Amazon Linux AMI : ruby19, ruby21 (ALAS-2020-1426)

The version of ruby19 installed on the remote host is prior to 1.9.3.551-33.71. The version of ruby21 installed on the remote host is prior to 2.1.9-1.23. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1426 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ru...

SUSE-SU-2017:0914-1 Security update for ruby19

This update for ruby19 fixes the following issues: Security issue fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' bsc1018808 Bugfixes: - fix small mistake in the backport for bsc986630 - HTTP Header injection in 'net/http' bsc986630 - make the testsuite...

Amazon Linux: Security Advisory (ALAS-2016-632)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : ruby19 / ruby20,ruby21,ruby22 (ALAS-2016-632)

DL::dlopen could open a library with tainted library name even if $SAFE 0. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2016-632. include"compat.inc"; if description scriptid87966;...

Low: ruby19, ruby20, ruby21, ruby22

Issue Overview: DL::dlopen could open a library with tainted library name even if $SAFE 0. Affected Packages: ruby19, ruby20, ruby21, ruby22 Issue Correction: Run yum update ruby19 or yum update --advisory ALAS-2016-632 to update your system. Run yum update ruby20 or yum update --advisory...

Amazon Linux: Security Advisory (ALAS-2015-530)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2013-229)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2014-447)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2014-290)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2013-247)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2013-195)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : ruby19 (ALAS-2015-530)

As discussed in an upstream announcement, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 . C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

openSUSE Security Update : ruby19 (openSUSE-SU-2014:1589-1)

ruby19 was updated to fix two security issues. These security issues were fixed : - Denial Of Service XML Expansion CVE-2014-8080. - Denial Of Service XML Expansion CVE-2014-8090. Note: These are two separate issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Amazon Linux AMI : ruby19 (ALAS-2014-447)

The upstream patch for CVE-2014-8080 introduced checks against the REXML.entityexpansiontextlimit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entityexpansionlimit. As a consequence, even with the patch applied, a small XML...

Medium: ruby19

Issue Overview: The upstream patch for CVE-2014-8080 introduced checks against the REXML.entityexpansiontextlimit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entityexpansionlimit. As a consequence, even with the patch applied,...

openSUSE Security Update : ruby19 (openSUSE-SU-2013:1611-1)

ruby19 was updated to fix the following security issues : - fix CVE-2013-2065: Object taint bypassing in DL and Fiddle bnc843686 The file CVE-2013-2065.patch contains the patch - fix CVE-2013-4287 CVE-2013-4363: ruby19: Algorithmic complexity vulnerability bnc837457 The file...

openSUSE Security Update : ruby19 (openSUSE-SU-2013:1835-1)

The following security issue was fixed in ruby19 : %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-940. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : ruby19 (openSUSE-SU-2013:0376-1)

ruby19 was updated to fix various bugs and security issues: Update to 1.9.3 p385 bnc802406 - XSS exploit of RDoc documentation generated by rdoc CVE-2013-0256 - for other changes see /usr/share/doc/packages/ruby19/Changelog Update to 1.9.3 p327 bnc789983 - CVE-2012-5371 and plenty of other fixes...

openSUSE Security Update : ruby19 (openSUSE-SU-2013:1181-1)

fix cve-2013-4073 bnc827265 The fixcve-2013-4073.patch contains the patch for cve-2013-4073 bnc827265 adapted from https://github.com/ruby/ruby/commit/2669b84d407ab431e965 145c827db66c91158f89 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

openSUSE Security Update : ruby19 (openSUSE-SU-2013:1179-1)

was updated to fix SSL hostname certification CVE-2013-4073 bnc827265. https://github.com/ruby/ruby/commit/2669b84d407ab431e965145c827db66c91 158f89 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...