148 matches found
[SECURITY] [DSA 2809-1] ruby1.8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2809-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2809-1 (ruby1.8 - several vulnerabilities)
Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity expansion in REXML can lead to a Denial of Service by consuming a...
Scientific Linux Security Update : php on SL6.x i386/x86_64 (20131121)
It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. CVE-2006-7243 A flaw was found in PHP's SSL client's hostname identity...
DSA-2809-1 ruby1.8 - several
Bulletin has no description...
Moderate: Red Hat Security Advisory: php security, bug fix, and enhancement update
Updated php packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which giv...
RHEL 5 : php53 (RHSA-2013:1307)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1307 advisory. - php: paths with NULL character were considered valid CVE-2006-7243 - PHP: sapiheaderop %0D sequence handling security bypass CVE-2011-1398...
Debian: Security Advisory (DSA-2763-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2738-1 : ruby1.9.1 - several vulnerabilities
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1821 Ben Murphy discovered that unrestricted enti...
Debian Security Advisory DSA 2738-1 (ruby1.9.1 - several vulnerabilities)
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity...
DSA-2738-1 ruby1.9.1 - several
Bulletin has no description...
CentOS Update for ruby CESA-2013:1090 centos5
Check for the Version of ruby OpenVAS Vulnerability Test CentOS Update for ruby CESA-2013:1090 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Mandriva Linux Security Advisory : ruby (MDVSA-2013:201)
A vulnerability has been discovered and corrected in ruby : A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers...
FreeBSD : ruby -- Hostname check bypassing vulnerability in SSL client (ebd877b9-7ef4-4375-b1fd-c67780581898)
Ruby Developers report : Ruby's SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...
Fedora 18 : ruby-1.9.3.448-31.fc18 (2013-12123)
A vulnerability was found in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority. This vulnerability has been assigned the CVE identifier CVE-2013-4073. This new update should solve this issue. Note...
Fedora 17 : ruby-1.9.3.448-31.fc17 (2013-12062)
A vulnerability was found in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority. This vulnerability has been assigned the CVE identifier CVE-2013-4073. This new update should solve this issue. Note...
[slackware-security] ruby (SSA:2013-178-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security ruby SSA:2013-178-01 New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...
OpenSSL Man-in-the-middle flaw fixed in Ruby
The maintainers of Ruby have fixed a serious flaw in its SSL client that could have allowed an attacker to conduct man-in-the-middle attacks by spoofing an SSL server. The vulnerability lies in the OpenSSL toolkit that’s built in to Ruby and is present in several versions of the software from 1.8...
ruby -- Hostname check bypassing vulnerability in SSL client
Ruby Developers report: Ruby's SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes...
CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client
The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...
DSA-2664-1 stunnel4 - buffer overflow
Bulletin has no description...