Home / mailings [USN-8556-1] Ruby vulnerabilities
Posted on 16 July 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8556-1
July 16, 2026
ruby2.3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Ruby.
Software Description:
- ruby2.3: Object-oriented scripting language
Details:
It was discovered that the Net::IMAP client in Ruby did not properly
sanitize Symbol arguments passed to IMAP commands. A remote attacker
controlling a malicious IMAP server, or able to influence command
arguments, could use this to inject arbitrary IMAP commands via CRLF
sequences. (CVE-2026-42258)
It was discovered that the Zlib::GzipReader in Ruby did not correctly
ensure sufficient buffer capacity in the zstream_buffer_ungets function.
An attacker could use this to craft a gzip stream that, when processed,
could cause a buffer overflow, resulting in memory corruption and possibly
arbitrary code execution. (CVE-2026-27820)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
libruby2.3 2.3.1-2~ubuntu16.04.16+esm15
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8556-1
CVE-2026-27820, CVE-2026-42258
--===============1291701886853798940==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
