Download
| Alert*
|
oval:org.secpod.oval:def:52872
ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:703718 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:89044784 This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (bsc#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) - CVE-2015-3900: hostname validation d ... oval:org.secpod.oval:def:89002928 This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command . - CVE-2016-7798: Fixed an IV Reuse in GCM Mode . - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf ... oval:org.secpod.oval:def:2103546 The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as ... oval:org.secpod.oval:def:2103534 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default val ... |
