Medium: rubygems

Issue Overview: Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of...

ruby-gems -- Algorithmic Complexity Vulnerability

Ruby Gem developers report: The patch for CVE-2013-4363 was insufficiently verified so the combined regular expression for verifying gem version remains vulnerable following CVE-2013-4363. RubyGems validates versions with a regular expression that is vulnerable to denial of service due to...

Fedora Update for rubygems FEDORA-2013-16316

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygems FEDORA-2013-16376

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-4363 rubygems: version regex algorithmic complexity vulnerability, incomplete CVE-2013-4287 fix

'Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service C...

Fedora Update for rubygems FEDORA-2013-16316

Check for the Version of rubygems OpenVAS Vulnerability Test Fedora Update for rubygems FEDORA-2013-16316 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for rubygems FEDORA-2013-16376

Check for the Version of rubygems OpenVAS Vulnerability Test Fedora Update for rubygems FEDORA-2013-16376 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 20 Update: rubygems-2.0.8-104.fc20

RubyGems is the Ruby standard for publishing and managing third party libraries...

Fedora 20 : rubygems-2.0.8-104.fc20 (2013-16251)

A vulnerability was found on rubygems currently being shipped on Fedora in validating versions with a regular expression which leads to denial of service due to backtracking. This issue are now assigned as CVE-2013-4287. This new rpm will fix this issue. Note that Tenable Network Security has...

Fedora 19 : rubygems-2.0.8-104.fc19 (2013-16376)

A vulnerability was found on rubygems currently being shipped on Fedora in validating versions with a regular expression which leads to denial of service due to backtracking. This issue are now assigned as CVE-2013-4287. This new rpm will fix this issue. Note that Tenable Network Security has...

Fedora 18 : rubygems-1.8.25-7.fc18 (2013-16316)

A vulnerability was found on rubygems currently being shipped on Fedora in validating versions with a regular expression which leads to denial of service due to backtracking. This issue are now assigned as CVE-2013-4287. This new rpm will fix this issue. Note that Tenable Network Security has...

[SECURITY] Fedora 19 Update: rubygems-2.0.8-104.fc19

RubyGems is the Ruby standard for publishing and managing third party libraries...

[SECURITY] Fedora 18 Update: rubygems-1.8.25-7.fc18

RubyGems is the Ruby standard for publishing and managing third party libraries...

CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability

Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CPU...

ruby-gems -- Algorithmic Complexity Vulnerability

Ruby Gem developers report: RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption...

rubygems: Two security fixes in v1.8.23

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

Moderate: Red Hat Security Advisory: rubygems security update

An updated rubygems package that fixes two security issues is now available for Red Hat OpenShift Enterprise 1.2.2. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

rubygems: Two security fixes in v1.8.23

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...

Amazon Linux AMI : rubygems (ALAS-2012-79)

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amaz...

RubyGems Sounder 'sound.rb'远程命令注入漏洞

BUGTRAQ ID: 62023 Sounder是Mac OSX afplay命令的ruby gem API Sounder 1.0.1存在远程命令注入漏洞，攻击者可利用此漏洞在受影响应用上下文中执行任意命令 0 rubygems Sounder 1.0.1 厂商补丁： rubygems -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： https://rubygems.org/gems/sounder PoC: irbmain:098:0 @file = ""id;/usr/bin/id/tmp/p;"" =...