Download
| Alert*
oval:org.secpod.oval:def:1600956
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one chara ... oval:org.secpod.oval:def:2103539 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one chara ... oval:org.secpod.oval:def:115416 Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks . It is simple, straight-forward, and extensible. oval:org.secpod.oval:def:51156 ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:53455 Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16395 Tyler Eckstein reported that the equality check of OpenSSL::X509::Name could return true for non-equal objects. If ... oval:org.secpod.oval:def:603562 Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16395 Tyler Eckstein reported that the equality check of OpenSSL::X509::Name could return true for non-equal objects. If ... oval:org.secpod.oval:def:704372 ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:503241 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * ruby: HTTP response splitting in WEBrick * ruby: DoS by large request in WEBrick * ruby: Buffer under-read in String#unpack * ruby ... oval:org.secpod.oval:def:89050926 This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: - CVE-2019-832 ... oval:org.secpod.oval:def:504995 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby25-ruby , rh-ruby25-rubygems , rh-ruby25-rubygem-openssl . Security Fi ... oval:org.secpod.oval:def:504912 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby23-ruby , rh-ruby23-rubygems . Security Fix: * ruby: OpenSSL::X509::Na ... oval:org.secpod.oval:def:1504304 [2.0.0.648-36] - Introduce "Gem::UserInteraction#verbose" method as precondition to fix CVE-2019-8321. * rubygems-2.3.0-refactor-checking-really_verbose.patch - Fix escape sequence injection vulnerability in verbose. - Fix escape sequence injection vulnerability in gem owner. Resolves: CVE-2019-8322 ... oval:org.secpod.oval:def:205330 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * ruby: HTTP response splitting in WEBrick * ruby: DoS by large request in WEBrick * ruby: Buffer under-read in String#unpack * ruby ... oval:org.secpod.oval:def:504880 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby , rh-ruby24-rubygems , rh-ruby24-rubygem-bigdecimal , rh-ruby24 ... oval:org.secpod.oval:def:1700208 It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory. It was found that the ... oval:org.secpod.oval:def:1601180 An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, an ... oval:org.secpod.oval:def:2103534 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default val ... oval:org.secpod.oval:def:89002928 This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command . - CVE-2016-7798: Fixed an IV Reuse in GCM Mode . - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf ... |