Moderate Photon OS Security Update - PHSA-2021-0096

Updates of 'ruby' packages of Photon OS have been released...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2021-2255)

According to the version of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorre...

MGASA-2020-0423 Updated ruby packages fix a security vulnerability

A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request...

MGASA-2020-0285 Updated ruby packages fix security vulnerability

Updated ruby packages fix security vulnerability: An issue was discovered in Ruby through 2.5.7. If a victim calls BasicSocketreadnonblockrequestedsize, buffer, exception: false, the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the...

MGASA-2019-0408 Updated ruby packages fix security vulnerabilities

Updated ruby packages fix security vulnerabilities: It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access CVE-2019-15845. It was discovered that Ruby incorrectly handled certain regula...

NewStart CGSL CORE 5.05 / MAIN 5.05 : ruby Multiple Vulnerabilities (NS-SA-2019-0084)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ruby packages installed that are affected by multiple vulnerabilities: - An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout...

EulerOS 2.0 SP5 : ruby (EulerOS-SA-2019-1597)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - rubygems: Installing a malicious gem may lead to arbitrary code execution CVE-2019-8324 - rubygems: Escape sequence injection vulnerability in gem...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0130

An update of 'ruby' packages of Photon OS has been released...

Critical Photon OS Security Update - PHSA-2019-0130

Updates of 'ruby' packages of Photon OS have been released...

EulerOS 2.0 SP1 : ruby (EulerOS-SA-2018-1029)

According to the version of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0100

An update of 'ruby' packages of Photon OS has been released...

MGASA-2017-0486 Updated ruby packages fix security vulnerabilities

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

Updated ruby packages fix security vulnerabilities

If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash CVE-2017-0898. If a malicious string is passed to th...

MGASA-2017-0290 Updated ruby packages fix security vulnerabilities

It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A remote attacker could possibly use this issue to inject SMTP commands. CVE-2015-9096 Marcin Noga discovered that Ruby incorrectly handled certain arguments in a TclTkIp class method. An attacker could possibly use this...

MGASA-2017-0264 Updated ruby-rubyzip packages fix security vulnerability

A directory traversal vulnerability could lead to access and overwrite files that are outside of the restricted directory CVE-2017-5946...

MGASA-2016-0342 Updated ruby packages fix a security vulnerability

A bug in openssl module caused using an all 0 IV for AES-GCM ciphers in some cases when setting a key, an iv, and then setting a key a again CVE-2016-779...

MGASA-2016-0007 Updated ruby packages fix security vulnerability

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi CVE-2015-7551...

MGASA-2015-0178 Updated ruby packages fix CVE-2015-1855

Updated ruby packages fix security vulnerability: Ruby OpenSSL hostname matching implementation violates RFC 6125 CVE-2015-1855. The ruby package has been updated to version 2.0.0-p645, which fixes this issue...

MGASA-2014-0443 Updated ruby packages fix CVE-2014-8080

Updated ruby packages fix security vulnerability: Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of servic...

openSUSE Security Update : ruby (openSUSE-SU-2011:0561-1)

Ruby was prone to several security issues : - a race condition allowed local users to delete arbitrary files CVE-2011-1004 - exception methods could bypass safe mode CVE-2011-1005 - webrick cross site scripting issue CVE-2010-0541 - memory corruption in the BigDecimal class CVE-2011-0188...