RHSA-2013:1090 Red Hat Security Advisory: ruby security update

Bulletin has no description...

OPENSUSE-SU-2024:11658-1 libruby3_0-3_0-3.0.3-1.1 on GA media

These are all security issues fixed in the libruby30-30-3.0.3-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11331-1 ruby2.7-rubygem-activesupport-6.0-6.0.4-1.2 on GA media

These are all security issues fixed in the ruby2.7-rubygem-activesupport-6.0-6.0.4-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11316-1 ruby2.7-rubygem-actionmailer-6.0-6.0.4-1.2 on GA media

These are all security issues fixed in the ruby2.7-rubygem-actionmailer-6.0-6.0.4-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11329-1 ruby2.7-rubygem-activestorage-6.0-6.0.4-1.2 on GA media

These are all security issues fixed in the ruby2.7-rubygem-activestorage-6.0-6.0.4-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11321-1 ruby2.7-rubygem-actionview-6.0-6.0.4-1.2 on GA media

These are all security issues fixed in the ruby2.7-rubygem-actionview-6.0-6.0.4-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11348-1 ruby2.7-rubygem-rails-6.0-6.0.4-1.2 on GA media

These are all security issues fixed in the ruby2.7-rubygem-rails-6.0-6.0.4-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11317-1 ruby2.7-rubygem-actionpack-5.2-5.2.6-1.2 on GA media

These are all security issues fixed in the ruby2.7-rubygem-actionpack-5.2-5.2.6-1.2 package on the GA media of openSUSE Tumbleweed...

Important: ruby

Issue Overview: A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw t...

OESA-2023-1226 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Tim...

ruby:2.5 security update

ruby 2.5.9-110.0.1 - Fix for CVE-2022-28739 Orabug: 34824177...

ruby:2.7 security, bug fix, and enhancement update

ruby 2.7.6-138 - Upgrade to Ruby 2.7.6. Resolves: rhbz2109424 - Fix FTBFS due to an incompatible load directive. Related: rhbz2109424 - Fix a fiddle import test on an optimized glibc on Power 9. Related: rhbz2109424 - Fix regular Expression Denial of Service Vulnerability of Date Parsing Methods...

SUSE-SU-2022:15034-1 Security update for ruby

This update for ruby fixes the following issues: - CVE-2018-16395: Fixed an issue where two x509 certificates could be considered to be equal when this was not the case bsc1112530. - CVE-2021-32066: Fixed an issue where the IMAP client API would not report a failure when StartTLS failed, leading ...

ruby:2.5 security update

ruby 2.5.9-110 - Fix FTBFS due to an incompatible load directive. - Fix a fiddle import test on an optimized glibc on Power 9. - Fix by adding length limit option for methods that parses date strings. Resolves: CVE-2021-41817 - CGI::Cookie.parse no longer decodes cookie names to prevent spoofing...

CVE-2022-32511

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

ruby:2.5 security update

ruby 2.5.9-109 - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 2.5.9-108 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799 - Fix StartTLS stripping vulnerability in Net::IMAP Resolves: CVE-2021-32066 - Fix FTP PASV command response can cause...

ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?

A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby...

DSA-4918-1 ruby-rack-cors - security update

Bulletin has no description...

SUSE-SU-2021:1280-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - Update to 2.5.9 - CVE-2021-28965: XML round-trip vulnerability in REXML bsc1184644...

CVE-2020-10933

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocketreadnonblockrequestedsize, buffer, exception: false, the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous valu...