{"id":"MGASA-2017-0482","summary":"Updated ruby-RubyGems packages fix security vulnerabilities","details":"An ANSI escape sequence vulnerability (CVE-2017-0899).\n\nA DoS vulnerability in the query command (CVE-2017-0900).\n\nA vulnerability in the gem installer that allowed a malicious gem to\noverwrite arbitrary files (CVE-2017-0901).\n\nA DNS request hijacking vulnerability (CVE-2017-0902).\n\nAn unsafe object deserialization vulnerability that allows an attacker\nto inject an instance of an object of their choosing in the target\nsystem. A clever attacker can inject an object that is able to interact\nwith the system in such a way that will allow the attacker to execute\narbitrary code (CVE-2017-0903).\n","modified":"2026-04-16T01:45:20.979233045Z","published":"2017-12-31T15:14:43Z","upstream":["CVE-2017-0899","CVE-2017-0900","CVE-2017-0901","CVE-2017-0902","CVE-2017-0903"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0482.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21639"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/"},{"type":"WEB","url":"http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html"}],"affected":[{"package":{"name":"ruby-RubyGems","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/ruby-RubyGems?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.11-5.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0482.json"}},{"package":{"name":"ruby-RubyGems","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/ruby-RubyGems?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.8-7.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0482.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}