146 matches found
[SECURITY] [DSA 4031-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4031-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-4031-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : ruby24 (ALAS-2017-915)
Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte,...
Medium: ruby24
Issue Overview: Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a...
Updated ruby packages fix security vulnerabilities
If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash CVE-2017-0898. If a malicious string is passed to th...
MGASA-2017-0371 Updated ruby packages fix security vulnerabilities
If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash CVE-2017-0898. If a malicious string is passed to th...
Amazon Linux AMI : ruby22 / ruby23 (ALAS-2017-906)
SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session...
Medium: ruby22, ruby23
Issue Overview: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands i...
Debian DLA-1113-1 : ruby1.8 security update
Some vulnerabilities were found in the Ruby 1.8 package that affects the LTS distribution. CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784 Escape sequence injection vulnerability in the Basic authentication of WEBrick For Debian 7 'Wheezy', these problems have been...
Debian DLA-1114-1 : ruby1.9.1 security update
Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor. CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf CVE-2017-0899 ANSI escape sequence vulnerability CVE-2017-0900 DOS vulernerability in the query command CVE-2017-0901 gem installer allows a malicious gem to overwri...
[SECURITY] [DLA 1114-1] ruby1.9.1 security update
Package : ruby1.9.1 Version : 1.9.3.194-8.1+deb7u6 CVE ID : CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 Debian Bug : 873802 873906 875928 875931 875936 Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor. CVE-2017-0898 Buff...
[SECURITY] [DLA 1113-1] ruby1.8 security update
Package : ruby1.8 Version : 1.8.7.358-7.1+deb7u4 CVE ID : CVE-2017-0898 CVE-2017-10784 Debian Bug : 875931 875936 Some vulnerabilities were found in the Ruby 1.8 package that affects the LTS distribution. CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784 Escape sequence...
FreeBSD : ruby -- multiple vulnerabilities (95b01379-9d52-11e7-a25c-471bafc3262f)
Ruby blog : CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...
CVE-2017-14033
It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service...
ruby -- multiple vulnerabilities
Ruby blog: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...
Buffer underrun vulnerability in Kernel.sprintf
There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or th...
Buffer underrun vulnerability in Kernel.sprintf
There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or th...
Buffer underrun vulnerability in OpenSSL ASN1 decode
There is a buffer underrun vulnerability in OpenSSL bundled by Ruby. If a malicious string is passed to the decode method of OpenSSL::ASN1, buffer underrun may be caused and the Ruby interpreter may crash. All users running an affected release should either upgrade or use one of the workarounds...
SUSE SLES11 Security Update : xorg-x11-libs (SUSE-SU-2016:3189-1)
This update for xorg-x11-libs fixes the following issues : - insufficient validation of data from the X server can cause a one byte buffer read underrun bsc1003023, CVE-2016-7953 - insufficient validation of data from the X server can cause out of boundary memory access or endless loops Denial of...