Lucene search
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2666)
🗓️ 05 Sep 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 20 Views
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2666
Show more
| Reporter | Title | Published | Views | Family All 199 |
|---|---|---|---|---|
 | USN-6055-1 ruby2.3, ruby2.5, ruby2.7 vulnerabilities | 4 May 202308:10 | – | osv |
| USN-6055-2 ruby2.3, ruby2.5, ruby2.7 regression | 5 May 202312:46 | – | osv |
| USN-6087-1 ruby2.3, ruby2.5, ruby2.7 vulnerabilities | 18 May 202309:35 | – | osv |
| DLA-3447-1 ruby2.5 - security update | 6 Jun 202300:00 | – | osv |
| RHSA-2023:3821 Red Hat Security Advisory: ruby:2.7 security, bug fix, and enhancement update | 13 Sep 202420:36 | – | osv |
| ALSA-2023:3821 Moderate: ruby:2.7 security, bug fix, and enhancement update | 27 Jun 202300:00 | – | osv |
| RLSA-2023:3821 Moderate: ruby:2.7 security, bug fix, and enhancement update | 31 Aug 202316:54 | – | osv |
| RHSA-2023:3291 Red Hat Security Advisory: rh-ruby27-ruby security, bug fix, and enhancement update | 13 Sep 202420:36 | – | osv |
| RLSA-2024:1431 Moderate: ruby:3.1 security, bug fix, and enhancement update | 27 Mar 202404:34 | – | osv |
| RHSA-2023:7025 Red Hat Security Advisory: ruby:2.5 security update | 4 Oct 202406:58 | – | osv |
10
| Source | Link |
|---|---|
| developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2023.2666");
script_cve_id("CVE-2023-28755", "CVE-2023-28756");
script_tag(name:"creation_date", value:"2023-09-05 15:52:35 +0000 (Tue, 05 Sep 2023)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-05-30 17:17:15 +0000 (Tue, 30 May 2023)");
script_name("Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2666)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP11");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2023-2666");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2023-2666");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'ruby' package(s) announced via the EulerOS-SA-2023-2666 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.(CVE-2023-28756)
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.(CVE-2023-28755)");
script_tag(name:"affected", value:"'ruby' package(s) on Huawei EulerOS V2.0SP11.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP11") {
if(!isnull(res = isrpmvuln(pkg:"ruby", rpm:"ruby~3.0.3~122.h8.eulerosv2r11", rls:"EULEROS-2.0SP11"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby-help", rpm:"ruby-help~3.0.3~122.h8.eulerosv2r11", rls:"EULEROS-2.0SP11"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby-irb", rpm:"ruby-irb~3.0.3~122.h8.eulerosv2r11", rls:"EULEROS-2.0SP11"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo05 Sep 2023 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS35.3
EPSS0.00665
SSVC