ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0440
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0440)
Resumen:	The remote host is missing an update for the 'jruby' package(s) announced via the MGASA-2020-0440 advisory.
Descripción:	Summary: The remote host is missing an update for the 'jruby' package(s) announced via the MGASA-2020-0440 advisory. Vulnerability Insight: Response Splitting attack in the HTTP server of WEBrick (CVE-2017-17742). Delete directory using symlink when decompressing tar (CVE-2019-8320). Escape sequence injection vulnerability in verbose (CVE-2019-8321). Escape sequence injection vulnerability in gem owner (CVE-2019-8322). Escape sequence injection vulnerability in API response handling (CVE-2019-8323). Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324). Escape sequence injection vulnerability in errors (CVE-2019-8325). Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication (CVE-2019-16201). HTTP Response Splitting attack in the HTTP server of WEBrick (CVE-2019-16254). Code injection vulnerability (CVE-2019-16255). A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick (bundled along with jruby) was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to 'smuggle' a request (CVE-2020-25613). Affected Software/OS: 'jruby' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 8.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-17742 BugTraq ID: 103684 http://www.securityfocus.com/bid/103684 Debian Security Information: DSA-4259 (Google Search) https://www.debian.org/security/2018/dsa-4259 https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html RedHat Security Advisories: RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3729 RedHat Security Advisories: RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3730 RedHat Security Advisories: RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2018:3731 RedHat Security Advisories: RHSA-2019:2028 https://access.redhat.com/errata/RHSA-2019:2028 http://www.securitytracker.com/id/1042004 SuSE Security Announcement: openSUSE-SU-2019:1771 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html https://usn.ubuntu.com/3685-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-16201 Bugtraq: 20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update (Google Search) https://seclists.org/bugtraq/2019/Dec/32 Bugtraq: 20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update (Google Search) https://seclists.org/bugtraq/2019/Dec/31 Debian Security Information: DSA-4587 (Google Search) https://www.debian.org/security/2019/dsa-4587 https://security.gentoo.org/glsa/202003-06 https://hackerone.com/reports/661722 https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html https://www.oracle.com/security-alerts/cpujan2020.html SuSE Security Announcement: openSUSE-SU-2020:0395 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html Common Vulnerability Exposure (CVE) ID: CVE-2019-16254 Debian Security Information: DSA-4586 (Google Search) https://www.debian.org/security/2019/dsa-4586 https://hackerone.com/reports/331984 Common Vulnerability Exposure (CVE) ID: CVE-2019-16255 https://hackerone.com/reports/327512 Common Vulnerability Exposure (CVE) ID: CVE-2019-8320 https://hackerone.com/reports/317321 RedHat Security Advisories: RHSA-2019:1429 https://access.redhat.com/errata/RHSA-2019:1429 Common Vulnerability Exposure (CVE) ID: CVE-2019-8321 https://hackerone.com/reports/317330 Common Vulnerability Exposure (CVE) ID: CVE-2019-8322 https://hackerone.com/reports/315087 Common Vulnerability Exposure (CVE) ID: CVE-2019-8323 https://hackerone.com/reports/315081 Common Vulnerability Exposure (CVE) ID: CVE-2019-8324 https://hackerone.com/reports/328571 RedHat Security Advisories: RHSA-2019:1972 https://access.redhat.com/errata/RHSA-2019:1972 Common Vulnerability Exposure (CVE) ID: CVE-2019-8325 https://hackerone.com/reports/317353 Common Vulnerability Exposure (CVE) ID: CVE-2020-25613 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV/ https://security.gentoo.org/glsa/202401-27 https://hackerone.com/reports/965267
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.