rubygem-cgi -- HTTP response splitting vulnerability

Hiroshi Tokumaru reports: If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application create...

SUSE-SU-2022:4075-1 Security update for rubygem-loofah

This update for rubygem-loofah fixes the following issues: - CVE-2019-15587: Fixed issue in sanitization of crafted SVG elements bsc1154751...

SUSE SLED15 / SLES15 Security Update : rubygem-nokogiri (SUSE-SU-2022:4016-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4016-1 advisory. - Nokogiri is an open source XML and HTML library for Ruby. Nokogiri = 1.13.4. There are no known workarounds...

SUSE SLED15 / SLES15 Security Update : rubygem-nokogiri (SUSE-SU-2022:4015-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4015-1 advisory. - Nokogiri is an open source XML and HTML library for Ruby. Nokogiri = 1.13.4. There are no known workarounds...

SUSE: Security Advisory (SUSE-SU-2022:4015-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:4016-1 Security update for rubygem-nokogiri

This update for rubygem-nokogiri fixes the following issues: - CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. bsc1198408 - CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. bsc1199782...

SUSE-SU-2022:4015-1 Security update for rubygem-nokogiri

This update for rubygem-nokogiri fixes the following issues: - CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. bsc1198408 - CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. bsc1199782...

Satellite 6.12 Release

An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Satellite is a systems management tool for...

CVE-2022-39379 affecting package rubygem-fluentd for versions less than 1.14.6-2

CVE-2022-39379 affecting package rubygem-fluentd for versions less than 1.14.6-2. A patched version of the package is available...

[SECURITY] Fedora 37 Update: rubygem-pdfkit-0.8.7.2-1.fc37

Create PDFs using plain old HTML+CSS. Uses wkhtmltopdf on the back-end which renders HTML using Webkit...

Scientific Linux Security Update : pcs on SL7.x x86_64 (2022:7343)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:7343-1 advisory. - rubygem-rack: crafted requests can cause shell escape sequences CVE-2022-30123 - jquery: Prototype pollution in object's prototype leading to...

3.1 bug fix and enhancement update

An update is available for rubygem-mysql2, rubygem-pg, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in...

SUSE-SU-2022:3890-1 Security update for rubygem-nokogiri

This update for rubygem-nokogiri fixes the following issues: - CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. bsc1198408 - CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. bsc1199782...

SUSE SLES15 Security Update : rubygem-loofah (SUSE-SU-2022:3868-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3868-1 advisory. - In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

SUSE-SU-2022:3868-1 Security update for rubygem-loofah

This update for rubygem-loofah fixes the following issues: - CVE-2019-15587: Fixed issue in sanitization of crafted SVG elements bsc1154751...

SUSE-SU-2022:3860-1 Security update for rubygem-actionview-4_2

This update for rubygem-actionview-42 fixes the following issues: - CVE-2022-27777: Fixed cross-site scripting vulnerability in Action View tag helpers bsc1199060...

pcs security update

0.9.169-3.0.1 - replace logo pcsd/public/favicon.ico in tarball - remove Source1 HAM-logo.png 0.9.169-3.el73.2 - Update rubygem rack - Upgrade jquery in web-ui - Resolves: rhbz2099578 rhbz2093232 0.9.169-3.el73.1 - Explicitly close libcurl connections to prevent stalled TCP connections in...

Oracle Linux 7 : pcs (ELSA-2022-7343)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7343 advisory. 0.9.169-3.0.1 - replace logo pcsd/public/favicon.ico in tarball - remove Source1 HAM-logo.png 0.9.169-3.el73.2 - Update rubygem rack - Upgrade jquery i...

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

rubygem-rack: crafted requests can cause shell escape sequences

A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's Lint middleware and CommonLogger middleware. This issue can leverage these escape sequences to execute commands in the victim's...