Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

rubygem-rack: crafted requests can cause shell escape sequences

A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's Lint middleware and CommonLogger middleware. This issue can leverage these escape sequences to execute commands in the victim's...

AZL-11396 CVE-2022-39379 affecting package rubygem-fluentd for versions less than 1.14.6-2

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...

SUSE SLES12 Security Update : rubygem-puppet (SUSE-SU-2022:3794-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3794-1 advisory. - A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a...

rubygem-tzinfo: arbitrary code execution

A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within t...

SUSE-SU-2022:3621-1 Security update for rubygem-activesupport-5_1

This update for rubygem-activesupport-51 fixes the following issues: - CVE-2022-27777: Fixed cross-site scripting vulnerability in Action View tag helper bsc1199060...

SUSE SLES15 Security Update : rubygem-puma (SUSE-SU-2022:3571-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3571-1 advisory. - Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not...

SUSE-SU-2022:3571-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: Updated to version 4.3.12: - CVE-2022-24790: Fixed HTTP request smuggling if proxy is not RFC7230 compliant bsc1197818...

Fedora: Security Advisory for rubygem-pdfkit (FEDORA-2022-6da143f1a2)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SQLite3 addresses vulnerability in packaged version of libsqlite

Summary The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to v3.39.4. libsqlite v3.39.4 addresses a vulnerability described as follows in the release notification: Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the...

GHSA-MGVV-5MXP-XQ67 SQLite3 addresses vulnerability in packaged version of libsqlite

Summary The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to v3.39.4. libsqlite v3.39.4 addresses a vulnerability described as follows in the release notification: Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the...

SUSE SLES15 Security Update : rubygem-rack (SUSE-SU-2022:3347-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3347-1 advisory. - A directory traversal vulnerability exists in rack 2.2.0 that allows an attacker perform directory traversal vulnerability in the...

SUSE-SU-2022:3347-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2020-8184: Fixed vulnerability where percent-encoded cookies can be used to overwrite existing prefixed cookie names bsc1173351. - CVE-2020-8161: Fixed directory traversal in Rack:Directory bsc1172037...

SUSE-SU-2022:3339-1 Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma

This update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma fixes the following issues: Security fixes included in this update:...

SUSE-SU-2022:3338-1 Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma

This update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma fixes the following issues: Security updates included on this update: ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates,...

CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.3.1-2

CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.3.1-2. A patched version of the package is available...

SUSE SLES15 Security Update : rubygem-kramdown (SUSE-SU-2022:3259-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3259-1 advisory. - The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read...

openSUSE: Security Advisory for rubygem-kramdown (SUSE-SU-2022:3259-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-puma (FEDORA-2022-7c8b29195f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:3212-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...