Test ID:	1.3.6.1.4.1.25623.1.0.122548
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2008-0897)
Summary:	The remote host is missing an update for the 'ruby' package(s) announced via the ELSA-2008-0897 advisory.
Description:	Summary: The remote host is missing an update for the 'ruby' package(s) announced via the ELSA-2008-0897 advisory. Vulnerability Insight: [1.8.5-5.el5_2.5] - Build with -fno-strict-aliasing. [1.8.5-5.el5_2.4] - security fixes. (#461590) - CVE-2008-3655: multiple insufficient safe mode restrictions. - CVE-2008-3656: WEBrick DoS vulnerability (CPU consumption). - CVE-2008-3657: missing taintness checks in dl module. - CVE-2008-3905: use of predictable source port and transaction id in DNS requests done by resolv.rb module. - CVE-2008-3443: Memory allocation failure in Ruby regex engine (remotely exploitable DoS). - CVE-2008-3790: DoS vulnerability in the REXML module. Affected Software/OS: 'ruby' package(s) on Oracle Linux 4, Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1145 1019562 http://www.securitytracker.com/id?1019562 20080306 Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability http://www.securityfocus.com/archive/1/489218/100/0/threaded 20080306 [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability http://www.securityfocus.com/archive/1/489205/100/0/threaded 20080325 rPSA-2008-0123-1 ruby http://www.securityfocus.com/archive/1/490056/100/0/threaded 28123 http://www.securityfocus.com/bid/28123 29232 http://secunia.com/advisories/29232 29357 http://secunia.com/advisories/29357 29536 http://secunia.com/advisories/29536 30802 http://secunia.com/advisories/30802 31687 http://secunia.com/advisories/31687 32371 http://secunia.com/advisories/32371 5215 https://www.exploit-db.com/exploits/5215 ADV-2008-0787 http://www.vupen.com/english/advisories/2008/0787 ADV-2008-1981 http://www.vupen.com/english/advisories/2008/1981/references APPLE-SA-2008-06-30 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html FEDORA-2008-2443 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.html FEDORA-2008-2458 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html MDVSA-2008:141 http://www.mandriva.com/security/advisories?name=MDVSA-2008:141 MDVSA-2008:142 http://www.mandriva.com/security/advisories?name=MDVSA-2008:142 RHSA-2008:0897 http://www.redhat.com/support/errata/RHSA-2008-0897.html SUSE-SR:2008:017 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html VU#404515 http://www.kb.cert.org/vuls/id/404515 http://support.apple.com/kb/HT2163 http://wiki.rpath.com/Advisories:rPSA-2008-0123 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123 http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ https://issues.rpath.com/browse/RPL-2338 oval:org.mitre.oval:def:10937 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937 ruby-webrick-directory-traversal(41010) https://exchange.xforce.ibmcloud.com/vulnerabilities/41010 Common Vulnerability Exposure (CVE) ID: CVE-2008-3443 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 30682 http://www.securityfocus.com/bid/30682 Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1695 (Google Search) http://www.debian.org/security/2009/dsa-1695 https://www.exploit-db.com/exploits/6239 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570 http://www.redhat.com/support/errata/RHSA-2008-0895.html http://www.securitytracker.com/id?1021075 http://secunia.com/advisories/31430 http://secunia.com/advisories/32165 http://secunia.com/advisories/32219 http://secunia.com/advisories/32372 http://secunia.com/advisories/33185 http://secunia.com/advisories/33398 http://secunia.com/advisories/35074 http://securityreason.com/securityalert/4158 https://usn.ubuntu.com/651-1/ https://usn.ubuntu.com/691-1/ http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: ruby-regex-dos(44688) https://exchange.xforce.ibmcloud.com/vulnerabilities/44688 Common Vulnerability Exposure (CVE) ID: CVE-2008-3655 BugTraq ID: 30644 http://www.securityfocus.com/bid/30644 Bugtraq: 20080831 rPSA-2008-0264-1 ruby (Google Search) http://www.securityfocus.com/archive/1/495884/100/0/threaded Debian Security Information: DSA-1651 (Google Search) http://www.debian.org/security/2008/dsa-1651 Debian Security Information: DSA-1652 (Google Search) http://www.debian.org/security/2008/dsa-1652 http://security.gentoo.org/glsa/glsa-200812-17.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602 http://www.securitytracker.com/id?1020656 http://secunia.com/advisories/31697 http://secunia.com/advisories/32255 http://secunia.com/advisories/32256 http://secunia.com/advisories/33178 http://www.vupen.com/english/advisories/2008/2334 XForce ISS Database: ruby-safelevel-security-bypass(44369) https://exchange.xforce.ibmcloud.com/vulnerabilities/44369 Common Vulnerability Exposure (CVE) ID: CVE-2008-3656 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9682 http://www.securitytracker.com/id?1020654 XForce ISS Database: ruby-webrick-dos(44371) https://exchange.xforce.ibmcloud.com/vulnerabilities/44371 Common Vulnerability Exposure (CVE) ID: CVE-2008-3657 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793 http://www.securitytracker.com/id?1020652 XForce ISS Database: ruby-dl-security-bypass(44372) https://exchange.xforce.ibmcloud.com/vulnerabilities/44372 Common Vulnerability Exposure (CVE) ID: CVE-2008-3790 BugTraq ID: 30802 http://www.securityfocus.com/bid/30802 http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca http://www.openwall.com/lists/oss-security/2008/08/25/4 http://www.openwall.com/lists/oss-security/2008/08/26/1 http://www.openwall.com/lists/oss-security/2008/08/26/4 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393 http://www.securitytracker.com/id?1020735 http://secunia.com/advisories/31602 http://www.vupen.com/english/advisories/2008/2428 http://www.vupen.com/english/advisories/2008/2483 XForce ISS Database: ruby-rexml-dos(44628) https://exchange.xforce.ibmcloud.com/vulnerabilities/44628 Common Vulnerability Exposure (CVE) ID: CVE-2008-3905 BugTraq ID: 31699 http://www.securityfocus.com/bid/31699 http://www.openwall.com/lists/oss-security/2008/09/03/3 http://www.openwall.com/lists/oss-security/2008/09/04/9 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034 http://secunia.com/advisories/32948 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754 XForce ISS Database: ruby-resolv-dns-spoofing(45935) https://exchange.xforce.ibmcloud.com/vulnerabilities/45935
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.