Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.2.2019.1428
Category:Huawei EulerOS Local Security Checks
Title:Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1428)
Summary:The remote host is missing an update for the Huawei EulerOS 'ruby' package(s) announced via the EulerOS-SA-2019-1428 advisory.
Description:Summary:
The remote host is missing an update for the Huawei EulerOS 'ruby' package(s) announced via the EulerOS-SA-2019-1428 advisory.

Vulnerability Insight:
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.(CVE-2012-4466)

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.(CVE-2014-8090)

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.(CVE-2013-4287)

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.(CVE-2014-8080)

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.(CVE-2013-4073)

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.(CVE-2012-4522)

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.(CVE-2013-2065)

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'ruby' package(s) on Huawei EulerOS Virtualization 3.0.1.0.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-4464
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
http://www.openwall.com/lists/oss-security/2012/10/02/4
http://www.openwall.com/lists/oss-security/2012/10/03/9
Common Vulnerability Exposure (CVE) ID: CVE-2012-4466
http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
Common Vulnerability Exposure (CVE) ID: CVE-2012-4522
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163
http://www.openwall.com/lists/oss-security/2012/10/12/6
http://www.openwall.com/lists/oss-security/2012/10/13/1
http://www.openwall.com/lists/oss-security/2012/10/16/1
RedHat Security Advisories: RHSA-2013:0129
http://rhn.redhat.com/errata/RHSA-2013-0129.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-5371
BugTraq ID: 56484
http://www.securityfocus.com/bid/56484
http://2012.appsec-forum.ch/conferences/#c17
http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf
http://www.ocert.org/advisories/ocert-2012-001.html
https://www.131002.net/data/talks/appsec12_slides.pdf
http://www.osvdb.org/87280
http://securitytracker.com/id?1027747
http://secunia.com/advisories/51253
http://www.ubuntu.com/usn/USN-1733-1
XForce ISS Database: ruby-hash-function-dos(79993)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79993
Common Vulnerability Exposure (CVE) ID: CVE-2013-2065
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html
SuSE Security Announcement: openSUSE-SU-2013:1611 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html
http://www.ubuntu.com/usn/USN-2035-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4073
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
Debian Security Information: DSA-2738 (Google Search)
http://www.debian.org/security/2013/dsa-2738
Debian Security Information: DSA-2809 (Google Search)
http://www.debian.org/security/2013/dsa-2809
RedHat Security Advisories: RHSA-2013:1090
http://rhn.redhat.com/errata/RHSA-2013-1090.html
RedHat Security Advisories: RHSA-2013:1103
http://rhn.redhat.com/errata/RHSA-2013-1103.html
RedHat Security Advisories: RHSA-2013:1137
http://rhn.redhat.com/errata/RHSA-2013-1137.html
SuSE Security Announcement: openSUSE-SU-2013:1181 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00042.html
SuSE Security Announcement: openSUSE-SU-2013:1186 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00044.html
http://www.ubuntu.com/usn/USN-1902-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4164
http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
BugTraq ID: 63873
http://www.securityfocus.com/bid/63873
Debian Security Information: DSA-2810 (Google Search)
http://www.debian.org/security/2013/dsa-2810
http://osvdb.org/100113
RedHat Security Advisories: RHSA-2013:1763
http://rhn.redhat.com/errata/RHSA-2013-1763.html
RedHat Security Advisories: RHSA-2013:1764
http://rhn.redhat.com/errata/RHSA-2013-1764.html
RedHat Security Advisories: RHSA-2013:1767
http://rhn.redhat.com/errata/RHSA-2013-1767.html
RedHat Security Advisories: RHSA-2014:0011
http://rhn.redhat.com/errata/RHSA-2014-0011.html
