PublicDateAtUSN: 2018-04-03
Candidate: CVE-2018-8779
PublicDate: 2018-04-03 22:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779
 https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
 https://github.com/ruby/ruby/commit/8794dec6a5f11adc5cdd19a5ee91ea6b0816763f
 https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9
 https://ubuntu.com/security/notices/USN-3626-1
Description:
 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before
 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods
 are not checked for null characters. It may be connected to an unintended
 socket.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_ruby1.9.1:
upstream_ruby1.9.1: needs-triage
precise/esm_ruby1.9.1: DNE
trusty_ruby1.9.1: released (1.9.3.484-2ubuntu1.11)
trusty/esm_ruby1.9.1: DNE (trusty was released [1.9.3.484-2ubuntu1.11])
xenial_ruby1.9.1: DNE
artful_ruby1.9.1: DNE
bionic_ruby1.9.1: DNE
devel_ruby1.9.1: DNE

Patches_ruby2.0:
upstream_ruby2.0: needs-triage
precise/esm_ruby2.0: DNE
trusty_ruby2.0: released (2.0.0.484-1ubuntu2.9)
trusty/esm_ruby2.0: DNE (trusty was released [2.0.0.484-1ubuntu2.9])
xenial_ruby2.0: DNE
artful_ruby2.0: DNE
bionic_ruby2.0: DNE
devel_ruby2.0: DNE

Patches_ruby2.3:
upstream_ruby2.3: needs-triage
precise/esm_ruby2.3: DNE
trusty_ruby2.3: DNE
trusty/esm_ruby2.3: DNE
xenial_ruby2.3: released (2.3.1-2~16.04.9)
esm-infra/xenial_ruby2.3: released (2.3.1-2~16.04.9)
artful_ruby2.3: released (2.3.3-1ubuntu1.5)
bionic_ruby2.3: DNE
devel_ruby2.3: DNE

Patches_ruby2.5:
upstream_ruby2.5: needs-triage
precise/esm_ruby2.5: DNE
trusty_ruby2.5: DNE
trusty/esm_ruby2.5: DNE
xenial_ruby2.5: DNE
artful_ruby2.5: DNE
bionic_ruby2.5: released (2.5.1-1)
devel_ruby2.5: released (2.5.1-1)