MGASA-2017-0290

Advisory lineage Upstream: 3 Downstream: 0

Upstream

CVE-2015-9096 CVE-2016-2337 CVE-2016-2339

Published: 20 Aug 2017, 09:10

Last modified:16 Apr 2026, 06:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Aug 2017, 09:10

Published

Vulnerability first disclosed

16 Apr 2026, 06:26

Last Modified

Vulnerability information updated

Description

Updated ruby packages fix security vulnerabilities It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A remote attacker could possibly use this issue to inject SMTP commands. (CVE-2015-9096) Marcin Noga discovered that Ruby incorrectly handled certain arguments in a TclTkIp class method. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2337) It was discovered that Ruby Fiddle::Function.new incorrectly handled certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339)

Affected Systems

mageia•ruby
< 2.0.0.p648-1.4.mga5
mageia•ruby
< 2.2.7-1.mga6

MGASA-2017-0290

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)