Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-35)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120218

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-35)

Resumen: The remote host is missing an update for the 'ruby' package(s) announced via the ALAS-2012-35 advisory.

Descripción: Summary:
The remote host is missing an update for the 'ruby' package(s) announced via the ALAS-2012-35 advisory.

Vulnerability Insight:
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Affected Software/OS:
'ruby' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4815
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
CERT/CC vulnerability note: VU#903934
http://www.kb.cert.org/vuls/id/903934
http://jvn.jp/en/jp/JVN90615481/index.html
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606
RedHat Security Advisories: RHSA-2012:0069
http://rhn.redhat.com/errata/RHSA-2012-0069.html
RedHat Security Advisories: RHSA-2012:0070
http://rhn.redhat.com/errata/RHSA-2012-0070.html
http://www.securitytracker.com/id?1026474
http://secunia.com/advisories/47405
http://secunia.com/advisories/47822
XForce ISS Database: ruby-hash-dos(72020)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72020

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120218
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-35)
Resumen:	The remote host is missing an update for the 'ruby' package(s) announced via the ALAS-2012-35 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ruby' package(s) announced via the ALAS-2012-35 advisory. Vulnerability Insight: Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Affected Software/OS: 'ruby' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4815 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search) http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html CERT/CC vulnerability note: VU#903934 http://www.kb.cert.org/vuls/id/903934 http://jvn.jp/en/jp/JVN90615481/index.html http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606 RedHat Security Advisories: RHSA-2012:0069 http://rhn.redhat.com/errata/RHSA-2012-0069.html RedHat Security Advisories: RHSA-2012:0070 http://rhn.redhat.com/errata/RHSA-2012-0070.html http://www.securitytracker.com/id?1026474 http://secunia.com/advisories/47405 http://secunia.com/advisories/47822 XForce ISS Database: ruby-hash-dos(72020) https://exchange.xforce.ibmcloud.com/vulnerabilities/72020
Copyright	Copyright (C) 2015 Greenbone AG