[SECURITY] [DLA 3625-1] ruby-rmagick security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3625-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès October 22, 2023 https://wiki.debian.org/LTS -...

DSA-5530-1 ruby-rack - security update

Bulletin has no description...

DLA-3625-1 ruby-rmagick - security update

Bulletin has no description...

Debian DSA-5530-1 : ruby-rack - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5530 advisory. Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injectio...

PT-2023-8777

Name of the Vulnerable Software and Affected Versions ruby-magick affected versions not specified Description The issue is related to memory leak errors in the ruby-magick interface between Ruby and the ImageMagick library. This can lead to a denial of service DOS by memory exhaustion, potentiall...

Debian dla-3625 : ruby-rmagick - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3625 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3625-1 [email protected] https://www.debian.org/lts/security/...

Important: Red Hat Security Advisory: Satellite 6.11.5.6 async security update

Updated Satellite 6.11 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

ruby-git: code injection vulnerability

A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository...

ruby-git: code injection vulnerability

A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository...

ruby-git: code injection vulnerability

A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository...

ruby-git: code injection vulnerability

A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository...

Updated ruby-RedCloth packages fix a security vulnerability

A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload. CVE-2023-31606...

MGASA-2023-0291 Updated ruby-RedCloth packages fix a security vulnerability

A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload. CVE-2023-31606...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ruby vulnerabilities (USN-3945-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3945-1 advisory. It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary...

Ubuntu 14.04 LTS / 16.04 LTS : Ruby vulnerabilities (USN-3626-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3626-1 advisory. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. CVE-2018-6914 ...

Mageia: Security Advisory (MGASA-2023-0291)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ruby vulnerabilities (USN-3808-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3808-1 advisory. It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass t...

ruby-git: code injection vulnerability

A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository...

ruby-git: code injection vulnerability

A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository...

Important: oniguruma

Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly i...