Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[OpenPKG-SA-2006.016] OpenPKG Security Advisory (ruby)

from [OpenPKG] Network Security [Permanent Link]
Subject: [OpenPKG-SA-2006.016] OpenPKG Security Advisory (ruby)
Date: Fri, 28 Jul 2006 13:06:19 +0200 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                            The OpenPKG Project
http://www.openpkg.org/security/                  http://www.openpkg.org
openpkg-security@openpkg.org                         openpkg@openpkg.org
OpenPKG-SA-2006.016                                          28-Jul-2006
________________________________________________________________________

Package:             ruby
Vulnerability:       unspecified
OpenPKG Specific:    no

Affected Releases:   Affected Packages:       Corrected Packages:
OpenPKG CURRENT      <= ruby-1.8.4-20051225   >= ruby-1.8.4-20060728
OpenPKG 2-STABLE     <= ruby-1.8.4-2.20060622 >= ruby-1.8.4-2.20060728
OpenPKG 2.5-RELEASE  <= ruby-1.8.3-2.5.0      >= ruby-1.8.3-2.5.1

Description:
  Multiple unspecified vulnerabilities in the Ruby [1] programming
  language allow remote attackers to bypass "safe level" checks via
  unspecified vectors involving the "alias" function, directory
  operations and regular expressions. The Common Vulnerabilities and
  Exposures (CVE) project assigned the id CVE-2006-3694 [2] to the
  problem.
________________________________________________________________________

References:
  [1] http://www.ruby-lang.org/
  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org
for details on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@openpkg.org>

iD8DBQFEye69gHWT4GPEy58RAlmgAJ9P8zeezBNr1xP9386nwqOorWmqXQCg399h
4hF/HhtXEwInVpUubs57GcQ=
=Lq1J
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [OpenPKG-SA-2006.016] OpenPKG Security Advisory (ruby), OpenPKG <=
Previous by Date:  Portail PHP v1.7 Remote File Include, Meftun
Next by Date:  [Full-disclosure] Oracle 10g R2 and, probably, all previous versions, Russell Lowenthal
Previous by Thread:  Portail PHP v1.7 Remote File Include, Meftun
Next by Thread:  [Full-disclosure] Oracle 10g R2 and, probably, all previous versions, Russell Lowenthal
Indexes:  [Date] [Thread] [Top] [All Lists]