156 matches found
Moderate ruby security update
1.8.1-7.EL4.8 - BR tcl-devel and tk-devel instead of tcl and tk. 1.8.1-7.EL4.7 - security fix release. - ruby-1.8.1-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that causes the denial of service. 212237 1.8.1-7.EL4.6 - security fixes CVE-2006-3694 - fixed the insecure operations on Di...
Moderate ruby security update
1.8.1-7.EL4.8 - BR tcl-devel and tk-devel instead of tcl and tk. 1.8.1-7.EL4.7 - security fix release. - ruby-1.8.1-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that causes the denial of service. 212237 1.8.1-7.EL4.6 - security fixes CVE-2006-3694 - fixed the insecure operations on Di...
Ruby Safe Level security bypass
"alias" can be exploited to replace safe function, directory access protection bypass. Few potentially dangerous methods are not limited...
CentOS 3 / 4 : ruby (CESA-2006:0604)
Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A number of flaws were found in the safe-level...
irb, ruby security update
CentOS Errata and Security Advisory CESA-2006:0604-01 Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A...
irb, ruby security update
CentOS Errata and Security Advisory CESA-2006:0604 Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A...
Moderate: Red Hat Security Advisory: ruby security update
Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A number of flaws were found in the safe-level...
security flaw
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving 1 the alias function and 2 "directory operations"...
CVE-2006-3694
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving 1 the alias function and 2 "directory operations"...
CVE-2006-3694
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving 1 the alias function and 2 "directory operations"...
ruby1.8 vulnerability
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass safe level checks via unspecified vectors involving 1 the alias function and 2 directory operations...
CVE-2006-3694
CVE-2006-3694 refers to multiple vulnerabilities in Ruby prior to 1.8.5 that allow remote attackers to bypass certain security checks. The core issue is a bypass of the interpreter’s safe-level restrictions via unspecified vectors involving (1) the alias function and (2) directory operations, ena...
ruby -- multiple vulnerabilities
Secunia reports: Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions. An error in the handling of the "alias" functionality can be exploited to bypass the safe level protection and replace methods called in the trusted...
JVN#83768862 Ruby vulnerability caused by a problem with the alias funtion so that safe level 4 does not function as a sandbox
Impact An attacker could force programs to crash. Solution Products Affected Ruby 1.8.4-20060328 and earlier Snapshot versions As a workaround, we recommend that users update to the latest Ruby 1.8.4 snapshot version...
JVN#13947696 Ruby contains a vulnerability that prevents safe level 4 from functioning as a sandbox.
Impact An attacker may be able to bypass the security model of a server application and change the status of a untained object. Solution Products Affected Ruby 1.8.4-20060516 and earlier Snapshot versions As a workaround, we recommend that users update to the latest Ruby 1.8.4 snapshot version...
Ubuntu 4.10 / 5.04 : ruby1.8 vulnerability (USN-195-1)
The object oriented scripting language Ruby supports safely executing untrusted code with two mechanisms: safe level and taint flag on objects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby methods to bypass these mechanisms. In systems which use this feature, this could be exploite...
Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)
Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The updated packages have been patched to address this issue. %NASLMINLEVEL 70300 C...
Debian DSA-864-1 : ruby1.8 - programming error
Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable woody...
DSA-864-1 ruby1.8 - programming error
Bulletin has no description...
security flaw
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input stdin...