Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2017.0482
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2017-0482)
Zusammenfassung:	The remote host is missing an update for the 'ruby-RubyGems' package(s) announced via the MGASA-2017-0482 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ruby-RubyGems' package(s) announced via the MGASA-2017-0482 advisory. Vulnerability Insight: An ANSI escape sequence vulnerability (CVE-2017-0899). A DoS vulnerability in the query command (CVE-2017-0900). A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files (CVE-2017-0901). A DNS request hijacking vulnerability (CVE-2017-0902). An unsafe object deserialization vulnerability that allows an attacker to inject an instance of an object of their choosing in the target system. A clever attacker can inject an object that is able to interact with the system in such a way that will allow the attacker to execute arbitrary code (CVE-2017-0903). Affected Software/OS: 'ruby-RubyGems' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-0899 BugTraq ID: 100576 http://www.securityfocus.com/bid/100576 Debian Security Information: DSA-3966 (Google Search) https://www.debian.org/security/2017/dsa-3966 https://security.gentoo.org/glsa/201710-01 http://blog.rubygems.org/2017/08/27/2.6.13-released.html https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1 https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491 https://hackerone.com/reports/226335 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html RedHat Security Advisories: RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2017:3485 RedHat Security Advisories: RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0378 RedHat Security Advisories: RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0583 RedHat Security Advisories: RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2018:0585 http://www.securitytracker.com/id/1039249 Common Vulnerability Exposure (CVE) ID: CVE-2017-0900 BugTraq ID: 100579 http://www.securityfocus.com/bid/100579 https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251 https://hackerone.com/reports/243003 Common Vulnerability Exposure (CVE) ID: CVE-2017-0901 BugTraq ID: 100580 http://www.securityfocus.com/bid/100580 https://www.exploit-db.com/exploits/42611/ https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2 https://hackerone.com/reports/243156 https://usn.ubuntu.com/3553-1/ https://usn.ubuntu.com/3685-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-0902 BugTraq ID: 100586 http://www.securityfocus.com/bid/100586 https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d32 https://hackerone.com/reports/218088 Common Vulnerability Exposure (CVE) ID: CVE-2017-0903 BugTraq ID: 101275 http://www.securityfocus.com/bid/101275 Debian Security Information: DSA-4031 (Google Search) https://www.debian.org/security/2017/dsa-4031 http://blog.rubygems.org/2017/10/09/2.6.14-released.html http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49 https://hackerone.com/reports/274990
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.