14 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-7551
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before...
Ubuntu: Security Advisory (USN-3365-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for ruby2.1 (openSUSE-SU-2017:1128-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for ruby2.1 (important)
This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" bsc1018808 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 - CVE-2015-3900: hostname validation does...
SUSE SLED12 / SLES12 Security Update : ruby2.1 (SUSE-SU-2017:1067-1)
This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed : - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' bsc1018808 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 - CVE-2015-3900: hostname validation doe...
SUSE SLES11 Security Update : ruby (SUSE-SU-2017:0948-1)
This update for ruby fixes the following issues: Secuirty issues fixed : - CVE-2015-1855: Ruby OpenSSL Hostname Verification bsc926974 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 Bugfixes : - fix small mistake in the backport for bsc986630 Note that Tenable Network...
openSUSE Security Update : ruby2.2 / ruby2.3 (openSUSE-2017-435)
This update for ruby2.2, ruby2.3 fixes the following issues : Security issues fixed : - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' boo1018808 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL boo959495 Detailed ChangeLog : -...
CVE-2009-5147
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...
CVE-2015-7551
CVE-2015-7551 affects Ruby versions before the patch, where Fiddle::Handle in ext/fiddle/handle.c mishandles tainting, allowing context-dependent attackers to cause arbitrary code execution or a crash via a tainted string. The vulnerability stems from taint handling in the DL/libffi-related path ...
CVE-2015-7551
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of...
CVE-2015-7551
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of...
Fedora 23 : ruby-2.2.4-47.fc23 (2015-eef21b972e)
Update to Ruby 2.2.4 including security fix for CVE-2009-5147 and CVE-2015-7551. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora 22 : ruby-2.2.4-47.fc22 (2015-c4409eb73a)
Update to Ruby 2.2.4 including security fix for CVE-2009-5147 and CVE-2015-7551. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
Amazon Linux AMI : ruby19 / ruby20,ruby21,ruby22 (ALAS-2016-632)
DL::dlopen could open a library with tainted library name even if $SAFE 0. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2016-632. include"compat.inc"; if description scriptid87966;...