FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rubygems -- multiple vulnerabilities

Affected packages
ruby22-gems < 2.6.13
ruby23-gems < 2.6.13
ruby24-gems < 2.6.13

Details

VuXML ID 3f6de636-8cdb-11e7-9c71-f0def1fd7ea2
Discovery 2017-08-29
Entry 2017-08-29

Official blog of RubyGems reports:

The following vulnerabilities have been reported: a DNS request hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files.

References

URL https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/