FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318524
Date:      2013-05-19
Time:      14:06:36Z
Committer: rakuco

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
76562594-1f19-11db-b7d4-0008743bf21aruby -- multiple vulnerabilities

Secunia reports:

Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions.

  1. An error in the handling of the "alias" functionality can be exploited to bypass the safe level protection and replace methods called in the trusted level.
  2. An error caused due to directory operations not being properly checked can be exploited to bypass the safe level protection and close untainted directory streams.

Discovery 2006-07-12
Entry 2006-07-29
Modified 2006-07-30
ruby
ruby_static
gt 1.6.* lt 1.8.*

gt 1.8.* lt 1.8.4_9,1

18944
CVE-2006-3694
http://secunia.com/advisories/21009/
http://jvn.jp/jp/JVN%2383768862/index.html
http://jvn.jp/jp/JVN%2313947696/index.html
76562594-1f19-11db-b7d4-0008743bf21aruby -- multiple vulnerabilities

Secunia reports:

Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions.

  1. An error in the handling of the "alias" functionality can be exploited to bypass the safe level protection and replace methods called in the trusted level.
  2. An error caused due to directory operations not being properly checked can be exploited to bypass the safe level protection and close untainted directory streams.

Discovery 2006-07-12
Entry 2006-07-29
Modified 2006-07-30
ruby
ruby_static
gt 1.6.* lt 1.8.*

gt 1.8.* lt 1.8.4_9,1

18944
CVE-2006-3694
http://secunia.com/advisories/21009/
http://jvn.jp/jp/JVN%2383768862/index.html
http://jvn.jp/jp/JVN%2313947696/index.html
1daea60a-4719-11da-b5c6-0004614cc33druby -- vulnerability in the safe level settings

Ruby home page reports:

The Object Oriented Scripting Language Ruby supports safely executing an untrusted code with two mechanisms: safe level and taint flag on objects.

A vulnerability has been found that allows bypassing these mechanisms.

By using the vulnerability, arbitrary code can be executed beyond the restrictions specified in each safe level. Therefore, Ruby has to be updated on all systems that use safe level to execute untrusted code.


Discovery 2005-10-02
Entry 2005-10-27
ruby
ruby_static
gt 1.6.* lt 1.6.8.2004.07.28_2

gt 1.8.* lt 1.8.2_5

CVE-2005-2337
http://www.ruby-lang.org/en/20051003.html
76562594-1f19-11db-b7d4-0008743bf21aruby -- multiple vulnerabilities

Secunia reports:

Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions.

  1. An error in the handling of the "alias" functionality can be exploited to bypass the safe level protection and replace methods called in the trusted level.
  2. An error caused due to directory operations not being properly checked can be exploited to bypass the safe level protection and close untainted directory streams.

Discovery 2006-07-12
Entry 2006-07-29
Modified 2006-07-30
ruby
ruby_static
gt 1.6.* lt 1.8.*

gt 1.8.* lt 1.8.4_9,1

18944
CVE-2006-3694
http://secunia.com/advisories/21009/
http://jvn.jp/jp/JVN%2383768862/index.html
http://jvn.jp/jp/JVN%2313947696/index.html
1daea60a-4719-11da-b5c6-0004614cc33druby -- vulnerability in the safe level settings

Ruby home page reports:

The Object Oriented Scripting Language Ruby supports safely executing an untrusted code with two mechanisms: safe level and taint flag on objects.

A vulnerability has been found that allows bypassing these mechanisms.

By using the vulnerability, arbitrary code can be executed beyond the restrictions specified in each safe level. Therefore, Ruby has to be updated on all systems that use safe level to execute untrusted code.


Discovery 2005-10-02
Entry 2005-10-27
ruby
ruby_static
gt 1.6.* lt 1.6.8.2004.07.28_2

gt 1.8.* lt 1.8.2_5

CVE-2005-2337
http://www.ruby-lang.org/en/20051003.html