Debian DLA-1358-1 : ruby1.9.1 security update

Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-17742 Aaron Patterson reported that WEBrick bundled with Ruby was vulnerable to an HTTP response splitting vulnerability. It wa...

Debian DLA-1359-1 : ruby1.8 security update

Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-17742 Aaron Patterson reported that WEBrick bundled with Ruby was vulnerable to an HTTP response splitting vulnerability. It wa...

Debian: Security Advisory (DLA-1358-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1359-1] ruby1.8 security update

Package : ruby1.8 Version : 1.8.7.358-7.1+deb7u6 CVE ID : CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following...

Design/Logic Flaw

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...

Important: Red Hat Security Advisory: rh-ruby23-ruby security, bug fix, and enhancement update

An update for rh-ruby23-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

CentOS Update for ruby CESA-2018:0378 centos7

Check the version of ruby SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882847";...

Ruby 'lazy_initialize' function command injection vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A command injection vulnerability exists in the 'lazyinitialize' function in the lib/resolv.rb file in Ruby 2.4.3 and earlier versions. An attacker can...

DEBIAN-CVE-2017-17718

The Net::LDAP aka net-ldap gem before 0.16.0 for Ruby has Missing SSL Certificate Validation...

[SECURITY] [DSA 4031-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4031-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq -...

Ruby URI.decode_www_form_component Method Denial of Service Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A security vulnerability exists in the URI.decodewwwformcomponent method in Ruby versions prior to 1.9.2-p330. A remote attacker can exploit this...

[SECURITY] [DSA 3966-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3966-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 05, 2017 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3966-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ruby Arbitrary Memory Disclosure Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A security vulnerability exists in the strdup of the ext/json/ext/generator/generator.c file in Ruby versions 2.2.7 and earlier, 2.3.x through 2.3.4, and...

DEBIAN-CVE-2017-9225

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in...

Ruby colorscore gem arbitrary code execution vulnerability

Ruby is a cross-platform, object-oriented, dynamically-typed programming language developed by Japanese software developer Yukihiro Matsumoto. colorscore gem is one of the libraries used to distinguish colors. A security vulnerability exists in the 'initialize' method of the Histogram class in th...

[SECURITY] [DLA 263-1] ruby1.9.1 security update

Package : ruby1.9.1 Version : 1.9.2.0-2+deb6u5 CVE ID : CVE-2012-5371 CVE-2013-0269 Debian Bug : 693024 700471 Two vulnerabilities were identified in the Ruby language interpreter, version 1.9.1. CVE-2012-5371 Jean-Philippe Aumasson identified that Ruby computed hash values without properly...

DLA-263-1 ruby1.9.1 - security update

Bulletin has no description...

DLA-224-1 ruby1.8 - security update

Bulletin has no description...