| Errata ID | 500 |
|---|---|
| Date | 2018-08-29 |
| Source package | ruby2.1 |
| Fixed in version | 2.1.5-2+deb8u5 |
| Description | This update addresses the following issues: * TclTkIp ip_cancel_eval type confusion vulnerability (CVE-2016-2337) * Path traversal when writing to a symlinked basedir outside of the root (CVE-2018-1000073) * Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (CVE-2018-1000074) |
| Additional notes | |
| CVE ID | CVE-2016-2337 CVE-2018-1000073 CVE-2018-1000074 |
| UCS Bug number | #47684 |
