USN-6055-2: Ruby regression
USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression.
This update reverts the patches applied to CVE-2023-28755 in order to fix the regression
pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2023-28755)
Source: USN-6055-2: Ruby regression
Leave a Reply