|
 |
| Sat, Jul 26th | home | browse | articles | contact | chat | submit | faq | newsletter | about | stats | scoop | 07:14 UTC |
|
|
login « register « recover password « |
|
|
|
Ruby is an interpreted scripting language for quick and easy object-oriented programming. Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. It was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Ruby is an interpreted scripting language for object-oriented programming. An SSL certificate validation flaw was discovered in several Ruby Net modules. The libraries were not checking the requested host name against the common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
A denial of service vulnerability has been discovered in the CGI library included with Ruby, the intepreted scripting langauge for quick and easy object-orientated programming. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to the bypass of security restrictions or denial of service. It was discovered that the use of blocking sockets can lead to denial of service. It was discovered that Ruby does not properly maintain "safe levels" for aliasing, directory accesses and regular expressions, which might lead to a bypass of security restrictions. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
It was discovered that the interpreter for the Ruby language does not properly maintain "safe levels" for aliasing, directory accesses and regular expressions, which might lead to a bypass of security restrictions. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Ruby is an interpreted scripting language for object-oriented programming. A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby creates its xmlrpc and http servers. The servers use a non blocking socket, which enables a remote user to cause a denial of service condition if they are able to transmit a large volume of information from the network server. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way ruby handles eval statements. It is possible for a malicious script to call eval in such a way that can allow the bypass of certain safe-level restrictions. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby launched an XMLRPC server. If an XMLRPC server is launched in a certain way, it becomes possible for a remote attacker to execute arbitrary commands within the XMLRPC server. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
A vulnerability has been discovered in ruby1.8 that could allow arbitrary command execution on a server running the ruby xmlrpc server. Fixed packages are available from security.debian.org . Links: security.debian.org [Comments are disabled]
Ruby is an interpreted scripting language for object-oriented programming. A flaw was dicovered in the CGI module of Ruby. If empty data is sent by the POST method to the CGI script which requires MIME type multipart/form-data, it can get stuck in a loop. A remote attacker could trigger this flaw and cause a denial of service. Fixed packages are available from updates.redhat.com. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com · updates.redhat.com [Comments are disabled]
The upstream developers of Ruby have corrected a problem in the CGI module for this language. Specially crafted requests could cause an infinite loop and thus cause the program to eat up cpu cycles. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Ruby is an interpreted scripting language for object-oriented programming. Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world readable files that could allow a malicious local user the ability to read CGI session data. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore (and presumably PStore, but not in Debian woody) implementations store session information insecurely. They simply create files, ignoring permission issues. This can lead an attacker who has also shell access to the webserver to take over a session. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Templates are a valuable tool in any programmer's toolkit. I'm not talking about C++ templates, in which new concrete classes are created by replacing variable types within a template class. I'm talking about text templates, in which a string contains markers for replacement items, which are replaced with values. [Comments are disabled]
Many Ruby programmers learned the language from Andrew Hunt and Dave Thomas's excellent "Programming Ruby: The Pragmatic Programmer's Guide". For over a year, it was the only English language Ruby book available. Now, Hal Fulton's "The Ruby Way" comes at just the right time for those of us ready to move up to the next level. [Comments are disabled]
|
|
