ruby:2.5 security update

rubygem-abrt 0.3.0-4 - Execute test suite unconditionally. - Upload correct sources. 0.3.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 0.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora27MassRebuild 0.3.0-1 - Update to abrt 0.3.0. 0.2.0-2 - Rebuilt for...

ruby: ReDoS vulnerability in URI

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...

[SECURITY] Fedora 37 Update: rubygem-rmagick-5.2.0-2.fc37

RMagick is an interface between Ruby and ImageMagick...

Fedora 37 : rubygem-rmagick (2023-8dd1a1a2e6)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8dd1a1a2e6 advisory. A security flaw was found on rubygem-rmagick that Magick::Draw causes memleak. This issue is assigned as CVE-2023-5349. This new rpm fixes this issue. Tenabl...

Fedora: Security Advisory for rubygem-rmagick (FEDORA-2023-8dd1a1a2e6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

rubygem-activerecord: Denial of Service

A flaw was found in the rubygem-activerecord. RubyGem's ActiveRecord is vulnerable to a denial of service caused by a flaw in the PostgreSQL adapter. By sending a specially-crafted request, a remote attacker can cause a slow sequential scan, resulting in a denial of service...

rubygem-rack: denial of service in Content-Disposition parsing

A flaw was found in rubygem-rack. Rack is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the multipart parsing component. By sending a specially-crafted input, a remote attacker can cause a denial of service...

rubygem-actionpack: Denial of Service in Action Dispatch

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Action Dispatch related to the If-None-Match header. By sending a specially-crafted HTTP If-None-Match header, a remote attacker...

rubygem-rack: denial of service in Content-Disposition parsing

A flaw was found in rubygem-rack. Rack is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the multipart parser. By sending a specially-crafted regex input, a remote attacker can cause a denial of service...

rubygem-rack: denial of service in header parsing

A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service...

openSUSE 15 Security Update : rubygem-activesupport-5.2 (openSUSE-SU-2023:0350-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0350-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

Security update for rubygem-activesupport-5.2 (moderate)

openSUSE Security Update: Security update for rubygem-activesupport-5.2 Announcement ID: openSUSE-SU-2023:0350-1 Rating: moderate References: 1214807 Cross-References: CVE-2023-38037 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes one vulnerability is now available...

OPENSUSE-SU-2023:0350-1 Security update for rubygem-activesupport-5.2

This update for rubygem-activesupport-5.2 fixes the following issue: - CVE-2023-38037: fixed a File Disclosure of Locally Encrypted Files bsc1214807...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Rack vulnerabilities (USN-5253-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5253-1 advisory. It was discovered that Rack insecurely handled session ids. An unauthenticated remote attacker could possibly use this issue to...

AZL-33350 CVE-2023-45853 affecting package rubygem-mini_portile2 for versions less than 2.8.0-1

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

AZL-35229 CVE-2023-45853 affecting package rubygem-mini_portile2 for versions less than 2.8.0-1

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-puma (SUSE-SU-2023:3957-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3957-1 advisory. - Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing...

SUSE-SU-2023:3957-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: - CVE-2023-40175: Fixed HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers bsc1214425...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionview-5_1 (SUSE-SU-2023:3813-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3813-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVE...

SUSE-SU-2023:3813-1 Security update for rubygem-actionview-5_1

This update for rubygem-actionview-51 fixes the following issues: - CVE-2023-23913: Fixed DOM Based Cross-site Scripting in rails-ujs bsc1209826...