RedHat Security Advisories: RHSA-2014:0215
http://rhn.redhat.com/errata/RHSA-2014-0215.html
http://secunia.com/advisories/55787
http://secunia.com/advisories/57376
SuSE Security Announcement: SUSE-SU-2013:1897 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html
SuSE Security Announcement: openSUSE-SU-2013:1834 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html
SuSE Security Announcement: openSUSE-SU-2013:1835 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4287
http://www.openwall.com/lists/oss-security/2013/09/10/1
RedHat Security Advisories: RHSA-2013:1427
http://rhn.redhat.com/errata/RHSA-2013-1427.html
RedHat Security Advisories: RHSA-2013:1441
http://rhn.redhat.com/errata/RHSA-2013-1441.html
RedHat Security Advisories: RHSA-2013:1523
http://rhn.redhat.com/errata/RHSA-2013-1523.html
RedHat Security Advisories: RHSA-2013:1852
http://rhn.redhat.com/errata/RHSA-2013-1852.html
RedHat Security Advisories: RHSA-2014:0207
http://rhn.redhat.com/errata/RHSA-2014-0207.html
http://secunia.com/advisories/55381
Common Vulnerability Exposure (CVE) ID: CVE-2013-4363
http://www.openwall.com/lists/oss-security/2013/09/14/3
http://www.openwall.com/lists/oss-security/2013/09/18/8
http://www.openwall.com/lists/oss-security/2013/09/20/1
Common Vulnerability Exposure (CVE) ID: CVE-2014-4975
BugTraq ID: 68474
http://www.securityfocus.com/bid/68474
Debian Security Information: DSA-3157 (Google Search)
http://www.debian.org/security/2015/dsa-3157
http://www.mandriva.com/security/advisories?name=MDVSA-2015:129
http://www.openwall.com/lists/oss-security/2014/07/09/13
RedHat Security Advisories: RHSA-2014:1912
http://rhn.redhat.com/errata/RHSA-2014-1912.html
RedHat Security Advisories: RHSA-2014:1913
http://rhn.redhat.com/errata/RHSA-2014-1913.html
RedHat Security Advisories: RHSA-2014:1914
http://rhn.redhat.com/errata/RHSA-2014-1914.html
http://www.ubuntu.com/usn/USN-2397-1
XForce ISS Database: ruby-cve20144975-bo(94706)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94706
Common Vulnerability Exposure (CVE) ID: CVE-2014-8080
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
BugTraq ID: 70935
http://www.securityfocus.com/bid/70935
Debian Security Information: DSA-3159 (Google Search)
http://www.debian.org/security/2015/dsa-3159
RedHat Security Advisories: RHSA-2014:1911
http://rhn.redhat.com/errata/RHSA-2014-1911.html
http://secunia.com/advisories/61607
http://secunia.com/advisories/62050
http://secunia.com/advisories/62748
SuSE Security Announcement: openSUSE-SU-2014:1589 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html
SuSE Security Announcement: openSUSE-SU-2015:0002 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html
SuSE Security Announcement: openSUSE-SU-2015:0007 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-8090
BugTraq ID: 71230
http://www.securityfocus.com/bid/71230
http://secunia.com/advisories/59948
http://www.ubuntu.com/usn/USN-2412-1
Common Vulnerability Exposure (CVE) ID: CVE-2018-8780
BugTraq ID: 103739
http://www.securityfocus.com/bid/103739
Debian Security Information: DSA-4259 (Google Search)
https://www.debian.org/security/2018/dsa-4259
https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html
https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
RedHat Security Advisories: RHSA-2018:3729
https://access.redhat.com/errata/RHSA-2018:3729
RedHat Security Advisories: RHSA-2018:3730
https://access.redhat.com/errata/RHSA-2018:3730
RedHat Security Advisories: RHSA-2018:3731
https://access.redhat.com/errata/RHSA-2018:3731
RedHat Security Advisories: RHSA-2019:2028
https://access.redhat.com/errata/RHSA-2019:2028
RedHat Security Advisories: RHSA-2020:0542
https://access.redhat.com/errata/RHSA-2020:0542
RedHat Security Advisories: RHSA-2020:0591
https://access.redhat.com/errata/RHSA-2020:0591
RedHat Security Advisories: RHSA-2020:0663
https://access.redhat.com/errata/RHSA-2020:0663
http://www.securitytracker.com/id/1042004
SuSE Security Announcement: openSUSE-SU-2019:1771 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
https://usn.ubuntu.com/3626-1/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.