EUVD-2009-4094

Malware in sbrugna...

SUSE CVE-2014-3248

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

DLA-1358-1 ruby1.9.1 - security update

Bulletin has no description...

DLA-1221-1 ruby1.9.1 - security update

Bulletin has no description...

WEBrick Improper Input Validation vulnerability

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...

facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

GHSA-92V7-PQ4H-58J5 facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

DLA-1114-1 ruby1.9.1 - security update

Bulletin has no description...

Ruby -- unsafe tainted string vulnerability

Ruby developer reports: There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi. And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed a...

Unsafe tainted string usage in Fiddle and DL

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi. And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed at other branches, then...

Debian DLA-300-1 : ruby1.9.1 security update

'sheepman' fixed a vulnerability in Ruby 1.9.1: DL::dlopen could open a library with tainted name even if $SAFE 0. For Debian 6 'Squeeze', this issue has been fixed in ruby1.9.1 1.9.2.0-2+deb6u7 NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA...

[SECURITY] [DLA 300-1] ruby1.9.1 security update

Package : ruby1.9.1 Version : 1.9.2.0-2+deb6u7 CVE ID : CVE-2009-5147 "sheepman" fixed a vulnerability in Ruby 1.9.1: DL::dlopen could open a library with tainted name even if $SAFE 0. For Debian 6 “Squeeze”, this issue has been fixed in ruby1.9.1 1.9.2.0-2+deb6u7...

DLA-300-1 ruby1.9.1 - security update

Bulletin has no description...

DLA-235-1 ruby1.9.1 - security update

Bulletin has no description...

DLA-200-1 ruby1.9.1 - security update

Bulletin has no description...

Amazon Linux AMI : puppet (ALAS-2015-484)

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

Debian Security Advisory DSA 3157-1 (ruby1.9.1 - security update)

Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2014-4975 The encodes function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service crash or arbitrary code executio...

Oracle Solaris Third-Party Patch Update : puppet (multiple_vulnerabilities_in_puppet1)

The remote Solaris system is missing necessary patches to address security updates : - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when...