20 matches found
BELL-CVE-2017-14064 CVE-2017-14064 does not affect BellSoft software
Bulletin has no description...
Mageia: Security Advisory (MGASA-2017-0371)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3685-2: Ruby regression
USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem. Original advisory details: Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discover...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1248)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
macOS 10.13.x < 10.13.6 Multiple Vulnerabilities
The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6. It is, therefore, affected by multiple vulnerabilities. Note that successful exploitation of the most serious issues can result in arbitrary code execution. C Tenable Network Security, Inc...
[SECURITY] [DLA 1421-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u4 CVE ID : CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914 CVE-2018-8777...
Oracle Linux 7 : ruby (ELSA-2018-0378)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0378 advisory. - Add Psych.safeload ruby-2.1.0-there-should-be-only-one-exception.patch ruby-2.1.0-Adding-Psych.safeload.patch Related: CVE-2017-0903 - Disable Tokyo ...
RHEL 7 : ruby (RHSA-2018:0378)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0378 advisory. - ruby: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-0898 - rubygems: Escape sequence in the summary field of gemspec...
ruby security update
2.0.0.648-33 - Fix always passing WEBrick test. 2.0.0.648-32 - Add Psych.safeload ruby-2.1.0-there-should-be-only-one-exception.patch ruby-2.1.0-Adding-Psych.safeload.patch Related: CVE-2017-0903 - Disable Tokyo TZ tests broken by recen tzdata update. ruby-2.5.0-Disable-Tokyo-TZ-tests.patch...
USN-3528-1: Ruby vulnerabilities
It was discovered that Ruby incorrectly handled certain terminal emulator escape sequences. An attacker could use this to execute arbitrary code via a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. CVE-2017-10784 It was discovered that Ruby incorrectly handled...
GLSA-201710-18 : Ruby: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201710-18 Ruby: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Ruby. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code, cause a Denial of...
[SECURITY] [DLA 1114-1] ruby1.9.1 security update
Package : ruby1.9.1 Version : 1.9.3.194-8.1+deb7u6 CVE ID : CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 Debian Bug : 873802 873906 875928 875931 875936 Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor. CVE-2017-0898 Buff...
FreeBSD : ruby -- multiple vulnerabilities (95b01379-9d52-11e7-a25c-471bafc3262f)
Ruby blog : CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...
Slackware 14.2 / current : ruby (SSA:2017-261-03)
New ruby packages are available for Slackware 14.2 and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-261-03. The text itself is copyright C Slackware...
Fedora Update for ruby FEDORA-2017-e136d63c99
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ruby -- multiple vulnerabilities
Ruby blog: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...
Debian: Security Advisory (DSA-3966-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-14064
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is...
CVE-2017-14064
CVE-2017-14064 affects Ruby before the fixed versions: Ruby 2.2.7 and earlier (2.2.x), 2.3.0–2.3.4, and 2.4.0–2.4.1. Root cause is a strdup-based bug in ext/json/ext/generator/generator.c that stops at the first NUL byte, returning a string of length zero while space_len indicates otherwise, expo...
CVE-2017-14064
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is...