9 matches found
MiracleLinux 7 : ruby-2.0.0.648-36.el7 (AXSA:2019-4276:03)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4276:03 advisory. ruby: HTTP response splitting in WEBrick CVE-2017-17742 ruby: DoS by large request in WEBrick CVE-2018-8777 ruby: Buffer under-read in Stringunpack...
Moderate: Red Hat Security Advisory: ruby security update
An update for ruby is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
CentOS 7 : ruby (CESA-2019:2028)
An update for ruby is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
Scientific Linux Security Update : ruby on SL7.x x86_64 (20190806)
Security Fixes : - ruby: HTTP response splitting in WEBrick CVE-2017-17742 - ruby: DoS by large request in WEBrick CVE-2018-8777 - ruby: Buffer under-read in Stringunpack CVE-2018-8778 - ruby: Unintentional directory traversal by poisoned NULL byte in Dir CVE-2018-8780 - ruby: Tainted flags are n...
Moderate: Red Hat Security Advisory: ruby security update
An update for ruby is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
Debian DLA-1558-1 : ruby2.1 security update
CVE-2018-16395 Fix for OpenSSL::X509::Name equality check. CVE-2018-16396 Tainted flags are not propagated in Arraypack and Stringunpack with some directives. For Debian 8 'Jessie', these problems have been fixed in version 2.1.5-2+deb8u6. We recommend that you upgrade your ruby2.1 packages. NOTE...
[SECURITY] [DLA 1558-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u6 CVE ID : CVE-2018-16395 CVE-2018-16396 CVE-2018-16395 Fix for OpenSSL::X509::Name equality check. CVE-2018-16396 Tainted flags are not propagated in Arraypack and Stringunpack with some directives. For Debian 8 "Jessie", these problems have been fixed in...
MGASA-2018-0411 Updated ruby packages fix security vulnerability
Ruby before 2.2.10 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick CVE-2017-17742. Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10 might allow...
ruby -- multiple vulnerabilities
Ruby news: CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly An instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equali...