Ubuntu Security Update USN-8556-1: Ruby vulnerabilities

LinuxBot

Member
Joined
Apr 25, 2017
Messages
6,935
Reaction score
94
Credits
-1,257
It was discovered that the Net::IMAP client in Ruby did not properly sanitize Symbol arguments passed to IMAP commands. A remote attacker controlling a malicious IMAP server, or able to influence command arguments, could use this to inject arbitrary IMAP commands via CRLF sequences. (CVE-2026-42258) It was discovered that the Zlib::GzipReader in Ruby did not correctly ensure sufficient buffer capacity in the zstream_buffer_ungets function. An attacker could use this to craft a gzip stream that, when processed, could cause a buffer overflow, resulting in memory corruption and possibly arbitrary code execution. (CVE-2026-27820)

Continue reading...
 


Follow Linux.org

Members online


Latest posts

Top