MGASA-2019-0062 Updated jruby packages fix security vulnerability

Several vulnerabilities were discovered in jruby. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code CVE-2018-1000073, CVE-2018-1000074,...

Updated jruby packages fix security vulnerability

Several vulnerabilities were discovered in jruby. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code CVE-2018-1000073, CVE-2018-1000074,...

Debian DLA-1622-1 : debian-security-support security update

debian-security-support, the Debian security support coverage checker, has been updated in jessie. The jessie relevant changes are : - Mark jasperreports as end-of-life in Jessie. - Mark webkit2gtk as unsupported in all releases. Closes: 914567 - Mark jruby in jessie as end-of-life as per...

Debian DSA-4219-1 : jruby - security update

Several vulnerabilities were discovered in jruby, a Java implementation of the Ruby programming language. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run maliciou...

[SECURITY] [DSA 4219-1] jruby security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4219-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 08, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4219-1] jruby security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4219-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 08, 2018 https://www.debian.org/security/faq -...

DSA-4219-1 jruby - security update

Bulletin has no description...

Debian: Security Advisory (DSA-4219-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-1352-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1352-1 : jruby security update

An unsafe object deserialization vulnerability was found in jruby, a 100% pure-Java implementation of Ruby. An attacker can use this flaw to run arbitrary code when gem owner is run on a specially crafted YAML file. For Debian 7 'Wheezy', these problems have been fixed in version 1.5.6-5+deb7u2. ...

[SECURITY] [DLA 1352-1] jruby security update

Package : jruby Version : 1.5.6-5+deb7u2 CVE ID : CVE-2018-1000074 An unsafe object deserialization vulnerability was found in jruby, a 100% pure-Java implementation of Ruby. An attacker can use this flaw to run arbitrary code when gem owner is run on a specially crafted YAML file. For Debian 7...

DLA-1352-1 jruby - security update

Bulletin has no description...

Debian DLA-1337-1 : jruby security update

Multiple vulnerabilities were found in the rubygems package management framework, embedded in JRuby, a pure-Java implementation of the Ruby programming language. CVE-2018-1000075 A negative size vulnerability in ruby gem package tar header that could cause an infinite loop. CVE-2018-1000076 Ruby...

[SECURITY] [DLA 1337-1] jruby security update

Package : jruby Version : 1.5.6-5+deb7u1 CVE ID : CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 Multiple vulnerabilities were found in the rubygems package management framework, embedded in JRuby, a pure-Java implementation of the Ruby programming language. CVE-2018-1000075 ...

Debian: Security Advisory (DLA-1337-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-1337-1 jruby - security update

Bulletin has no description...

Cross-site Scripting in loofah

Loofah allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. Users are affected if running Loofah = 2.9.2. JRuby users are not affected...

CVE-2018-1000076

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in...

activesupport Improper Input Validation vulnerability

The ActiveSupport::XmlMiniJDOM backend in lib/activesupport/xmlmini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to...

Insecure Random Number Generation

jRuby is vulnerable to insecure random number generation. The library does not use a pseudo-random salt when when generating a hash, causing the hash generated to be easier to predict...