Oval Definition:	oval:com.ubuntu.xenial:def:20170903000
Revision Date: 2017-10-11 Version: 1 Title: CVE-2017-0903 on Ubuntu 16.04 LTS (xenial) - medium. Description: RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. Family: unix Class: vulnerability Status: Reference(s): CVE-2017-0903 Platform(s): Ubuntu 16.04 LTS Product(s): Definition Synopsis Ubuntu 16.04 LTS (xenial) is installed. AND Package Information The vulnerability of the 'jruby' package in xenial is not known (status: 'needs-triage'). It is pending evaluation. OR The 'ruby2.3' package in xenial was vulnerable but has been fixed (note: '2.3.1-2~16.04.6').
BACK