[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3966-1 ruby2.3 -- ruby2.3

ID: oval:org.secpod.oval:def:603090Date: (C)2017-09-08   (M)2024-01-29
Class: PATCHFamily: unix




Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2015-9096 SMTP command injection in Net::SMTP. CVE-2016-7798 Incorrect handling of initialization vector in the GCM mode in the OpenSSL extension. CVE-2017-0900 Denial of service in the RubyGems client. CVE-2017-0901 Potential file overwrite in the RubyGems client. CVE-2017-0902 DNS hijacking in the RubyGems client. CVE-2017-14064 Heap memory disclosure in the JSON library.

Platform:
Debian 9.x
Product:
libruby2.3
ruby2.3
Reference:
DSA-3966-1
CVE-2015-9096
CVE-2016-7798
CVE-2017-0899
CVE-2017-0900
CVE-2017-0901
CVE-2017-0902
CVE-2017-14064
CVE    7
CVE-2016-7798
CVE-2017-0901
CVE-2017-0902
CVE-2017-0899
...
CPE    4
cpe:/o:debian:debian_linux:9.0
cpe:/o:debian:debian_linux:9.x
cpe:/a:ruby-lang:ruby2.3
cpe:/o:debian:debian_linux:8.0
...

© SecPod Technologies