Scientific Linux Security Update : ruby on SL7.x x86_64 (20190806)

Security Fixes : - ruby: HTTP response splitting in WEBrick CVE-2017-17742 - ruby: DoS by large request in WEBrick CVE-2018-8777 - ruby: Buffer under-read in Stringunpack CVE-2018-8778 - ruby: Unintentional directory traversal by poisoned NULL byte in Dir CVE-2018-8780 - ruby: Tainted flags are n...

RHEL 7 : ruby (RHSA-2019:2028)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2028 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Moderate: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system...

ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...

Debian DSA-4259-1 : ruby2.3 - security update

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could...

Debian: Security Advisory (DSA-4259-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1358-1 : ruby1.9.1 security update

Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-17742 Aaron Patterson reported that WEBrick bundled with Ruby was vulnerable to an HTTP response splitting vulnerability. It wa...

FreeBSD : ruby -- multiple vulnerabilities (eb69bcf2-18ef-4aa2-bb0c-83b263364089)

Ruby news : CVE-2017-17742: HTTP response splitting in WEBrick If a script accepts an external input and outputs it without modification as a part of HTTP responses, an attacker can use newline characters to deceive the clients that the HTTP response header is stopped at there, and can inject fak...

[slackware-security] ruby

New ruby packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/ruby-2.2.10-i586-1slack14.2.txz: Upgraded. This release includes some bug fixes and some security fixes: HTTP response splitting in...

ruby -- multiple vulnerabilities

Ruby news: CVE-2017-17742: HTTP response splitting in WEBrick If a script accepts an external input and outputs it without modification as a part of HTTP responses, an attacker can use newline characters to deceive the clients that the HTTP response header is stopped at there, and can inject fake...

Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket

There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby. And there is also a unintentional socket access vulnerability in UNIXSocket.open method. UNIXServer.open accepts the path of the socket to be created at the first parameter. If th...

kernel: IPv6 connect causes DoS via NULL pointer dereference

A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system...

DEBIAN-CVE-2016-5104

The socketcreate function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket...

kernel: IPv6 connect causes DoS via NULL pointer dereference

A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system...

PT-2015-6831 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.2.3 Description: The issue is related to an incorrect sequence of protocol-initialization steps in the sctp init function, which can cause a denial of service, resulting in a panic or memory corruption. This c...

Kroum Grigorov KpyM Telnet Server 1.0 - Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9379/info KpyM Telnet Server has been reported to be prone to a remote denial of service vulnerability. Due to a lack of resource limitations, a remote attacker may negotiate multiple connections to the affected server...

e-Vision CMS <= 2.0.2 Multiple Local File Inclusion Exploit

No description provided by source. ?php errorreporting0; iniset"defaultsockettimeout",5; / e-Vision = 2.0.2 Multiple Local File Inclusion Exploit ------------------------------------------------------- by athos - download http://sourceforge.net...

Debian Security Advisory DSA 1531-1 (policyd-weight)

The remote host is missing an update to policyd-weight announced via advisory DSA 1531-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

DEBIAN-CVE-2008-1569

policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket...