Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2013-0129)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123753

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2013-0129)

Resumen: The remote host is missing an update for the 'ruby' package(s) announced via the ELSA-2013-0129 advisory.

Descripción: Summary:
The remote host is missing an update for the 'ruby' package(s) announced via the ELSA-2013-0129 advisory.

Vulnerability Insight:
[1.8.5-27]
- unintentional file creation caused by inserting an illegal NUL character
* ruby-1.8.6-CVE-2012-4522-io.c-pipe_open-command-name-should-not-contain-null-.patch
- Related: rhbz#867750

[1.8.5-26]
- escaping vulnerability about Exception#to_s / NameError#to_s
* ruby-1.8.7-p371-CVE-2012-4481.patch
- Resolves: rhbz#867750
- unintentional file creation caused by inserting an illegal NUL character
* ruby-1.8.6-CVE-2012-4522-io.c-rb_open_file-should-check-NUL-in-path.patch
- Resolves: rhbz#867750

[1.8.5-25]
- Resolve buffer overflow causing gem installation issues.
* ruby-1.8.7-syck-avoid-buffer-overflow.patch
- Resolves: rhbz#834381

Affected Software/OS:
'ruby' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-4481
MDVSA-2013:124
http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
RHSA-2013:0129
http://rhn.redhat.com/errata/RHSA-2013-0129.html
RHSA-2013:0612
http://rhn.redhat.com/errata/RHSA-2013-0612.html
[oss-security] 20121005 Re: CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
http://www.openwall.com/lists/oss-security/2012/10/05/4
https://bugzilla.redhat.com/show_bug.cgi?id=863484
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294
Common Vulnerability Exposure (CVE) ID: CVE-2012-4522
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163
http://www.openwall.com/lists/oss-security/2012/10/12/6
http://www.openwall.com/lists/oss-security/2012/10/13/1
http://www.openwall.com/lists/oss-security/2012/10/16/1
RedHat Security Advisories: RHSA-2013:0129

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123753
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2013-0129)
Resumen:	The remote host is missing an update for the 'ruby' package(s) announced via the ELSA-2013-0129 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ruby' package(s) announced via the ELSA-2013-0129 advisory. Vulnerability Insight: [1.8.5-27] - unintentional file creation caused by inserting an illegal NUL character * ruby-1.8.6-CVE-2012-4522-io.c-pipe_open-command-name-should-not-contain-null-.patch - Related: rhbz#867750 [1.8.5-26] - escaping vulnerability about Exception#to_s / NameError#to_s * ruby-1.8.7-p371-CVE-2012-4481.patch - Resolves: rhbz#867750 - unintentional file creation caused by inserting an illegal NUL character * ruby-1.8.6-CVE-2012-4522-io.c-rb_open_file-should-check-NUL-in-path.patch - Resolves: rhbz#867750 [1.8.5-25] - Resolve buffer overflow causing gem installation issues. * ruby-1.8.7-syck-avoid-buffer-overflow.patch - Resolves: rhbz#834381 Affected Software/OS: 'ruby' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4481 MDVSA-2013:124 http://www.mandriva.com/security/advisories?name=MDVSA-2013:124 RHSA-2013:0129 http://rhn.redhat.com/errata/RHSA-2013-0129.html RHSA-2013:0612 http://rhn.redhat.com/errata/RHSA-2013-0612.html [oss-security] 20121005 Re: CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects http://www.openwall.com/lists/oss-security/2012/10/05/4 https://bugzilla.redhat.com/show_bug.cgi?id=863484 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294 Common Vulnerability Exposure (CVE) ID: CVE-2012-4522 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163 http://www.openwall.com/lists/oss-security/2012/10/12/6 http://www.openwall.com/lists/oss-security/2012/10/13/1 http://www.openwall.com/lists/oss-security/2012/10/16/1 RedHat Security Advisories: RHSA-2013:0129
Copyright	Copyright (C) 2015 Greenbone AG