Test ID:	1.3.6.1.4.1.25623.1.0.841638
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2035-1)
Summary:	The remote host is missing an update for the 'ruby1.8, ruby1.9.1' package(s) announced via the USN-2035-1 advisory.
Description:	Summary: The remote host is missing an update for the 'ruby1.8, ruby1.9.1' package(s) announced via the USN-2035-1 advisory. Vulnerability Insight: Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-4164) Vit Ondruch discovered that Ruby did not perform taint checking for certain functions. An attacker could possibly use this issue to bypass certain intended restrictions. (CVE-2013-2065) Affected Software/OS: 'ruby1.8, ruby1.9.1' package(s) on Ubuntu 12.04, Ubuntu 12.10, Ubuntu 13.04, Ubuntu 13.10. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2065 FEDORA-2013-8375 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html FEDORA-2013-8411 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html FEDORA-2013-8738 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html USN-2035-1 http://www.ubuntu.com/usn/USN-2035-1 https://puppet.com/security/cve/cve-2013-2065 https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/ openSUSE-SU-2013:1611 http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4164 http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html BugTraq ID: 63873 http://www.securityfocus.com/bid/63873 Debian Security Information: DSA-2809 (Google Search) http://www.debian.org/security/2013/dsa-2809 Debian Security Information: DSA-2810 (Google Search) http://www.debian.org/security/2013/dsa-2810 http://osvdb.org/100113 RedHat Security Advisories: RHSA-2013:1763 http://rhn.redhat.com/errata/RHSA-2013-1763.html RedHat Security Advisories: RHSA-2013:1764 http://rhn.redhat.com/errata/RHSA-2013-1764.html RedHat Security Advisories: RHSA-2013:1767 http://rhn.redhat.com/errata/RHSA-2013-1767.html RedHat Security Advisories: RHSA-2014:0011 http://rhn.redhat.com/errata/RHSA-2014-0011.html RedHat Security Advisories: RHSA-2014:0215 http://rhn.redhat.com/errata/RHSA-2014-0215.html http://secunia.com/advisories/55787 http://secunia.com/advisories/57376 SuSE Security Announcement: SUSE-SU-2013:1897 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html SuSE Security Announcement: openSUSE-SU-2013:1834 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html SuSE Security Announcement: openSUSE-SU-2013:1835 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.