24 matches found
Debian: Security Advisory (DLA-235-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2015-0178)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-1855
CVE-2015-1855 affects Ruby’s OpenSSL hostname matching: the OpenSSL extension fails to validate hostnames, allowing server spoofing. Affected: Ruby/OpenSSL before 2.0.0 patchlevel 645; 2.1.x before 2.1.6; 2.2.x before 2.2.2. Root cause: permissive hostname matching (wildcards, IDNA, case, non‑ASC...
Ubuntu: Security Advisory (USN-3365-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for ruby2.1 (openSUSE-SU-2017:1128-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for ruby2.1 (important)
This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" bsc1018808 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 - CVE-2015-3900: hostname validation does...
SUSE SLED12 / SLES12 Security Update : ruby2.1 (SUSE-SU-2017:1067-1)
This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed : - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' bsc1018808 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 - CVE-2015-3900: hostname validation doe...
SUSE SLES11 Security Update : ruby (SUSE-SU-2017:0948-1)
This update for ruby fixes the following issues: Secuirty issues fixed : - CVE-2015-1855: Ruby OpenSSL Hostname Verification bsc926974 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 Bugfixes : - fix small mistake in the backport for bsc986630 Note that Tenable Network...
SUSE-SU-2015:1889-1 Security update for ruby19
ruby19 was updated to fix two security issues. The following vulnerabilities were fixed: CVE-2015-1855: Ruby OpenSSL hostname verification was too permissive bsc926974. CVE-2009-5147: DL::dlopen could have loaded a library with tainted library name even if $SAFE 0 bsc939860...
Amazon Linux: Security Advisory (ALAS-2015-533)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2015-531)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 235-1] ruby1.9.1 security update
Package : ruby1.9.1 Version : 1.9.2.0-2+deb6u4 CVE ID : CVE-2011-0188 CVE-2011-2705 CVE-2012-4522 CVE-2013-0256 CVE-2013-2065 CVE-2015-1855 CVE-2011-0188 The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and oth...
DLA-235-1 ruby1.9.1 - security update
Bulletin has no description...
Medium: ruby18
Issue Overview: As discussed in an upstream announcement https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as...
Medium: ruby20
Issue Overview: As discussed in an upstream announcement https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as...
[SECURITY] [DLA 224-1] ruby1.8 security update
Package : ruby1.8 Version : 1.8.7.302-2squeeze4 CVE ID : CVE-2015-1855 It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a...
Mandriva Linux Security Advisory : ruby (MDVSA-2015:224)
Updated ruby packages fix security vulnerability : Ruby OpenSSL hostname matching implementation violates RFC 6125 CVE-2015-1855. The ruby packages for MBS2 has been updated to version 2.0.0-p645, which fixes this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...
[ MDVSA-2015:224 ] ruby
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:224 http://www.mandriva.com/en/support/security/ Package : ruby Date : May 4, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Updated ruby packages fix security vulnerability: Ru...
Updated ruby packages fix CVE-2015-1855
Updated ruby packages fix security vulnerability: Ruby OpenSSL hostname matching implementation violates RFC 6125 CVE-2015-1855. The ruby package has been updated to version 2.0.0-p645, which fixes this issue...
[SECURITY] [DSA 3247-1] ruby2.1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3247-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini May 02, 2015 http://www.debian.org/security/faq -...