163 matches found
[SECURITY] [DSA 1652-1] New ruby1.9 packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1652-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 12, 2008 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1651-1] New ruby1.8 packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1651-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 12, 2008 http://www.debian.org/security/faq -...
DSA-1651-1 ruby1.8 - several vulnerabilities
Bulletin has no description...
DSA-1652-1 ruby1.9 - several vulnerabilities
Bulletin has no description...
Fedora 9 : ruby-1.8.6.287-2.fc9 (2008-8738)
Update to new upstream release fixing multiple security issues detailed in the upstream advisories: http://www.ruby-lang.org/en/news/2008/08/08/multiple- vulnerabilities-in-ruby/ - CVE-2008-3655 - multiple insufficient safe mode restrictions - CVE-2008-3656 - WEBrick DoS vulnerability CPU...
Fedora 8 : ruby-1.8.6.287-2.fc8 (2008-8736)
Update to new upstream release fixing multiple security issues detailed in the upstream advisories: http://www.ruby-lang.org/en/news/2008/08/08/multiple- vulnerabilities-in-ruby/ - CVE-2008-3655 - multiple insufficient safe mode restrictions - CVE-2008-3656 - WEBrick DoS vulnerability CPU...
Gentoo Security Advisory GLSA 200804-20 (sun-jdk, sun-jre-bin, emul-linux-x86-java)
The remote host is missing updates announced in advisory GLSA 200804-20. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 200806-11 (ibm-jdk-bin ibm-jre-bin)
The remote host is missing updates announced in advisory GLSA 200806-11. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD : ruby -- DoS vulnerability in WEBrick (f7ba20aa-6b5a-11dd-9d79-001fc61c2a55)
The official ruby site reports : WEBrick::HTTP::DefaultFileHandler is faulty of exponential time taking requests due to a backtracking regular expression in WEBrick::HTTPUtils.splitheadervalue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
CVE-2008-3655
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...
CVE-2008-3655
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...
CVE-2008-3655
CVE-2008-3655 affects Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423. It does not properly restrict access to critical variables and methods at various safe levels, allowing context‑dependent attackers to bypass access restrictions via (1) untrac...
CVE-2008-3655
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...
GLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200804-20 Sun JDK/JRE: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Sun Java: Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable when launched ...
Sun JDK/JRE: Multiple vulnerabilities
Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description Multiple vulnerabilities have been discovered in Sun Java: Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable...
Mac OS X : Java for Mac OS X 10.4 Release 6
The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 6. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to escalate its privileges and to add or remove arbitrary items from the user's...
SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 4544)
The IBM Java JRE/SDK has been brought to release 1.5.0 SR5a, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the image parsing code in the JavaTM Runtime Environment may allow an untrusted applet or application to elevate its privileges...
CVE-2007-3655
CVE-2007-3655 is a stack-based buffer overflow in javaws.exe (Sun Java Web Start) within JRE 5.0 Update 11 and earlier and 6.0 Update 1 and earlier. An attacker could remotely exploit a long codebase attribute in a JNLP file to execute arbitrary code. Red Hat advisories indicate this CVE was addr...
CVE-2006-3655
CVE-2006-3655, CVE-2006-3656, and related CVEs concern Microsoft PowerPoint 2003. The connected sources describe an attacker-assisted exploit via crafted PowerPoint files affecting PowerPoint 2003 (PowerPoint’s PowerPoint parsing/mso.dll and powerpnt.exe) that can lead to arbitrary code execution...