45 matches found
openSUSE: Security Advisory for ruby-bundled-gems-rpmhelper, ruby2.5 (openSUSE-SU-2019:1771-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLED15 / SLES15 Security Update : ruby-bundled-gems-rpmhelper, ruby2.5 (SUSE-SU-2019:1804-1)
This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues : Changes in ruby2.5 : Update to 2.5.5 and 2.5.4 : https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed :...
EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2019-1617)
According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to...
Photon OS 1.0: Ruby PHSA-2019-1.0-0205
An update of the ruby package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0205. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid122903;...
Photon OS 2.0: Ruby PHSA-2019-2.0-0130
An update of the ruby package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0130. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid122896;...
Photon OS 1.0: Rubygem PHSA-2019-1.0-0205
An update of the rubygem package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0205. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Fedora Update for ruby FEDORA-2018-190ecd2ef8
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: rh-ruby25-ruby security, bug fix, and enhancement update
An update for rh-ruby25-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
CVE-2018-16396
CVE-2018-16396 is a taint propagation issue in Ruby: certain formats used when unpacking tainted strings do not propagate taint correctly. Affected versions are Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. The root cause is that unpacked strings deri...
CVE-2018-16396
Removed by vendor...
Ubuntu: Security Advisory (USN-3808-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3808-1: Ruby vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. CVE-2018-16395 It was discovered that Ruby incorrectl...
USN-3808-1: Ruby vulnerabilities
It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. CVE-2018-16395 It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...
Debian DSA-4332-1 : ruby2.3 - security update
Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-16395 Tyler Eckstein reported that the equality check of OpenSSL::X509::Name could return true for non-equal...
[SECURITY] [DSA 4332-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4332-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4332-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4332-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1558-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u6 CVE ID : CVE-2018-16395 CVE-2018-16396 CVE-2018-16395 Fix for OpenSSL::X509::Name equality check. CVE-2018-16396 Tainted flags are not propagated in Arraypack and Stringunpack with some directives. For Debian 8 "Jessie", these problems have been fixed in...
Debian: Security Advisory (DLA-1558-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-16396
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...
ruby -- multiple vulnerabilities
Ruby news: CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly An instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equali...