Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702738
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2738-1 (ruby1.9.1 - several vulnerabilities)
Summary:Several vulnerabilities have been discovered in the interpreter for;the Ruby language, which may lead to denial of service and other;security problems. The Common Vulnerabilities and Exposures project;identifies the following problems:;;CVE-2013-1821;Ben Murphy discovered that unrestricted entity expansion in REXML;can lead to a Denial of Service by consuming all host memory.;;CVE-2013-4073;William (B.J.) Snow Orvis discovered a vulnerability in the hostname;checking in Ruby's SSL client that could allow man-in-the-middle;attackers to spoof SSL servers via valid certificate issued by a;trusted certification authority.
Description:Summary:
Several vulnerabilities have been discovered in the interpreter for
the Ruby language, which may lead to denial of service and other
security problems. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2013-1821
Ben Murphy discovered that unrestricted entity expansion in REXML
can lead to a Denial of Service by consuming all host memory.

CVE-2013-4073
William (B.J.) Snow Orvis discovered a vulnerability in the hostname
checking in Ruby's SSL client that could allow man-in-the-middle
attackers to spoof SSL servers via valid certificate issued by a
trusted certification authority.

Affected Software/OS:
ruby1.9.1 on Debian Linux

Solution:
For the oldstable distribution (squeeze), these problems have been fixed in
version 1.9.2.0-2+deb6u1.

For the stable distribution (wheezy), these problems have been fixed in
version 1.9.3.194-8.1+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.9.3.194-8.2.

We recommend that you upgrade your ruby1.9.1 packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1821
BugTraq ID: 58141
http://www.securityfocus.com/bid/58141
Debian Security Information: DSA-2738 (Google Search)
http://www.debian.org/security/2013/dsa-2738
Debian Security Information: DSA-2809 (Google Search)
http://www.debian.org/security/2013/dsa-2809
http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525
https://bugzilla.redhat.com/show_bug.cgi?id=914716
http://www.openwall.com/lists/oss-security/2013/03/06/5
RedHat Security Advisories: RHSA-2013:0611
http://rhn.redhat.com/errata/RHSA-2013-0611.html
RedHat Security Advisories: RHSA-2013:0612
http://rhn.redhat.com/errata/RHSA-2013-0612.html
RedHat Security Advisories: RHSA-2013:1028
http://rhn.redhat.com/errata/RHSA-2013-1028.html
RedHat Security Advisories: RHSA-2013:1147
http://rhn.redhat.com/errata/RHSA-2013-1147.html
http://secunia.com/advisories/52783
http://secunia.com/advisories/52902
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862
SuSE Security Announcement: SUSE-SU-2013:0609 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html
SuSE Security Announcement: SUSE-SU-2013:0647 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
SuSE Security Announcement: openSUSE-SU-2013:0603 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
SuSE Security Announcement: openSUSE-SU-2013:0614 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html
http://www.ubuntu.com/usn/USN-1780-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4073
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
RedHat Security Advisories: RHSA-2013:1090
http://rhn.redhat.com/errata/RHSA-2013-1090.html
RedHat Security Advisories: RHSA-2013:1103
http://rhn.redhat.com/errata/RHSA-2013-1103.html
RedHat Security Advisories: RHSA-2013:1137
http://rhn.redhat.com/errata/RHSA-2013-1137.html
SuSE Security Announcement: openSUSE-SU-2013:1181 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00042.html
SuSE Security Announcement: openSUSE-SU-2013:1186 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00044.html
http://www.ubuntu.com/usn/USN-1902-1
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.