The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Ruby: denial of service via WEBrick Service Regular Expression

Synthesis of the vulnerability 

An attacker can trigger a fatal error via WEBrick Service Regular Expression of Ruby, in order to trigger a denial of service.
Vulnerable systems: Debian, Solaris, SLES, Ubuntu.
Severity of this threat: 2/4.
Creation date: 26/11/2019.
Références of this weakness: CVE-2019-16201, DLA-2007-1, DLA-2027-1, DSA-4586-1, DSA-4587-1, SUSE-SU-2020:0737-1, USN-4201-1, VIGILANCE-VUL-30968.

Description of the vulnerability 

An attacker can trigger a fatal error via WEBrick Service Regular Expression of Ruby, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security bulletin impacts software or systems such as Debian, Solaris, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this cybersecurity announce is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability alert.

Solutions for this threat 

Debian 10: new ruby2.5 packages.
New packages are available:
  Debian 10: ruby2.5 2.5.5-3+deb10u1

Debian 8: new jruby packages.
New packages are available:
  Debian 8: jruby 1.5.6-9+deb8u2

Debian 8: new ruby2.1 packages.
New packages are available:
  Debian 8: ruby2.1 2.1.5-2+deb8u8

Debian 9: new ruby2.3 packages.
New packages are available:
  Debian 9: ruby2.3 2.3.3-1+deb9u7

Oracle Solaris: patch for third party software of Januray 2020 v3.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

SUSE LE 15: new ruby2.5 packages.
New packages are available:
  SUSE LE 15 RTM: ruby2.5 2.5.7-4.8.1
  SUSE LE 15 SP1: ruby2.5 2.5.7-4.8.1

Ubuntu: new ruby packages.
New packages are available:
  Ubuntu 19.10: libruby2.5 2.5.5-4ubuntu2.1, ruby2.5 2.5.5-4ubuntu2.1
  Ubuntu 19.04: libruby2.5 2.5.5-1ubuntu1.1, ruby2.5 2.5.5-1ubuntu1.1
  Ubuntu 18.04 LTS: libruby2.5 2.5.1-1ubuntu1.6, ruby2.5 2.5.1-1ubuntu1.6
  Ubuntu 16.04 LTS: libruby2.3 2.3.1-2~ubuntu16.04.14, ruby2.3 2.3.1-2~ubuntu16.04.14

Wind River Linux: version 10.18.44.14.
The version 10.18.44.14 is fixed:
  https://support2.windriver.com/
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerabilities note. The technology watch team tracks security threats targeting the computer system.