ID de Prueba:	1.3.6.1.4.1.25623.1.0.881652
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for ruby CESA-2013:0612 centos6
Resumen:	The remote host is missing an update for the 'ruby'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'ruby' package(s) announced via the referenced advisory. Vulnerability Insight: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amounts of system memory. (CVE-2013-1821) It was found that the RHSA-2011:0910 update did not correctly fix the CVE-2011-1005 issue, a flaw in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2012-4481) The CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat. All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Affected Software/OS: ruby on CentOS 6 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4481 http://www.mandriva.com/security/advisories?name=MDVSA-2013:124 http://www.openwall.com/lists/oss-security/2012/10/05/4 RedHat Security Advisories: RHSA-2013:0129 http://rhn.redhat.com/errata/RHSA-2013-0129.html RedHat Security Advisories: RHSA-2013:0612 http://rhn.redhat.com/errata/RHSA-2013-0612.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1821 BugTraq ID: 58141 http://www.securityfocus.com/bid/58141 Debian Security Information: DSA-2738 (Google Search) http://www.debian.org/security/2013/dsa-2738 Debian Security Information: DSA-2809 (Google Search) http://www.debian.org/security/2013/dsa-2809 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525 https://bugzilla.redhat.com/show_bug.cgi?id=914716 http://www.openwall.com/lists/oss-security/2013/03/06/5 RedHat Security Advisories: RHSA-2013:0611 http://rhn.redhat.com/errata/RHSA-2013-0611.html RedHat Security Advisories: RHSA-2013:1028 http://rhn.redhat.com/errata/RHSA-2013-1028.html RedHat Security Advisories: RHSA-2013:1147 http://rhn.redhat.com/errata/RHSA-2013-1147.html http://secunia.com/advisories/52783 http://secunia.com/advisories/52902 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862 SuSE Security Announcement: SUSE-SU-2013:0609 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html SuSE Security Announcement: SUSE-SU-2013:0647 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html SuSE Security Announcement: openSUSE-SU-2013:0603 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html SuSE Security Announcement: openSUSE-SU-2013:0614 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html http://www.ubuntu.com/usn/USN-1780-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-1005 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html BugTraq ID: 46458 http://www.securityfocus.com/bid/46458 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:097 http://www.mandriva.com/security/advisories?name=MDVSA-2011:098 http://www.openwall.com/lists/oss-security/2011/02/21/2 http://www.openwall.com/lists/oss-security/2011/02/21/5 http://osvdb.org/70957 http://www.redhat.com/support/errata/RHSA-2011-0908.html http://www.redhat.com/support/errata/RHSA-2011-0909.html http://www.redhat.com/support/errata/RHSA-2011-0910.html http://secunia.com/advisories/43420 http://secunia.com/advisories/43573 http://www.vupen.com/english/advisories/2011/0539
Copyright	Copyright (c) 2013 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.