OPENSUSE-SU-2024:12592-1 ruby3.1-rubygem-puma-5-5.6.5-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-puma-5-5.6.5-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13167-1 ruby3.2-rubygem-rack-3.0.7-1.2 on GA media

These are all security issues fixed in the ruby3.2-rubygem-rack-3.0.7-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12900-1 ruby3.2-rubygem-puma-6.0.0-2.1 on GA media

These are all security issues fixed in the ruby3.2-rubygem-puma-6.0.0-2.1 package on the GA media of openSUSE Tumbleweed...

ruby:3.1 security, bug fix, and enhancement update

An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Rocky Linux 8 : pcs (RLSA-2024:2953)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2953 advisory. rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing CVE-2024-25126 rubygem-rack: Possible DoS Vulnerability with Range Header in...

CVE-2024-35176 affecting package rubygem-rexml for versions less than 3.2.7-1

CVE-2024-35176 affecting package rubygem-rexml for versions less than 3.2.7-1. An upgraded version of the package is available that resolves this issue...

Oracle Linux 8 : ruby:3.3 (ELSA-2024-3670)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3670 advisory. - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281...

ruby:3.3 security, bug fix, and enhancement update

ruby 3.3.1-2 - Upgrade to Ruby 3.3.1. Resolves: RHEL-37446 - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-37449 - Fix Arbitrary memory address read vulnerability with Regex searc...

Oracle Linux 9 : ruby:3.1 (ELSA-2024-3668)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3668 advisory. ruby 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE...

ruby:3.3 security, bug fix, and enhancement update

ruby 3.3.1-2 - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37699 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability with Regex searc...

RHEL 7 : rubygem-hammer_cli (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-hammercli: no verification of API server's SSL certificate CVE-2017-2667 Note that Nessus has not tested fo...

RHEL 8 : 2.5_rubygem-bundler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 No...

RHEL 6 : rubygem-kafo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-kafo: temporary file creation vulnerability when creating /tmp/defaultvalues.yaml CVE-2014-0135 Note that...

ruby:3.1 security, bug fix, and enhancement update

ruby 3.1.5-143 - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-35750 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35751...

RHEL 6 : rubygem-bundler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-bundler: Code execution via gem name collision in bundler CVE-2016-7954 Note that Nessus has not tested for...

RHEL 7 : tfm-rubygem-rubyzip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubyzip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file...

RHEL 7 : pcs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rubygem-json: Unsafe object creation vulnerability in JSON CVE-2020-10663 - ClusterLabs pcs before versio...

CVE-2024-35176 affecting package rubygem-rexml for versions less than 3.2.8-1

CVE-2024-35176 affecting package rubygem-rexml for versions less than 3.2.8-1. An upgraded version of the package is available that resolves this issue...

ruby:3.0 security update

ruby 3.0.7-143 - Fix Zlib test failures on s390x due to HW acceleration Related: RHEL-36189 3.0.7-142 - Upgrade to Ruby 3.0.7. Resolves: RHEL-36189 - Fix HTTP response splitting in CGI. Resolves: RHEL-36193 - Fix ReDoS vulnerability in URI. Resolves: RHEL-36196 - Fix ReDoS vulnerability in Time...

ruby: RCE vulnerability with .rdoc_options in RDoc

A flaw was found in Rubygem RDoc. When parsing .rdocoptions used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution...