Debian Security Advisory

DLA-1114-1 ruby1.9.1 -- LTS security update

Date Reported:
26 Sep 2017
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 873802, Bug 873906, Bug 875928, Bug 875931, Bug 875936.
In Mitre's CVE dictionary: CVE-2017-0898, CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064.
More information:

Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor.

  • CVE-2017-0898

    Buffer underrun vulnerability in Kernel.sprintf

  • CVE-2017-0899

    ANSI escape sequence vulnerability

  • CVE-2017-0900

    DOS vulernerability in the query command

  • CVE-2017-0901

    gem installer allows a malicious gem to overwrite arbitrary files

  • CVE-2017-10784

    Escape sequence injection vulnerability in the Basic authentication of WEBrick

  • CVE-2017-14033

    Buffer underrun vulnerability in OpenSSL ASN1 decode

  • CVE-2017-14064

    Heap exposure vulnerability in generating JSON

For Debian 7 Wheezy, these problems have been fixed in version

We recommend that you upgrade your ruby1.9.1 packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: