9 matches found
SUSE CVE-2018-16396
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...
ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...
ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...
ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...
ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...
CVE-2018-16396
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...
SUSE-SU-2017:0948-1 Security update for ruby
This update for ruby fixes the following issues: Secuirty issues fixed: - CVE-2015-1855: Ruby OpenSSL Hostname Verification bsc926974 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 Bugfixes: - fix small mistake in the backport for bsc986630...
Fedora 17 : ruby-1.9.3.429-30.fc17 (2013-8411)
A vulnerability was found in DL and Fiddle in Ruby where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby. This vulnerability has been assigned the CVE identifier CVE-2013-2065. This rpm will fix this issue. Note that Tenable Network Security has extracted the...
ruby: safe level bypass via name_err_mesg_to_str()
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...