Next Page >>
Ruby
Mandriva Linux Security Advisory MDVSA-2008:141
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ruby
Date : July 9, 2008
Affected: 2007.1, 2008.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2008:142
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ruby
Date : July 9, 2008
Affected: Corporate 3.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2008:140
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ruby
Date : July 9, 2008
Affected: 2008.1
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2008:226
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ruby
Date : November 6, 2008
Affected: 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Kris Katterjohn and many others.
The startup speed up the Metasploit Console and all utilities has been
greatly improved due to performance patches by Yoann Guillot and a
string processing overhaul by James Lee. Metasploit now fully supports
the 1.9.1 version of the Ruby interpreter, clearing the way for support
under a variety of alternate Ruby VMs in the future.
The Windows installation now includes a fully-functional console
interface, using Cygwin and RXVT as a front-end to the framework. The
Windows installer now runs on all supported versions of Windows, from
several hours depending on the targeted application and server performance,
the amplification effect is considerable and requires little bandwidth and
time on the attacker side.
The condition for predictable collisions in the hashing functions has been
reported for the following language implementations: Java, JRuby, PHP, Python,
Rubinius, Ruby. In the case of the Ruby language, the 1.9.x branch is not
affected by the predictable collision condition since this version includes a
randomization of the hashing function.
The vulnerability outlined in this advisory is practically identical to the
iSEC Partners Security Advisory - 2007-006-RubySSL
http://www.isecpartners.com
--------------------------------------------
Ruby Net::HTTPS library does not validate server certificate CN
Vendor: Ruby
Vendor URL: http://www.ruby-lang.org
Versions affected: 1.8.5, 1.8.6, Trunk Ruby
Systems Affected: All Ruby Platforms
________________________________________________________________________
Vendors: PHP, http://www.php.net
Oracle, http://www.oracle.com
Microsoft, http://www.microsoft.com
Python, http://www.python.org
Ruby, http://www.ruby.org
Google, http://www.google.com
Affected Products: PHP 4 and 5
Java
Apache Tomcat
Apache Geronimo
===========================================================
Ubuntu Security Notice USN-651-1 October 10, 2008
ruby1.8 vulnerabilities
CVE-2008-2376, CVE-2008-3443, CVE-2008-3655, CVE-2008-3656,
CVE-2008-3657, CVE-2008-3790, CVE-2008-3905
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Ruby: Multiple vulnerabilities
Date: December 16, 2008
Bugs: #225465, #236060
ID: 200812-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mandriva Linux Security Advisory MDVSA-2011:097
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ruby
Date : May 23, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
RubyGnome2 0.16.0
Format String Vulnerability In Gtk::MessageDialog
http://em386.blogspot.com
Ruby Gnome2 is a project to provide GTK2 bindings to ruby scripts so you can write GUI code in less time. There is a format string vulnerability in Gtk::MessageDialog(). This design flaw does not
allow for a user generated string to be safely sent to this function.
It is really just an API to the GTK2 function gtk_message_dialog_new() Ruby/Gnome2 does not properly use a format specifier for the message
variable in ruby-gnome2-all-0.16.0/gtk/src/rbgtkmessagedialog.c as requested by the Gtk man page for this function.
Severity Medium
Impact (CVSSv2) Medium 5/10, vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Vendor http://www.nginx.net/
http://varnish.projects.linpro.no/
http://www.cherokee-project.com/
http://www.ruby-lang.org/
http://www.acme.com/software/thttpd/
http://www.acme.com/software/mini_httpd/
http://www.orionserver.com/
http://www.aolserver.com/
http://yaws.hyber.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Ruby on Rails: Multiple vulnerabilities
Date: December 20, 2009
Bugs: #200159, #237385, #247549, #276279, #283396, #294797
ID: 200912-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mandriva Linux Security Advisory MDVSA-2011:098
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ruby
Date : May 23, 2011
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Ruby: Terminal Control Character Injection
Date: January 14, 2010
Bugs: #300468
ID: 201001-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - Product
Rbot (aka Rubybot) is a very powerful and feature rich IRC Bot written
in ruby: "Think of him as a ruby bot framework with a highly modular
design based around plugins." [1]
[1] http://ruby-rbot.org/
The advisory could be found here: http://securenetwork.it/ricerca/advisory/download/SN-2008-02.txt
Secure Network - Security Research Advisory
Vuln name: Ruby rb_ary_fill() DOS
Systems affected: ruby 1.8.x, 1.9.x
Systems not affected: -
Severity: Medium
Local/Remote: Local/Remote
Vendor URL: http://www.ruby-lang.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Ruby: Denial of Service
Date: June 28, 2009
Bugs: #273213
ID: 200906-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mandriva Linux Security Advisory MDVSA-2009:325
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ruby
Date : December 7, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
to a Windows system with the 'Flags2' field set to 0xc001 (disabling
security signatures, extended attributes and extended security
negotiation) recording the 8-byte challenges obtained from the server
and waiting for duplicates.
The following Ruby script can be used to test for the presence of this
vulnerability:
<test2_ochoa_2010-0209.rb>
===========================================================
Ubuntu Security Notice USN-596-1 March 26, 2008
ruby1.8 vulnerabilities
CVE-2007-5162, CVE-2007-5770
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-018
Application: Ruby 1.8.6 (WEBrick Web server Toolkit and applications that used WEBrick, like Metasploit 3.1)
Versions Affected: Ruby
1.8.4 and all prior versions
1.8.5-p114 and all prior versions
1.8.6-p113 and all prior versions
1.9.0-1 and all prior version
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Ruby on Rails: Multiple vulnerabilities
Date: November 14, 2007
Bugs: #195315, #182223
ID: 200711-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
===========================================================
Ubuntu Security Notice USN-900-1 February 16, 2010
ruby1.9 vulnerabilities
CVE-2009-1904, CVE-2009-4124, CVE-2009-4492
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
Ubuntu 9.04
Mandriva Linux Security Advisory MDVSA-2010:017
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ruby
Date : January 19, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Debian Security Advisory DSA-1410-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
November 24, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : ruby1.8
Vulnerability : programming error
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2007-5162 CVE-2007-5770
Rating: Minor
Exposure Level Classification:
Remote Deterministic Information Exposure
Updated Versions:
ruby=conary.rpath.com@rpl:1/1.8.6_p114-1-0.1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2338
References:
Mandriva Linux Security Advisory MDVSA-2009:193
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ruby
Date : August 5, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Debian Security Advisory DSA-1411-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
November 24, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libopenssl-ruby
Vulnerability : programming error
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2007-5162 CVE-2007-5770
Next Page>>
|
