Security update for rubygem-yard (important)

This update for rubygem-yard fixes the following issues: - CVE-2017-17042: The server in YARD did not block relative paths with an initial ../ sequence, which allowed attackers to conduct directory traversal attacks and read arbitrary files bsc1070263. This update was imported from the...

openSUSE: Security Advisory for rubygem-yard (openSUSE-SU-2018:1908-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2018:1890-1 Security update for rubygem-yard

This update for rubygem-yard fixes the following issues: - CVE-2017-17042: The server in YARD did not block relative paths with an initial ../ sequence, which allowed attackers to conduct directory traversal attacks and read arbitrary files bsc1070263...

openSUSE Security Update : rubygem-sprockets (openSUSE-2018-686)

This update for rubygem-sprockets fixes the following issues : The following security vulnerability was addressed : - CVE-2018-3760: Fixed a directory traversal issue in sprockets/server.rb:forbiddenrequest?, which allowed remote attackers to read arbitrary files via specially crafted requests...

openSUSE: Security Advisory for rubygem-sprockets (openSUSE-SU-2018:1854-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for rubygem-sprockets (important)

This update for rubygem-sprockets fixes the following issues: The following security vulnerability was addressed: - CVE-2018-3760: Fixed a directory traversal issue in sprockets/server.rb:forbiddenrequest?, which allowed remote attackers to read arbitrary files via specially crafted requests...

Fedora 27 : 1:rubygem-sinatra (2018-0b17e1e529)

Fix XSS in the 400 Bad Request page CVE-2018-11627, rhbz1585218. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora Update for rubygem-sinatra FEDORA-2018-0b17e1e529

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-sinatra FEDORA-2018-3f61c5cf7c

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 28 Update: rubygem-sinatra-2.0.0-4.fc28

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort...

[SECURITY] Fedora 27 Update: rubygem-sinatra-2.0.0-3.fc27

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort...

AZL-40842 CVE-2018-7159 affecting package rubygem-http_parser for versions less than 0.8.0-1

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

Fedora Update for rubygem-rmagick FEDORA-2018-5673d070df

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 26 Update: rubygem-rmagick-2.16.0-15.fc26

RMagick is an interface between Ruby and ImageMagick...

SUSE-SU-2018:0602-1 Security update for rubygem-puppet

This update for rubygem-puppet fixes the following issues: - CVE-2017-10689: Reset permissions when unpacking tar in PMT. When using minitar, files were unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions...

openSUSE Security Update : rubygem-puppet (openSUSE-2018-174)

This update for rubygem-puppet fixes the following issues : - CVE-2017-10689: Reset permissions when unpacking tar in PMT. When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions...

Fedora Update for rubygem-rack-protection FEDORA-2018-306856c244

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 26 : rubygem-rack-protection (2018-306856c244)

Fix timing attack in authenticitytoken.rb rhbz1534027. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

SUSE-SU-2018:0309-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issues: Security issue fixed: - CVE-2017-1000384: Introduces a new check that logs a vulnerability warning if Passenger is run with root permissions while the directory permissions of parts of its root dir allow modifications by non-root users...

SUSE-SU-2018:0262-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes several issues. These security issues were fixed: - CVE-2017-16355: When Passenger was running as root it was possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choi...