CVE-2017-14033 in Ubuntu

CVE-2017-14033

Priority

Description

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x
before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of
service (interpreter crash) via a crafted string.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033
https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/
https://ubuntu.com/security/notices/USN-3439-1
https://ubuntu.com/security/notices/USN-3528-1

Bugs

https://bugzilla.novell.com/show_bug.cgi?id=1058757

Notes

Package

Source: ruby1.9.1 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 ESM:	DNE (trusty was released [1.9.3.484-2ubuntu1.5])

Patches:

Package

Source: ruby2.1 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: ruby2.3 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 16.04 ESM:	released (2.3.1-2~16.04.5)
Ubuntu 14.04 ESM:	DNE

Patches:

Other:

https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b

More Information

Updated: 2022-04-13 12:55:03 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)