35 matches found
Amazon Linux: Security Advisory (ALAS-2012-139)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : ruby / ruby19 (openSUSE-SU-2012:1443-1)
This update of ruby fixed multiple SAFE level bypass flaws. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-763. The text description of this plugin is C SUSE LLC...
openSUSE Security Update : ruby19 (openSUSE-SU-2013:0376-1)
ruby19 was updated to fix various bugs and security issues: Update to 1.9.3 p385 bnc802406 - XSS exploit of RDoc documentation generated by rdoc CVE-2013-0256 - for other changes see /usr/share/doc/packages/ruby19/Changelog Update to 1.9.3 p327 bnc789983 - CVE-2012-5371 and plenty of other fixes...
Amazon Linux AMI : ruby (ALAS-2012-139)
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...
Fedora Update for ruby FEDORA-2013-8411
Check for the Version of ruby OpenVAS Vulnerability Test Fedora Update for ruby FEDORA-2013-8411 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
Ruby 安全级别限制绕过漏洞(CVE-2012-4466)
CVE ID:CVE-2012-4466 Ruby是一种为简单快捷的面向对象编程而创的脚本语言 Ruby 1.8.7 patchlevel 371之前版本,1.9.3patchlevel 286之前版本及Ruby 2.0 revision r37068之前版本存在安全漏洞,允许攻击者利用漏洞绕过安全级别限制,修改未污染字符串,如通过nameerrmesgtostr函数把字符串标记为污染。此漏洞不同于CVE-2011-1005 0 Ruby 1.8.7 Ruby 1.9.3 Ruby 2.0 厂商解决方案 用户可联系厂商获得相应的升级程序或补丁: http://www.ruby-lang....
CVE-2012-4464
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...
Design/Logic Flaw
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...
CVE-2012-4466
CVE-2012-4466 affects Ruby 1.8.7 before patchlevel 371, Ruby 1.9.3 before patchlevel 286, and Ruby 2.0 before revision r37068. The issue allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via name_err_mesg_to_str, tainting handling for strings. This ...
Mandriva Linux Security Advisory : ruby (MDVSA-2013:124)
Updated ruby packages fix security vulnerabilities : Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions CVE-2012-4466, CVE-2012-4481. It was...
SuSE 10 Security Update : ruby (ZYPP Patch Number 8524)
The ruby interpreter received a fix for two security issues : - Ruby's $SAFE mechanism enables untrusted user codes to run in $SAFE = 4 mode. This is a kind of sandboxing so some operations are restricted in that mode to protect other data outside the sandbox. CVE-2012-4466 The problem found was...
SuSE 11.2 Security Update : ruby (SAT Patch Number 7386)
The ruby interpreter received a fix for a security issue : - Ruby's $SAFE mechanism enables untrusted user codes to run in $SAFE = 4 mode. This is a kind of sandboxing so some operations are restricted in that mode to protect other data outside the sandbox. CVE-2012-4466 The problem found was...
Fedora Update for ruby FEDORA-2013-3038
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected", value:"rub...
Fedora Update for ruby FEDORA-2012-18017
Check for the Version of ruby OpenVAS Vulnerability Test Fedora Update for ruby FEDORA-2012-18017 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
Ubuntu Update for ruby1.8 USN-1603-2
Ubuntu Update for Linux kernel vulnerabilities USN-1603-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN16032.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for ruby1.8 USN-1603-2 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...
USN-1603-2: Ruby vulnerabilities
USN-1603-1 fixed vulnerabilities in Ruby. This update provides the corresponding updates for Ubuntu 12.10. Original advisory details: Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to...
USN-1614-1: Ruby vulnerabilities
Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. USN-1602-1 fixed these vulnerabilities in other Ubuntu releases. This update provides the...
Ubuntu 12.04 LTS / 12.10 : ruby1.9.1 vulnerabilities (USN-1614-1)
Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. USN-1602-1 fixed these vulnerabilities in other Ubuntu releases. This update provides the...
Ubuntu 12.10 : ruby1.8 vulnerabilities (USN-1603-2)
USN-1603-1 fixed vulnerabilities in Ruby. This update provides the corresponding updates for Ubuntu 12.10. Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access...
Fedora Update for ruby FEDORA-2012-16086
Check for the Version of ruby OpenVAS Vulnerability Test Fedora Update for ruby FEDORA-2012-16086 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...