Fedora Update for rubygem-activesupport FEDORA-2015-10538

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-web-console FEDORA-2015-10128

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : rubygem-RedCloth (openSUSE-2015-457)

rubygem-RedCloth was updated to fix one security issue. The following vulnerability was fixed : CVE-2012-6684: A cross-site scripting XSS vulnerability allowed remote attackers to inject arbitrary web script or HTML via a javascript: URI boo912212 %NASLMINLEVEL 70300 C Tenable Network Security,...

Fedora 22 : rubygem-activesupport-4.2.0-2.fc22 (2015-10538)

Fixes for : CVE-2015-3226 Escape HTML entities in JSON keys CVE-2015-3227 XML documents that are too deep can cause an stack overflow, which in turn will cause a potential DoS attack. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora securit...

Fedora 21 : rubygem-activesupport-4.1.5-2.fc21 (2015-10545)

Fixes for : CVE-2015-3226 Escape HTML entities in JSON keys CVE-2015-3227 XML documents that are too deep can cause an stack overflow, which in turn will cause a potential DoS attack. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora securit...

Fedora Update for rubygem-activesupport FEDORA-2015-10545

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 21 Update: rubygem-activesupport-4.1.5-2.fc21

Utility library which carries commonly used classes and goodies from the Rails framework...

[SECURITY] Fedora 22 Update: rubygem-activesupport-4.2.0-2.fc22

Utility library which carries commonly used classes and goodies from the Rails framework...

[SECURITY] Fedora 21 Update: rubygem-jquery-rails-3.1.0-3.fc21

This gem provides jQuery and the jQuery-ujs driver for your Rails 3 application...

[SECURITY] Fedora 22 Update: rubygem-jquery-rails-3.1.0-3.fc22

This gem provides jQuery and the jQuery-ujs driver for your Rails 3 application...

Fedora 21 : rubygem-jquery-rails-3.1.0-3.fc21 (2015-10144)

Security fix for CVE-2015-1840 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora Update for rubygem-jquery-rails FEDORA-2015-10144

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 22 : rubygem-jquery-rails-3.1.0-3.fc22 (2015-10258)

Security fix for CVE-2015-1840 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora 22 : rubygem-web-console-2.1.3-1.fc22 (2015-10128)

Security fix for CVE-2015-3224. Please note that since the security fix was not really backportable, I opted in for rebase. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

FreeBSD : rubygem-bson -- DoS and possible injection (f5225b23-192d-11e5-a1cf-002590263bf5)

Phill MV reports : By submitting a specially crafted string to a service relying on the bson rubygem, an attacker may trigger denials of service or even inject data into victim's MongoDB instances. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

FreeBSD : rubygem-paperclip -- validation bypass vulnerability (0f154810-16e4-11e5-a1cf-002590263bf5)

Jon Yurek reports : Thanks to MORI Shingo of DeNA Co., Ltd. for reporting this. There is an issue where if an HTML file is uploaded with a .html extension, but the content type is listed as being image/jpeg, this will bypass a validation checking for images. But it will also pass the spoof check,...

FreeBSD : rubygem-rails -- multiple vulnerabilities (eb8a8978-8dd5-49ce-87f4-49667b2166dd)

Ruby on Rails blog : Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

rubygem-paperclip -- validation bypass vulnerability

Jon Yurek reports: Thanks to MORI Shingo of DeNA Co., Ltd. for reporting this. There is an issue where if an HTML file is uploaded with a .html extension, but the content type is listed as being image/jpeg, this will bypass a validation checking for images. But it will also pass the spoof check,...

rubygem-bson -- DoS and possible injection

Phill MV reports: By submitting a specially crafted string to a service relying on the bson rubygem, an attacker may trigger denials of service or even inject data into victim's MongoDB instances...

Data Injection Vulnerability in bson Rubygem

A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object...