Debian: Security Advisory (DLA-3989-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 9 : ruby:3.1 (ALSA-2024:10860)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:10860 advisory. rexml: REXML ReDoS vulnerability CVE-2024-49761 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that...

DLA-3989-1 ruby-doorkeeper - security update

Bulletin has no description...

RHSA-2024:10860 Red Hat Security Advisory: ruby:3.1 security update

Bulletin has no description...

RHSA-2024:10858 Red Hat Security Advisory: ruby security update

Bulletin has no description...

RHSA-2024:10850 Red Hat Security Advisory: ruby:2.5 security update

Bulletin has no description...

RHSA-2024:10834 Red Hat Security Advisory: ruby:3.1 security update

Bulletin has no description...

ruby:3.1 security update

ruby 3.1.5-145 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68530 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-34121 - Fix arbitrary...

Oracle Linux 8 : ruby:3.1 (ELSA-2024-10834)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10834 advisory. ruby 3.1.5-144 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68520 rubygem-abrt rubygem-mysql2 rubygem-pg Tenable has extracted the preceding...

RHEL 9 : ruby (RHSA-2024:10858)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10858 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

RHEL 8 : ruby:2.5 (RHSA-2024:10850)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10850 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

The vulnerability of the Ruby Syntax Detector component of the JetBrains YouTrack project management and task management software allows a hacker to trigger a service failure.

The vulnerability of the Ruby Syntax Detector component of the JetBrains YouTrack project management and task management software is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow an attacker to cause service interruptions...

RHEL 9 : ruby:3.1 (RHSA-2024:10860)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10860 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

Oracle Linux 9 : ruby:3.1 (ELSA-2024-10860)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10860 advisory. - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68530 Tenable has extracted the preceding description block directly from the Oracle Linux...

ruby:3.1 security update

ruby 3.1.5-144 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68520 rubygem-abrt rubygem-mysql2 rubygem-pg...

CLSA-2024-1733429722 Fix CVE(s): CVE-2024-48992

SECURITY UPDATE: Arbitrary code execution via manipulated RUBYLIB environment variable - debian/patches/CVE-2024-48992.patch: Prevent script from setting RUBYLIB environment variable to avoid LPE - CVE-2024-48992...

USN-7117-3 needrestart regression

USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a regression in needrestart. This update fixes the problem for LXC containers. We apologize for the inconvenience. Original advisory details: Qualys discovered that needrestart passed unsanitized data to a library...

Important: Red Hat Security Advisory: ruby:3.1 security update

An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...