Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2011-0909)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122141

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2011-0909)

Resumen: The remote host is missing an update for the 'ruby' package(s) announced via the ELSA-2011-0909 advisory.

Descripción: Summary:
The remote host is missing an update for the 'ruby' package(s) announced via the ELSA-2011-0909 advisory.

Vulnerability Insight:
[1.8.5-19.el5_6.1]
- Address CVE-2011-1004 'Symlink race condition by removing directory trees in
fileutils module'
* ruby-1.8.7-CVE-2011-1004.patch
- Address CVE-2011-1005 'Untrusted codes able to modify arbitrary strings'
* ruby-1.8.7-CVE-2011-1005.patch
- Address CVE-2011-0188 'memory corruption in BigDecimal on 64bit platforms'
* ruby-1.8.7-CVE-2011-0188.patch
- Address CVE-CVE-2010-0541 'Ruby WEBrick javascript injection flaw'
* ruby-1.8.7-CVE-2010-0541.patch
- Address CVE-CVE-2009-4492 'ruby WEBrick log escape sequence'
* ruby-1.8.6-CVE-2009-4492.patch
- Resolves: rhbz#709957

Affected Software/OS:
'ruby' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4492
BugTraq ID: 37710
http://www.securityfocus.com/bid/37710
Bugtraq: 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection (Google Search)
http://www.securityfocus.com/archive/1/508830/100/0/threaded
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
http://www.redhat.com/support/errata/RHSA-2011-0908.html
http://www.redhat.com/support/errata/RHSA-2011-0909.html
http://securitytracker.com/id?1023429
http://secunia.com/advisories/37949
http://www.vupen.com/english/advisories/2010/0089
Common Vulnerability Exposure (CVE) ID: CVE-2010-0541
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
BugTraq ID: 40871
http://www.securityfocus.com/bid/40871
BugTraq ID: 40895
http://www.securityfocus.com/bid/40895
http://www.mandriva.com/security/advisories?name=MDVSA-2011:097
http://www.mandriva.com/security/advisories?name=MDVSA-2011:098
http://secunia.com/advisories/40220
http://www.vupen.com/english/advisories/2010/1481
Common Vulnerability Exposure (CVE) ID: CVE-2011-0188
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://www.redhat.com/support/errata/RHSA-2011-0910.html
http://www.securitytracker.com/id?1025236
Common Vulnerability Exposure (CVE) ID: CVE-2011-1004
43434
http://secunia.com/advisories/43434
43573
http://secunia.com/advisories/43573
46460
http://www.securityfocus.com/bid/46460
70958
http://osvdb.org/70958
ADV-2011-0539
http://www.vupen.com/english/advisories/2011/0539
APPLE-SA-2012-05-09-1
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
FEDORA-2011-1876
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html
FEDORA-2011-1913
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html
MDVSA-2011:097
RHSA-2011:0909
RHSA-2011:0910
[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE
http://www.openwall.com/lists/oss-security/2011/02/21/2
[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE
http://www.openwall.com/lists/oss-security/2011/02/21/5
http://support.apple.com/kb/HT5281
http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
https://bugzilla.redhat.com/show_bug.cgi?id=678913
Common Vulnerability Exposure (CVE) ID: CVE-2011-1005
43420
http://secunia.com/advisories/43420
46458
http://www.securityfocus.com/bid/46458
70957
http://osvdb.org/70957
MDVSA-2011:098
RHSA-2011:0908
http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/
https://bugzilla.redhat.com/show_bug.cgi?id=678920

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122141
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2011-0909)
Resumen:	The remote host is missing an update for the 'ruby' package(s) announced via the ELSA-2011-0909 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ruby' package(s) announced via the ELSA-2011-0909 advisory. Vulnerability Insight: [1.8.5-19.el5_6.1] - Address CVE-2011-1004 'Symlink race condition by removing directory trees in fileutils module' * ruby-1.8.7-CVE-2011-1004.patch - Address CVE-2011-1005 'Untrusted codes able to modify arbitrary strings' * ruby-1.8.7-CVE-2011-1005.patch - Address CVE-2011-0188 'memory corruption in BigDecimal on 64bit platforms' * ruby-1.8.7-CVE-2011-0188.patch - Address CVE-CVE-2010-0541 'Ruby WEBrick javascript injection flaw' * ruby-1.8.7-CVE-2010-0541.patch - Address CVE-CVE-2009-4492 'ruby WEBrick log escape sequence' * ruby-1.8.6-CVE-2009-4492.patch - Resolves: rhbz#709957 Affected Software/OS: 'ruby' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4492 BugTraq ID: 37710 http://www.securityfocus.com/bid/37710 Bugtraq: 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection (Google Search) http://www.securityfocus.com/archive/1/508830/100/0/threaded http://www.ush.it/team/ush/hack_httpd_escape/adv.txt http://www.redhat.com/support/errata/RHSA-2011-0908.html http://www.redhat.com/support/errata/RHSA-2011-0909.html http://securitytracker.com/id?1023429 http://secunia.com/advisories/37949 http://www.vupen.com/english/advisories/2010/0089 Common Vulnerability Exposure (CVE) ID: CVE-2010-0541 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 40871 http://www.securityfocus.com/bid/40871 BugTraq ID: 40895 http://www.securityfocus.com/bid/40895 http://www.mandriva.com/security/advisories?name=MDVSA-2011:097 http://www.mandriva.com/security/advisories?name=MDVSA-2011:098 http://secunia.com/advisories/40220 http://www.vupen.com/english/advisories/2010/1481 Common Vulnerability Exposure (CVE) ID: CVE-2011-0188 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://www.redhat.com/support/errata/RHSA-2011-0910.html http://www.securitytracker.com/id?1025236 Common Vulnerability Exposure (CVE) ID: CVE-2011-1004 43434 http://secunia.com/advisories/43434 43573 http://secunia.com/advisories/43573 46460 http://www.securityfocus.com/bid/46460 70958 http://osvdb.org/70958 ADV-2011-0539 http://www.vupen.com/english/advisories/2011/0539 APPLE-SA-2012-05-09-1 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html FEDORA-2011-1876 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html FEDORA-2011-1913 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html MDVSA-2011:097 RHSA-2011:0909 RHSA-2011:0910 [oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE http://www.openwall.com/lists/oss-security/2011/02/21/2 [oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE http://www.openwall.com/lists/oss-security/2011/02/21/5 http://support.apple.com/kb/HT5281 http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/ https://bugzilla.redhat.com/show_bug.cgi?id=678913 Common Vulnerability Exposure (CVE) ID: CVE-2011-1005 43420 http://secunia.com/advisories/43420 46458 http://www.securityfocus.com/bid/46458 70957 http://osvdb.org/70957 MDVSA-2011:098 RHSA-2011:0908 http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/ https://bugzilla.redhat.com/show_bug.cgi?id=678920
Copyright	Copyright (C) 2015 Greenbone AG