RHEL 4 / 5 : ruby (RHSA-2008:0897)

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented...

ruby: Memory allocation failure in Ruby regex engine (remotely exploitable DoS)

The regular expression engine regex.c in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service infinite loop and crash via multiple long requests to a Ruby socket, related to memory allocation failure...

CVE-2008-4557

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 aka Strawberry allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression...

Code injection

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 aka Strawberry allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression...

Gentoo Security Advisory GLSA 200711-28 (perl)

The remote host is missing updates announced in advisory GLSA 200711-28. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Server: temporary DoS via crafted pattern searches

Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service CPU consumption and search outage via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem...

Server: temporary DoS via crafted pattern searches

Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service CPU consumption and search outage via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem...

CVE-2008-3656

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

CVE-2008-3656

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

CVE-2008-3656

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

ruby -- DoS vulnerability in WEBrick

The official ruby site reports: WEBrick::HTTP::DefaultFileHandler is faulty of exponential time taking requests due to a backtracking regular expression in WEBrick::HTTPUtils.splitheadervalue...

Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim

SUMMARY Product : Vim -- Vi IMproved Version : Tested with Vim 7.2b.10, filetype.vim 2008-07-17 Impact : Arbitrary code execution Wherefrom: Local and remote CVE : CVE-2008-2712 Original : http://www.rdancer.org/vulnerablevim-filetype.vim.updated.html...

PCRE buffer overflow

Buffer overflow on regular expression compilation...

GLSA-200807-03 : PCRE: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200807-03 PCRE: Buffer overflow Tavis Ormandy of the Google Security team reported a heap-based buffer overflow when compiling regular expression patterns containing 'Internal Option Settings' such as '?i'. Impact : A remote...

CVE-2008-2371

Heap-based buffer overflow in pcrecompile.c in the Perl-Compatible Regular Expression PCRE library 7.7 allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches...

Heap overflow

Heap-based buffer overflow in pcrecompile.c in the Perl-Compatible Regular Expression PCRE library 7.7 allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches...

CVE-2008-2371

CVE-2008-2371 describes a heap-based buffer overflow in the PCRE library (version 7.7) specifically in pcre_compile.c. This vulnerability can be triggered by a context-dependent attacker via a regular expression that begins with an option and contains multiple branches, potentially causing a deni...

CVE-2008-2371

Heap-based buffer overflow in pcrecompile.c in the Perl-Compatible Regular Expression PCRE library 7.7 allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches...

CVE-2008-2371

Heap-based buffer overflow in pcrecompile.c in the Perl-Compatible Regular Expression PCRE library 7.7 allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches...