[SECURITY] Fedora 18 Update: rubygem-activesupport-3.2.8-3.fc18

Utility library which carries commonly used classes and goodies from the Rails framework...

[SECURITY] Fedora 18 Update: rubygem-actionpack-3.2.8-3.fc18

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...

CVE-2013-2617 rubygem-curl: insufficient URL escaping command injection

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...

RHEL 6 : Subscription Asset Manager (RHSA-2013:0544)

Red Hat Subscription Asset Manager 1.2, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

Fedora Update for rubygem-json FEDORA-2013-3052

Check for the Version of rubygem-json OpenVAS Vulnerability Test Fedora Update for rubygem-json FEDORA-2013-3052 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Fedora Update for rubygem-json FEDORA-2013-3050

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for rubygem-json FEDORA-2013-3052

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for rubygem-json FEDORA-2013-3050

Check for the Version of rubygem-json OpenVAS Vulnerability Test Fedora Update for rubygem-json FEDORA-2013-3050 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Fedora 18 : rubygem-json-1.6.8-1.fc18 (2013-3052)

A security flaw was discovered on the previous json that there is a denial of service and unsafe object creation vulnerability. This vulnerability has been assigned the CVE identifier CVE-2013-0269. This new rpm will fix this issue. Note that Tenable Network Security has extracted the preceding...

Fedora 17 : rubygem-json-1.6.8-1.fc17 (2013-3050)

A security flaw was discovered on the previous json that there is a denial of service and unsafe object creation vulnerability. This vulnerability has been assigned the CVE identifier CVE-2013-0269. This new rpm will fix this issue. Note that Tenable Network Security has extracted the preceding...

[SECURITY] Fedora 17 Update: rubygem-json-1.6.8-1.fc17

This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language...

FreeBSD : rubygem-dragonfly -- arbitrary code execution (aa7764af-0b5e-4ddc-bc65-38ad697a484f)

Mark Evans reports : Unfortnately there is a security vulnerability in Dragonfly when used with Rails which would potentially allow an attacker to run arbitrary code on a host machine using carefully crafted requests. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

FreeBSD : rubygem-ruby_parser -- insecure tmp file usage (e1aa3bdd-839a-4a77-8617-cca439a8f9fc)

Michael Scherer reports : This is a relatively minor tmp file usage issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors Redistributi...

CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a relatively minor issue, hence no embargo. Michael Scherer [email protected] of Red Hat found: Looking for incorrect /tmp/ usage, I found the following piece of code in /usr/share/gems/gems/rubyparser-2.0.4/lib/gauntletrubyparser.rb...

Fedora Update for rubygem-activemodel FEDORA-2013-2391

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for rubygem-activerecord FEDORA-2013-2351

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for rubygem-activemodel FEDORA-2013-2398

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for rubygem-activerecord FEDORA-2013-2351

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2013-2351 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora Update for rubygem-activemodel FEDORA-2013-2391

Check for the Version of rubygem-activemodel OpenVAS Vulnerability Test Fedora Update for rubygem-activemodel FEDORA-2013-2391 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...