Debian: Security Advisory (DSA-748-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-864-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 5.04 / 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-371-1)

An error was found in Ruby's CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU. Note that Tenable Network Security has...

Ubuntu 5.04 / 5.10 / 6.06 LTS : ruby1.8 vulnerability (USN-325-1)

The alias function, certain directory operations, and regular expressions did not correctly implement safe levels. Depending on the application these flaws might allow attackers to bypass safe level restrictions and perform unintended operations. Note that Tenable Network Security has extracted t...

Ubuntu 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-394-1)

An error was found in Ruby's CGI library that did not correctly quote the boundary of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU. Note that Tenable Network Security ha...

Debian DSA-1235-1 : ruby1.8 - denial of service

A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

Debian DSA-1157-1 : ruby1.8 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to the bypass of security restrictions or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1931 It was discovered that the use of...

USN-325-1: ruby1.8 vulnerability

The alias function, certain directory operations, and regular expressions did not correctly implement safe levels. Depending on the application these flaws might allow attackers to bypass safe level restrictions and perform unintended operations...

Ubuntu 4.10 / 5.04 / 5.10 : ruby1.8 vulnerability (USN-273-1)

Yukihiro Matsumoto reported that Ruby's HTTP module uses blocking sockets. By sending large amounts of data to a server application that uses this module, a remote attacker could exploit this to render this application unusable and not respond any more to other clients Denial of Service. Note tha...

Ubuntu 4.10 : ruby1.8 vulnerability (USN-20-1)

The Ruby developers discovered a potential Denial of Service vulnerability in the CGI module cgi.rb. Specially crafted CGI requests could cause an infinite loop in the server process. Repetitive attacks could use most of the available processor resources, exhaust the number of allowed parallel...

Ubuntu 4.10 / 5.04 : ruby1.8 vulnerability (USN-146-1)

Nobuhiro IMAI discovered that the changed default value of the Modulepublicinstancemethods method broke the security protection of XMLRPC server handlers. A remote attacker could exploit this to execute arbitrary commands on an XMLRPC server. Note that Tenable Network Security has extracted the...

[SECURITY] [DSA 748-1] New ruby1.8 packages fix arbitrary command execution

------------------------------------------------------------------------ Debian Security Advisory DSA 748-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

[SECURITY] [DSA 748-1] New ruby1.8 packages fix arbitrary command execution

------------------------------------------------------------------------ Debian Security Advisory DSA 748-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

Debian DSA-748-1 : ruby1.8 - bad default value

A vulnerability has been discovered in ruby1.8 that could allow arbitrary command execution on a server running the ruby xmlrpc server. The old stable distribution woody did not include ruby1.8. This problem is fixed for the current stable distribution sarge in version 1.8.2-7sarge1. This problem...

DSA-748-1 ruby1.8 - bad default value

Bulletin has no description...