English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59355
Category:Fedora Local Security Checks
Title:Fedora Core 5 FEDORA-2006-849 (ruby)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to ruby
announced via advisory FEDORA-2006-849.

Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.


* Thu Jul 20 2006 Akira TAGOH - 1.8.4-8
- security fixes [CVE-2006-3694]
- ruby-1.8.4-fix-insecure-dir-operation.patch:
- ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure
operations in the certain safe-level restrictions. (#199538)
- ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain
safe-level restrictions. (#199543)
* Mon Jun 19 2006 Akira TAGOH - 1.8.4-7.fc5
- fixed the wrong file list again. moved tcltk library into ruby-tcltk.
(#195872)
* Thu Jun 8 2006 Akira TAGOH - 1.8.4-5.fc5
- ruby-deprecated-search-path.patch: applied to add more search path
for backward compatibility.
- added byacc to BuildReq.
- exclude ppc64 to make ruby-mode package. right now emacs.ppc64 isn't provided
and buildsys became much stricter.
* Wed May 17 2006 Akira TAGOH - 1.8.4-4.fc5
- correct sitelibdir. (#184198)
- ruby-rubyprefix.patch: moved all arch-independent modules under /usr/lib/ruby
and keep arch-dependent modules under /usr/lib64/ruby for 64bit archs.
so 'rubylibdir', 'sitelibdir' and 'sitedir' in Config::CONFIG points to
the kind of /usr/lib/ruby now. (#184199)
- ruby-deprecated-search-path.patch: added the deprecated installation paths
to the search path for the backward compatibility.
- added a Provides: ruby(abi) to ruby-libs.
- ruby-1.8.4-64bit-pack.patch: backport patch from upstream to fix unpack(l)
not working on 64bit arch and integer overflow on template w. (#189350)
- updated License tag to be more comfortable, and with a pointer to get more
details, like Python package does. (#179933)
- clean up.

Solution: Apply the appropriate updates.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/


This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.


https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2006-849

Risk factor : High

CVSS Score:
6.4

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3694
BugTraq ID: 18944
http://www.securityfocus.com/bid/18944
Debian Security Information: DSA-1139 (Google Search)
http://www.debian.org/security/2006/dsa-1139
Debian Security Information: DSA-1157 (Google Search)
http://www.debian.org/security/2006/dsa-1157
http://jvn.jp/jp/JVN%2313947696/index.html
http://jvn.jp/jp/JVN%2383768862/index.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:134
http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html
http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html
http://www.osvdb.org/27144
http://www.osvdb.org/27145
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983
http://www.redhat.com/support/errata/RHSA-2006-0604.html
http://secunia.com/advisories/21009
http://secunia.com/advisories/21233
http://secunia.com/advisories/21236
http://secunia.com/advisories/21272
http://secunia.com/advisories/21337
http://secunia.com/advisories/21598
http://secunia.com/advisories/21657
http://secunia.com/advisories/21749
SGI Security Advisory: 20060801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
SuSE Security Announcement: SUSE-SR:2006:021 (Google Search)
http://www.novell.com/linux/security/advisories/2006_21_sr.html
http://www.ubuntu.com/usn/usn-325-1
http://www.vupen.com/english/advisories/2006/2760
XForce ISS Database: ruby-alias-directory-security-bypass(27725)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27725
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.