OPENSUSE-SU-2024:10057-1 ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1 on GA media

These are all security issues fixed in the ruby2.2-rubygem-actionview-42-4.2.7.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13162-1 ruby3.2-rubygem-loofah-2.19.1-1.2 on GA media

These are all security issues fixed in the ruby3.2-rubygem-loofah-2.19.1-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13163-1 ruby3.2-rubygem-minitar-0.9-1.13 on GA media

These are all security issues fixed in the ruby3.2-rubygem-minitar-0.9-1.13 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12247-1 ruby3.1-rubygem-http-5.1.0-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-http-5.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13440-1 ruby3.2-rubygem-nokogiri-1.15.4-1.1 on GA media

These are all security issues fixed in the ruby3.2-rubygem-nokogiri-1.15.4-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11336-1 ruby2.7-rubygem-kramdown-2.3.1-1.3 on GA media

These are all security issues fixed in the ruby2.7-rubygem-kramdown-2.3.1-1.3 package on the GA media of openSUSE Tumbleweed...

ruby:3.1 security, bug fix, and enhancement update

An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Rocky Linux 8 : pcs (RLSA-2024:2953)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2953 advisory. rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing CVE-2024-25126 rubygem-rack: Possible DoS Vulnerability with Range Header in...

CVE-2024-35176 affecting package rubygem-rexml for versions less than 3.2.7-1

CVE-2024-35176 affecting package rubygem-rexml for versions less than 3.2.7-1. An upgraded version of the package is available that resolves this issue...

Oracle Linux 8 : ruby:3.3 (ELSA-2024-3670)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3670 advisory. - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281...

ruby:3.3 security, bug fix, and enhancement update

ruby 3.3.1-2 - Upgrade to Ruby 3.3.1. Resolves: RHEL-37446 - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-37449 - Fix Arbitrary memory address read vulnerability with Regex searc...

Oracle Linux 9 : ruby:3.1 (ELSA-2024-3668)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3668 advisory. ruby 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE...

ruby:3.3 security, bug fix, and enhancement update

ruby 3.3.1-2 - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37699 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability with Regex searc...

RHEL 7 : rubygem-hammer_cli (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-hammercli: no verification of API server's SSL certificate CVE-2017-2667 Note that Nessus has not tested fo...

RHEL 8 : 2.5_rubygem-bundler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 No...

RHEL 6 : rubygem-kafo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-kafo: temporary file creation vulnerability when creating /tmp/defaultvalues.yaml CVE-2014-0135 Note that...

ruby:3.1 security, bug fix, and enhancement update

ruby 3.1.5-143 - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-35750 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35751...

RHEL 6 : rubygem-bundler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-bundler: Code execution via gem name collision in bundler CVE-2016-7954 Note that Nessus has not tested for...

RHEL 7 : pcs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rubygem-json: Unsafe object creation vulnerability in JSON CVE-2020-10663 - ClusterLabs pcs before versio...

RHEL 7 : tfm-rubygem-rubyzip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubyzip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file...