irb, ruby security update

CentOS Errata and Security Advisory CESA-2007:0961 Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting languag...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A flaw was...

ruby's cgi.rb vulnerable infinite loop DoS

The readmultipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service infinite loop via crafted HTTP requests, a different issue than CVE-2006-5467...

Net: HTTP insufficient verification of SSL certificate

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

net:: * modules

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. An SSL certifica...

Net: HTTP insufficient verification of SSL certificate

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

Moderate: ruby security update

1.8.1-7.EL4.8.1 - security fixes 320371 - ruby-1.8.1-cgi-CVE-2006-6303.patch: fix an infinite loop with certain HTTP request. - ruby-1.8.1-CVE-2007-5162.patch: fix an insufficient verification of SSL certificate...

Fedora 8 : ruby-1.8.6.111-1.fc8 (2007-2812)

This release contains another fixes of CVE-2007-5162 for Net::FTPTLS, Net::Telnet and Net::IMAP. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

[SECURITY] Fedora 8 Update: ruby-1.8.6.111-1.fc8

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Fedora 7 : ruby-1.8.6.111-1.fc7 (2007-2685)

This release contains another fixes of CVE-2007-5162 for Net::FTPTLS, Net::Telnet and Net::IMAP. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora 7 : ruby-1.8.6.110-1.fc7 (2007-2406)

Thu Oct 4 2007 Akira TAGOH - 1.8.6.110-1 - New upstream release. - ruby-r12567.patch: removed. - ruby-1.8.6-CVE-2007-5162.patch: security fix for Net::HTTP that is insufficient verification of SSL certificate. 313791 - Wed Jul 25 2007 Akira TAGOH - 1.8.6.36-3 - ruby-r12567.patch: backport patch...

Fedora 7 : ruby-mecab-0.96-1.fc7 (2007-0379)

This updates is for ruby side binding of MeCab associated with MeCab itself. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora Core 6 : ruby-1.8.5.114-1.fc6 (2007-738)

This release contains another fixes of CVE-2007-5162 for Net::FTPTLS, Net::Telnet and Net::IMAP. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

[SECURITY] Fedora Core 6 Update: ruby-1.8.5.114-1.fc6

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

openSUSE 10 Security Update : ruby (ruby-2219)

A denial of service problem in the CGI multipart parsing of 'ruby' was fixed, which could have allowed remote attackers to affect a denial of service attack against ruby based webservices. CVE-2006-5467 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

openSUSE 10 Security Update : ruby (ruby-1948)

An attacker could bypass the 'safe level' checks CVE-2006-3694. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update ruby-1948. The text description of this plugin is C SUSE LLC...

openSUSE 10 Security Update : ruby (ruby-2655)

The ruby package was updated to fix a denial of service problem in its CGI module when parsing multipart MIME messages. CVE-2006-6303 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update ruby-2655...

Fedora Core 6 : ruby-1.8.5.113-1.fc6 (2007-718)

Thu Oct 4 2007 Akira TAGOH - 1.8.5.113-1 - New upstream release. - ruby-1.8.5-CVE-2007-5162.patch: security fix for Net::HTTP that is insufficient verification of SSL certificate. 313801 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

[SECURITY] Fedora 7 Update: ruby-1.8.6.110-1.fc7

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...