VARIoT IoT vulnerabilities database

Discus DRG A125G is a wireless router product from Swiss ADB company. An information disclosure vulnerability exists in Discus DRG A125G. Attackers can use this vulnerability to obtain sensitive information that can help launch further attacks. Discus DRG A125G is vulnerable; other versions may also be affected

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB RobotStudio Tools. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the cw3dgrph.ocx ActiveX control. The ImportStyle method allows an attacker to load a specially crafted .cwx file from a remote network share. Following this call, the attacker can invoke the ExportStyle method to save the file to an arbitrary location through the use of a directory traversal vulnerability. A remote attacker can abuse this to execute arbitrary code under the context of the user. ABB is a leader in power and automation technology among the world's top 500 companies. The attacker constructs a malicious WEB page to induce the user to parse, and can write arbitrary files to any position of the system. ABB Test Signal Viewer is a software product of Swiss ABB company, which is mainly used to optimize and adjust the axis speed of ABB robots, and grasp the robot operating conditions. Failed exploit attempts will likely result in denial-of-service conditions

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP NetWeaver Portal has a vulnerability in handling GET requests sent through ConfigServlet, allowing remote attackers to execute arbitrary operating system commands using specially crafted requests

There are unspecified security vulnerabilities in multiple TRENDnet products, and no detailed vulnerability details are available. The telnet service for vulnerability related TRENDnet products. The impact of this issue is currently unknown. We will update this BID when more information emerges

Unspecified vulnerability in the SSH implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote authenticated users to cause a denial of service (device hang) via unknown vectors, a different vulnerability than CVE-2013-5998. DES-3800 Series provided by D-Link Japan contains a denial-of-service (DoS) vulnerability due to an issue in the implementation of SSH. Note that this vulnerability is different from JVN#28812735. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who can login using SSH may cause the product to stop responding. The D-Link DES-3800 is a three-layer 100M network managed switch. D-Link DES-3800 Series are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the device to stop responding, denying service to legitimate users

Unspecified vulnerability in the Web manager implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote attackers to cause a denial of service (device hang) via unknown vectors, a different vulnerability than CVE-2013-5997. DES-3800 Series provided by D-Link Japan contains a denial-of-service (DoS) vulnerability due to an issue in the Web manager function. Note that this vulnerability is different from JVN#65312543. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may cause the product to stop responding. The D-Link DES-3800 is a three-layer 100M network managed switch. D-Link DES-3800 Series are prone to a denial-of-service vulnerability

The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The vulnerability is caused by the failure to correctly process some ICMP packets. Cisco IOS is prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCul29918

