.2
• https://launchpad.net/ubuntu/+source/ruby3.0/3.0.4-7ubuntu0.2
• https://launchpad.net/ubuntu/+source/ruby3.0/3.0.2-7ubuntu2.4
• https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.12
• https://ubuntu.com/security/notices/USN-6219-1 (Advisory)

Child vulnerabilities

(Contains the following vulnerabilities)

• CVE-2023-36617
• CVE-2023-28755

Frequently Asked Questions

• What is the severity of CVE-2023-28755?

  The severity of CVE-2023-28755 is medium.

• How do I fix the Ruby vulnerabilities in Ubuntu?

  To fix the Ruby vulnerabilities in Ubuntu, update to the specified versions: 3.1.2-6ubuntu0.23.04.2 for ruby3.1, 3.1.2-6ubuntu0.23.04.2 for libruby3.1, 3.0.4-7ubuntu0.2 for ruby3.0, 3.0.4-7ubuntu0.2 for libruby3.0, 3.0.2-7ubuntu2.4 for ruby3.0, 3.0.2-7ubuntu2.4 for libruby3.0, 2.7.0-5ubuntu1.12 for ruby2.7, 2.7.0-5ubuntu1.12 for libruby2.7, 2.5.1-1ubuntu1.16+esm1 for ruby2.5, 2.5.1-1ubuntu1.16+esm1 for libruby2.5, 2.3.1-2~ubuntu16.04.16+esm8 for libruby2.3, and 2.3.1-2~ubuntu16.04.16+esm8 for ruby2.3.

• What versions of Ubuntu are affected by the Ruby vulnerabilities?

  The Ruby vulnerabilities affect Ubuntu versions 23.04, 22.10, 22.04, 20.04, 18.04, and 16.04.

• What is the remedy for CVE-2023-28755?

  The remedy for CVE-2023-28755 is to update to version 3.1.2-6ubuntu0.23.04.2 or later.

• Where can I find more information about the Ruby vulnerabilities in Ubuntu?

  You can find more information about the Ruby vulnerabilities in Ubuntu on the Ubuntu Security Notices page.