Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":2,"type":"x","order":3,"pct":66.67,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -8 articles for you...
200

Scientific Linux: CVE-2011-2686 Moderate: Ruby Security Issues

Moderate: ruby security update. Date: Mon, 30 Jan 2012 08:37:07 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Informative Announcement for SL4.x Less Than 1 Month End Of Life Notice MIME-Version: 1.0 In accordance with our Upstream Vendor's Errata Support Policy, the regular life-cycle of Scientific Linux 4 will end in February 2012. After this date, The Upstream Vendor will discontinue the regular update services. We must follow them in this matter. Therefore, new bug fix, enhancement, and security errata updates will no longer be available for Scientific Linux 4 after the End of Life date. They will not be providing updates and so we cannot provide them. Anyone still running production workloads on Scientific Linux 4 are advised to begin upgrading to Scientific Linux 5 or 6. Upstream recommends a reinstall and not an upgrade. Please be advised that we also believe that a clean reinstall is the preferred method for moving from Scientific Linux 4 to a newer version. We will continue to provide updates as they become available to us for Scientific Linux 4. Again, this is a reminder of the coming end of life for Scientific Linux 4 in February 2012. - Scientific Linux Development Team Date: Mon, 30 Jan 2012 15:54:11 -0600 Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it. Sender: Security Errata for Scientific Linux From: This email address is being protected from spambots. You need JavaScript enabled to view it. Subject: Security ERRATA Moderate: ruby on SL4.x, SL5.x i386/x86_64 Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it. Synopsis: Moderate: ruby security update Issue Date: 2012-01-30 CVE Numbers: CVE-2011-2686 CVE-2011-4815 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) thatare used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2011-4815) It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). (CVE-2011-3009) All users of ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. SL4: i386 irb-1.8.1-18.el4.i386.rpm ruby-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-devel-1.8.1-18.el4.i386.rpm ruby-docs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-mode-1.8.1-18.el4.i386.rpm ruby-tcltk-1.8.1-18.el4.i386.rpm x86_64 irb-1.8.1-18.el4.x86_64.rpm ruby-1.8.1-18.el4.x86_64.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.x86_64.rpm ruby-devel-1.8.1-18.el4.x86_64.rpm ruby-docs-1.8.1-18.el4.x86_64.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.x86_64.rpm ruby-mode-1.8.1-18.el4.x86_64.rpm ruby-tcltk-1.8.1-18.el4.x86_64.rpm SL5: i386 ruby-1.8.5-22.el5_7.1.i386.rpm ruby-debuginfo-1.8.5-22.el5_7.1.i386.rpm ruby-devel-1.8.5-22.el5_7.1.i386.rpm ruby-docs-1.8.5-22.el5_7.1.i386.rpm ruby-irb-1.8.5-22.el5_7.1.i386.rpm ruby-libs-1.8.5-22.el5_7.1.i386.rpm ruby-mode-1.8.5-22.el5_7.1.i386.rpm ruby-rdoc-1.8.5-22.el5_7.1.i386.rpm ruby-ri-1.8.5-22.el5_7.1.i386.rpm ruby-tcltk-1.8.5-22.el5_7.1.i386.rpm x86_64 ruby-1.8.5-22.el5_7.1.x86_64.rpm ruby-debuginfo-1.8.5-22.el5_7.1.i386.rpm ruby-debuginfo-1.8.5-22.el5_7.1.x86_64.rpm ruby-devel-1.8.5-22.el5_7.1.i386.rpm ruby-devel-1.8.5-22.el5_7.1.x86_64.rpm ruby-docs-1.8.5-22.el5_7.1.x86_64.rpm ruby-irb-1.8.5-22.el5_7.1.x86_64.rpm ruby-libs-1.8.5-22.el5_7.1.i386.rpm ruby-libs-1.8.5-22.el5_7.1.x86_64.rpm ruby-mode-1.8.5-22.el5_7.1.x86_64.rpm ruby-rdoc-1.8.5-22.el5_7.1.x86_64.rpm ruby-ri-1.8.5-22.el5_7.1.x86_64.rpm ruby-tcltk-1.8.5-22.el5_7.1.x86_64.rpm - Scientific Linux Development Team . A balanced ruby upgrade targeting denial of service vulnerabilities and protection concerns has been released for Scientific Linux versions 4 and 5.. Scientific Linux Ruby Update, Moderate Security Advisory, Ruby Denial of Service. . LinuxSecurity.com Team

Calendar%202 Jan 30, 2012 Scientific Linux
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":2,"type":"x","order":3,"pct":66.67,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200