USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression. This update reverts the patches applied to CVE-2023-28755 in order to fix the regression pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-28755)
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "libruby2.3-dbgsym": "2.3.1-2~ubuntu16.04.16+esm6", "ruby2.3-tcltk": "2.3.1-2~ubuntu16.04.16+esm6", "ruby2.3-dev-dbgsym": "2.3.1-2~ubuntu16.04.16+esm6", "libruby2.3-dbg": "2.3.1-2~ubuntu16.04.16+esm6", "ruby2.3-dev": "2.3.1-2~ubuntu16.04.16+esm6", "ruby2.3-dbgsym": "2.3.1-2~ubuntu16.04.16+esm6", "libruby2.3": "2.3.1-2~ubuntu16.04.16+esm6", "ruby2.3-tcltk-dbgsym": "2.3.1-2~ubuntu16.04.16+esm6", "ruby2.3": "2.3.1-2~ubuntu16.04.16+esm6", "ruby2.3-doc": "2.3.1-2~ubuntu16.04.16+esm6" } ] }
{ "availability": "No subscription required", "binaries": [ { "ruby2.5": "2.5.1-1ubuntu1.15", "ruby2.5-dbgsym": "2.5.1-1ubuntu1.15", "libruby2.5": "2.5.1-1ubuntu1.15", "libruby2.5-dbgsym": "2.5.1-1ubuntu1.15", "ruby2.5-dev": "2.5.1-1ubuntu1.15", "ruby2.5-doc": "2.5.1-1ubuntu1.15" } ] }
{ "availability": "No subscription required", "binaries": [ { "ruby2.7-doc": "2.7.0-5ubuntu1.10", "ruby2.7-dbgsym": "2.7.0-5ubuntu1.10", "ruby2.7": "2.7.0-5ubuntu1.10", "libruby2.7": "2.7.0-5ubuntu1.10", "libruby2.7-dbgsym": "2.7.0-5ubuntu1.10", "ruby2.7-dev": "2.7.0-5ubuntu1.10" } ] }