Home / mailingsPDF  

[USN-8556-1] Ruby vulnerabilities

Posted on 16 July 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8556-1
July 16, 2026

ruby2.3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Ruby.

Software Description:
- ruby2.3: Object-oriented scripting language

Details:

It was discovered that the Net::IMAP client in Ruby did not properly
sanitize Symbol arguments passed to IMAP commands. A remote attacker
controlling a malicious IMAP server, or able to influence command
arguments, could use this to inject arbitrary IMAP commands via CRLF
sequences. (CVE-2026-42258)

It was discovered that the Zlib::GzipReader in Ruby did not correctly
ensure sufficient buffer capacity in the zstream_buffer_ungets function.
An attacker could use this to craft a gzip stream that, when processed,
could cause a buffer overflow, resulting in memory corruption and possibly
arbitrary code execution. (CVE-2026-27820)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
libruby2.3 2.3.1-2~ubuntu16.04.16+esm15
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8556-1
CVE-2026-27820, CVE-2026-42258

--===============1291701886853798940==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP