- Home
- CVEs with nessus.description==This update for ruby fixes the following security issues :
- Improve return value checks for OpenSSL function OCSP_basic_verify() to refuse usage of revoked certificates. (CVE-2009-0642)
- Increase entropy of DNS identifiers to avoid spoofing attacks. (CVE-2008-3905)
- Fix denial of service (DoS) vulnerability while parsing XML data. (CVE-2008-3790)
- Fix possible attack on algorithm complexity in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests or by using the regex engine to cause high CPU load. (CVE-2008-3656, CVE-2008-3443)
- Improve ruby's access restriction code. (CVE-2008-3655)
- Improve safe-level handling using function DL.dlopen().
(CVE-2008-3657)
- Improve big decimal handling. (CVE-2009-1904)
- Disable bypassing of HTTP basic authentication (authenticate_with_http_digest).
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top