Download
| Alert*
oval:org.secpod.oval:def:506391
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby30-ruby . Security Fix: * rubygem-bundler: Dependencies of gems with ex ... oval:org.secpod.oval:def:78161 Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service. oval:org.secpod.oval:def:75887 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source * rubygem-rdoc: Command injectio ... oval:org.secpod.oval:def:89045814 This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc . - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP . - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP . oval:org.secpod.oval:def:506796 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby26-ruby . Security Fix: * rubygem-bundler: Dependencies of gems with e ... oval:org.secpod.oval:def:2106685 Oracle Solaris 11 - ( CVE-2021-32066 ) oval:org.secpod.oval:def:706082 ruby2.7: Object-oriented scripting language - ruby2.5: Object-oriented scripting language - ruby2.3: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:506711 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * rubygem-rdoc: Command injection vulnerability in RDoc * ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary h ... oval:org.secpod.oval:def:506699 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source * rubygem-rdoc: Command injectio ... oval:org.secpod.oval:def:1701769 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private ... oval:org.secpod.oval:def:1505475 ruby [2.5.9-109.0.1] - Rebuild with a dependency containing fix for Orabug: 33921593 [2.5.9-109] - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 [2.5.9-108] - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799 - Fix StartTLS stripping vulnerability ... oval:org.secpod.oval:def:89047204 This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc . - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP . - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP . oval:org.secpod.oval:def:1701662 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private ... oval:org.secpod.oval:def:2500596 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. oval:org.secpod.oval:def:3301307 SUSE Security Update: Security update for ruby2.5 oval:org.secpod.oval:def:4501152 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source * rubygem-rdoc: Command injectio ... oval:org.secpod.oval:def:605778 Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service. oval:org.secpod.oval:def:506282 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source * rubygem-rdoc: Command injectio ... oval:org.secpod.oval:def:74549 ruby2.7: Object-oriented scripting language - ruby2.5: Object-oriented scripting language - ruby2.3: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:2500613 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. oval:org.secpod.oval:def:4501132 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * rubygem-rdoc: Command injection vulnerability in RDoc * ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary h ... oval:org.secpod.oval:def:4501353 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source * rubygem-rdoc: Command injectio ... oval:org.secpod.oval:def:506344 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby27-ruby . Security Fix: * rubygem-bundler: Dependencies of gems with ex ... oval:org.secpod.oval:def:2500461 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. oval:org.secpod.oval:def:1505044 ruby [2.7.4-137] - Upgrade to Ruby 2.7.4. - Fix command injection vulnerability in RDoc. Resolves: rhbz#1986768 - Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host. Resolves: rhbz#1986812 - Fix StartTLS stripping vulnerability in Net::IMAP. Resolves: rhbz#1986813 - Upgrad ... oval:org.secpod.oval:def:89045857 This update for ruby2.1 fixes the following issues: - CVE-2020-25613: Fixed potential HTTP request smuggling in WEBrick . - CVE-2021-31799: Fixed Command injection vulnerability in RDoc . - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP . - CVE-2021-32066: Fixed StartTLS ... oval:org.secpod.oval:def:1505543 ruby [2.6.9-108] - Upgrade to Ruby 2.6.9. - Skip JIT tests in RHEL 8. - Fix the issues required to start the "make test-bundler" itself. - Fix Bundler dependency confusion. Resolves: CVE-2020-36327 oval:org.secpod.oval:def:120504 Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks . It is simple, straight-forward, and extensible. oval:org.secpod.oval:def:1505469 ruby [2.5.9-109] - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 [2.5.9-108] - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799 - Fix StartTLS stripping vulnerability in Net::IMAP Resolves: CVE-2021-32066 - Fix FTP PASV command response can cause ... oval:org.secpod.oval:def:89047475 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion . - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods . - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP . - CVE-2021-31 ... oval:org.secpod.oval:def:89046285 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion . - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods . - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP . - CVE-2021-31 ... |