MiracleLinux 3 : ruby-1.8.5-22.1.0.1.AXS3 (AXSA:2012-99:1)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-99:1 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system...

MiracleLinux 3 : ruby-1.8.5-5.5 (AXSA:2008-471:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-471:02 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do syste...

MiracleLinux 3 : ruby-1.8.5-29.AXS3 (AXSA:2013-269:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-269:02 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system...

MiracleLinux 3 : ruby-1.8.5-5.5 (AXSA:2008-514:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-514:03 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do syste...

MiracleLinux 3 : ruby-1.8.5-5.6 (AXSA:2008-536:04)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-536:04 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system...

Oracle Linux 5 : Moderate: / ruby (ELSA-2007-0965)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0965 advisory. 1.8.5-5.el51.1 - security fix for CVE-2007-5162 and CVE-2007-5770 - ruby-1.8.5-CVE-2007-5162.patch: fix issues that is insufficient verification of SSL...

CVE-2008-4310

httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service CPU consumption via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656...

Design/Logic Flaw

httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service CPU consumption via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656...

CVE-2008-4310

CVE-2008-4310 is a WEBrick Denial of Service issue: httputils.rb in WEBrick used by Ruby 1.8.1 and 1.8.5 (as deployed in RHEL 4/5) can be triggered by a crafted HTTP request, causing CPU exhaustion. The note indicates it stems from an incomplete fix for CVE-2008-3656. Connected advisories show ve...

ruby security update

1.8.5-5.el52.6 - security fix 470262 - CVE-2008-4310: real fix for CVE-2008-3656. original patch named as fix for CVE-2008-3656 actually fixed different issue CVE-2008-1145, hence we are providing correct patch and renaming original patch to refer to proper CVE...

CVE-2008-3656

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

Algorithmic complexity vulnerability in the WEBrick

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

CVE-2008-2664 ruby: Unsafe use of alloca in rb_str_format()

The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...

ruby -- DNS spoofing vulnerability in resolv.rb

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than...

Ruby Net::HTTPS library does not validate server certificate CN

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

Fedora Core 6 : ruby-1.8.5.2-1.fc6 (2006-1441)

Mon Dec 11 2006 Akira TAGOH - 1.8.5.2-1 - security fix release. 218289 - Fri Oct 27 2006 Akira TAGOH - 1.8.5-4 - security fix release. - ruby-1.8.5-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that causes the denial of service. 212396 - Sun Oct 1 2006 Jesse Keating - 1.8.5-3 - rebuilt...

Fedora Core 5 : ruby-1.8.5.2-1.fc5 (2006-1440)

Mon Dec 11 2006 Akira TAGOH - 1.8.5.2-1 - security fix release. 218289 - Fri Oct 27 2006 Akira TAGOH - 1.8.5-1 - security fix release. - ruby-1.8.5-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that causes the denial of service. 212396 - backport fixes from devel. - fixed rbconfig.rb...