Fedora 30 : rubygem-rubyzip (2019-0182d0b304)

Fix CVE-2019-16892 denial of service via crafted ZIP file. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

The rack-cors rubygem may allow directory traveral

An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

GHSA-PF8F-W267-MQ2H The rack-cors rubygem may allow directory traveral

An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

SUSE-SU-2019:2932-1 Security update for rubygem-haml

This update for rubygem-haml fixes the following issue: - CVE-2017-1002201: Fixed an insufficient character escape that could have led to arbitrary code execution bsc1155089...

CVE-2019-5418

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...

Fedora 31 : 1:ImageMagick / rubygem-rmagick (2019-27b9b94805)

Bug fixes and security fixes. Better threading compile time option set. See: https://src.fedoraproject.org/rpms/ImageMagick/pull-request/2 Additional formats enabled. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...

Fedora Update for rubygem-rmagick FEDORA-2019-612d4f64dd

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 30 : 1:ImageMagick / rubygem-rmagick (2019-612d4f64dd)

Bug fixes and security fixes. Better threading compile time option set. See: https://src.fedoraproject.org/rpms/ImageMagick/pull-request/2 Additional formats enabled. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...

SUSE-SU-2019:2209-1 Security update for rubygem-loofah

This update for rubygem-loofah fixes the following issues: - Security issue fixed: - CVE-2018-8048: Update fix to make Loofah::HTML5::Scrub.forcecorrectattributeescaping! callable from other gems bsc1086598...

SUSE-SU-2019:2182-1 Security update for rubygem-rails-html-sanitizer

This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2018-3741: Fixed a XSS vulnerability due to insufficient filtering in scrubattribute bsc1086598...

ruby:2.5 security update

ruby 2.5.3-104 - Prohibit arbitrary code execution when installing a malicious gem. Resolves: CVE-2019-8324 rubygem-mongo 2.5.1-2 - Disable tests to fix FTBFS by dropped MongoDB module. Resolves: rhbz1710863 rubygem-pg 1.0.0-2 - Assign a random testing port...

Fedora Update for rubygem-jquery-ui-rails FEDORA-2019-a96124345a

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for rubygem-rack (openSUSE-SU-2019:1553-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : rubygem-rack (openSUSE-2019-1553)

This update for rubygem-rack fixes the following issues : Security issued fixed : - CVE-2018-16471: Fixed a cross-site scripting vulnerability via 'scheme' method bsc1116600. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Security update for rubygem-rack (moderate)

openSUSE Security Update: Security update for rubygem-rack Announcement ID: openSUSE-SU-2019:1553-1 Rating: moderate References: 1114828 1116600 Cross-References: CVE-2018-16471 Affected Products: openSUSE Leap 42.3 An update that solves one vulnerability and has one errata is now available...

SUSE-SU-2019:1440-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: Security issued fixed: - CVE-2018-16471: Fixed a cross-site scripting vulnerability via 'scheme' method bsc1116600...

rubygem-actionpack: render file directory traversal in Action View

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...

rubygem-actionpack: render file directory traversal in Action View

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...

[SECURITY] Fedora 30 Update: rubygem-activestorage-5.2.3-1.fc30

Attach cloud and local files in Rails applications...

[SECURITY] Fedora 30 Update: rubygem-actionmailer-5.2.3-1.fc30

Email on Rails. Compose, deliver, receive, and test emails using the famili ar controller/view pattern. First-class support for multipart email and attachments...