ruby security update

3.0.7-162 - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744 -...

Medium: ruby

Issue Overview: An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc. CVE-2021-31799 Affected Packages: ruby Note:...

DLA-3450-1 ruby2.5 - security update

Bulletin has no description...

SUSE-SU-2022:3292-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse bsc1193081...

PT-2022-37628 · Suse +1 · Ruby

This update for ruby fixes the following issues: - CVE-2018-16395: Fixed an issue where two x509 certificates could be considered to be equal when this was not the case bsc1112530. - CVE-2021-32066: Fixed an issue where the IMAP client API would not report a failure when StartTLS failed, leading...

OPENSUSE-SU-2021:3838-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc bsc1190375. - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP bsc1188161. - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP bsc1188160...

OPENSUSE-SU-2020:0586-1 Security update for ruby2.5

This update for ruby2.5 to version 2.5.8 fixes the following issues: - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON bsc1167244. - CVE-2020-10933: Heap exposure vulnerability in the socket library bsc1168938. This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2020:0737-1 Recommended update for ruby2.5

This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake bsc1164804. - CVE-2019-16255: Fixed a code injection vulnerability of Shell and Shelltest bsc1152990. - CVE-2019-16254: Fixed...

OPENSUSE-SU-2019:1771-1 Security update for ruby-bundled-gems-rpmhelper, ruby2.5

This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: -...

DLA-1222-1 ruby1.8 - security update

Bulletin has no description...

SUSE-RU-2017:3408-1 Recommended update for rubygem-yajl-ruby

This update for rubygem-yajl-ruby provides the following fixes: - Update to version 1.3.1 - Fix crafted JSON file allows to crash ruby process with a SIGABRT bsc1066565, CVE-2017-1651...

SUSE-SU-2015:1889-1 Security update for ruby19

ruby19 was updated to fix two security issues. The following vulnerabilities were fixed: CVE-2015-1855: Ruby OpenSSL hostname verification was too permissive bsc926974. CVE-2009-5147: DL::dlopen could have loaded a library with tainted library name even if $SAFE 0 bsc939860...

openSUSE: Security Advisory for ruby (openSUSE-SU-2013:0280-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : ruby on SL5.x i386/x86_64 (20130108)

It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files with names based on untrusted input, it could result in the creation of files with different names than expected. CVE-2012-4522 It was found that...

Fedora 16 : ruby-1.8.7.358-4.fc16 (2012-15507)

Some security flaws were found on ruby currently shipped on Fedora 17 where malicious user can bypass safe mechanize by raising exception intentionally and make arbitrary strings tainted. This flaw were now registered as CVE-2012-4464 and CVE-2012-4466. Note that CVE-2012-4464 is basically the sa...

[SECURITY] Fedora 17 Update: ruby-1.9.3.194-17.fc17

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Fedora Update for ruby FEDORA-2011-17551

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

[SECURITY] Fedora 15 Update: ruby-1.8.7.357-1.fc15

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

CentOS Update for ruby CESA-2011:0909 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

ruby security update

1.8.7.299-7.1 - Address CVE-2011-1004 'Symlink race condition by removing directory trees in fileutils module' ruby-1.8.7-CVE-2011-1004.patch - Address CVE-2011-1005 'Untrusted codes able to modify arbitrary strings' ruby-1.8.7-CVE-2011-1005.patch - Address CVE-2011-0188 'memory corruption in...