Lucene search
Gentoo FoundationMGASA-2015-0345HistorySep 08, 2015 - 8:55 p.m.
Updated ruby-RubyGems packages fix security vulnerabilities
2015-09-0820:55:59
Gentoo Foundation
advisories.mageia.org
7
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.9%
Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a “DNS hijack attack” (CVE-2015-3900).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 4 | noarch | ruby-rubygems | < 2.1.11-3.1 | ruby-RubyGems-2.1.11-3.1.mga4 |
| Mageia | 5 | noarch | ruby-rubygems | < 2.1.11-5.1 | ruby-RubyGems-2.1.11-5.1.mga5 |
Related
nessus
nessus
Fedora 23 : rubygems-2.4.8-100.fc23 (2015-12501)
2015-08-11 00:00:00
FreeBSD : rubygems -- request hijacking vulnerability (a0089e18-fc9e-11e4-bc58-001e67150279)
2015-05-18 00:00:00
Fedora 21 : rubygems-2.2.5-100.fc21 (2015-13157)
2015-08-20 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: rubygems-2.2.5-100.fc21
2015-08-19 08:17:15
[SECURITY] Fedora 22 Update: rubygems-2.4.8-100.fc22
2015-08-11 02:06:59
[SECURITY] Fedora 23 Update: rubygems-2.4.8-100.fc23
2015-08-10 10:06:28
hackerone
hackerone
RubyGems: Request Hijacking Vulnerability In RubyGems 2.4.6 And Earlier
2015-05-06 00:00:00
RubyGems: Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier
2017-04-02 17:31:05
cve
cve
CVE-2015-3900
2015-06-24 14:59:00
CVE-2015-4020
2015-08-25 17:59:00
osv
osv
RubyGems vulnerable to DNS hijack attack
2022-05-14 01:08:49
RubyGems Improper Input Validation vulnerability
2022-05-17 00:16:50
openvas
openvas
Fedora Update for rubygems FEDORA-2015-13157
2015-08-20 00:00:00
Mageia: Security Advisory (MGASA-2015-0345)
2015-10-15 00:00:00
Fedora Update for rubygems FEDORA-2015-12574
2015-08-11 00:00:00
ubuntucve
ubuntucve
CVE-2015-3900
2015-06-24 00:00:00
CVE-2015-4020
2015-08-25 00:00:00
redhat
redhat
(RHSA-2015:1657) Important: rh-ruby22-ruby security update
2015-08-24 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 09:07:12
github
github
RubyGems vulnerable to DNS hijack attack
2022-05-14 01:08:49
RubyGems Improper Input Validation vulnerability
2022-05-17 00:16:50
threatpost
threatpost
RubyGems Patches Serious Redirection Vulnerability
2015-06-23 09:55:51
prion
prion
Design/Logic Flaw
2015-06-24 14:59:00
Design/Logic Flaw
2015-08-25 17:59:00
debiancve
debiancve
CVE-2015-3900
2015-06-24 14:59:00
CVE-2015-4020
2015-08-25 17:59:00
freebsd
freebsd
rubygems -- request hijacking vulnerability
2015-05-14 00:00:00
rubygems
rubygems
amazon
amazon
suse
suse
Security update for ruby2.1 (important)
2017-04-28 18:11:28
Security update for ruby2.1 (important)
2017-04-20 12:08:57
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.9%
Related for MGASA-2015-0345