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. Ruby is prone to a heap-based buffer overflow vulnerability because it fails to adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application using the affected function. Failed exploit attempts will likely crash the application. Following versions are vulnerable: Ruby 1.8 Ruby 1.9 prior to 1.9.3-p484 Ruby 2.0 prior to 2.0.0-p353 Ruby 2.1 prior to 2.1.0 preview2. For the oldstable distribution (squeeze), this problem has been fixed in version 1.9.2.0-2+deb6u2. For the stable distribution (wheezy), this problem has been fixed in version 1.9.3.194-8.1+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 1.9.3.484-1. We recommend that you upgrade your ruby1.9.1 packages. ========================================================================== Ubuntu Security Notice USN-2035-1 November 27, 2013 ruby1.8, ruby1.9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Ruby. (CVE-2013-4164) Vit Ondruch discovered that Ruby did not perform taint checking for certain functions. An attacker could possibly use this issue to bypass certain intended restrictions. (CVE-2013-2065) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libruby1.8 1.8.7.358-7ubuntu2.1 libruby1.9.1 1.9.3.194-8.1ubuntu2.1 ruby1.8 1.8.7.358-7ubuntu2.1 ruby1.9.1 1.9.3.194-8.1ubuntu2.1 Ubuntu 13.04: libruby1.8 1.8.7.358-7ubuntu1.2 libruby1.9.1 1.9.3.194-8.1ubuntu1.2 ruby1.8 1.8.7.358-7ubuntu1.2 ruby1.9.1 1.9.3.194-8.1ubuntu1.2 Ubuntu 12.10: libruby1.8 1.8.7.358-4ubuntu0.4 libruby1.9.1 1.9.3.194-1ubuntu1.6 ruby1.8 1.8.7.358-4ubuntu0.4 ruby1.9.1 1.9.3.194-1ubuntu1.6 Ubuntu 12.04 LTS: libruby1.8 1.8.7.352-2ubuntu1.4 libruby1.9.1 1.9.3.0-1ubuntu2.8 ruby1.8 1.8.7.352-2ubuntu1.4 ruby1.9.1 1.9.3.0-1ubuntu2.8 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ruby: Denial of Service Date: December 13, 2014 Bugs: #355439, #369141, #396301, #437366, #442580, #458776, #492282, #527084, #529216 ID: 201412-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/ruby < 2.0.0_p598 *>= 1.9.3_p551 >= 2.0.0_p598 Description =========== Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Ruby 1.9 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.9.3_p551" All Ruby 2.0 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.0.0_p598" References ========== [ 1 ] CVE-2011-0188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0188 [ 2 ] CVE-2011-1004 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1004 [ 3 ] CVE-2011-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1005 [ 4 ] CVE-2011-4815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4815 [ 5 ] CVE-2012-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4481 [ 6 ] CVE-2012-5371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5371 [ 7 ] CVE-2013-0269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0269 [ 8 ] CVE-2013-1821 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1821 [ 9 ] CVE-2013-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4164 [ 10 ] CVE-2014-8080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8080 [ 11 ] CVE-2014-8090 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8090 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-27.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 1294917053856fc539899d0b44ad0dbc mes5/i586/ruby-1.8.7-7p72.7mdvmes5.2.i586.rpm 3f2db72bc1631e542779316343e966c4 mes5/i586/ruby-devel-1.8.7-7p72.7mdvmes5.2.i586.rpm 39cfc6c4609fcc57176672475790b32b mes5/i586/ruby-doc-1.8.7-7p72.7mdvmes5.2.i586.rpm 0ec33b39a54d3bdf697f45da9f89e47a mes5/i586/ruby-tk-1.8.7-7p72.7mdvmes5.2.i586.rpm fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: a931882acf32d122e07627496390d938 mes5/x86_64/ruby-1.8.7-7p72.7mdvmes5.2.x86_64.rpm b501426a2e620f092bbb599859250cbe mes5/x86_64/ruby-devel-1.8.7-7p72.7mdvmes5.2.x86_64.rpm ff3c3946cadf9572f9a9156ce1acc4d1 mes5/x86_64/ruby-doc-1.8.7-7p72.7mdvmes5.2.x86_64.rpm 7e11dfe3289d721f58692552d2dffe92 mes5/x86_64/ruby-tk-1.8.7-7p72.7mdvmes5.2.x86_64.rpm fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 19f50bdda7f4d5298aad37fffcc161d2 mbs1/x86_64/ruby-1.8.7.p358-2.3.mbs1.x86_64.rpm cb212eb9e77942130daa03bd00129647 mbs1/x86_64/ruby-devel-1.8.7.p358-2.3.mbs1.x86_64.rpm 61727a178644e24a90893fd521beaf26 mbs1/x86_64/ruby-doc-1.8.7.p358-2.3.mbs1.noarch.rpm 7c7c74b929d64434f5fac3e9a6a16eac mbs1/x86_64/ruby-tk-1.8.7.p358-2.3.mbs1.x86_64.rpm 3b57d1f0167760c15f5a2b7187f9301b mbs1/SRPMS/ruby-1.8.7.p358-2.3.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ruby-1.9.3_p484-i486-1_slack14.1.txz: Upgraded. For more information, see: https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ruby-1.9.3_p484-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ruby-1.9.3_p484-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ruby-1.9.3_p484-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ruby-1.9.3_p484-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ruby-1.9.3_p484-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ruby-1.9.3_p484-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ruby-1.9.3_p484-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ruby-1.9.3_p484-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/ruby-1.9.3_p484-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/ruby-1.9.3_p484-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.1 package: a9c7fc1b752d9dbebf729639768f0ff9 ruby-1.9.3_p484-i486-1_slack13.1.txz Slackware x86_64 13.1 package: b78129d604ac455d1b28d54f28c2742a ruby-1.9.3_p484-x86_64-1_slack13.1.txz Slackware 13.37 package: b195b07dff2bea6a3c4ad26686ed2bfe ruby-1.9.3_p484-i486-1_slack13.37.txz Slackware x86_64 13.37 package: a24d37e579ec1756896fabe5c158a83a ruby-1.9.3_p484-x86_64-1_slack13.37.txz Slackware 14.0 package: 334fab8b88a0474b7ddd551c3f945492 ruby-1.9.3_p484-i486-1_slack14.0.txz Slackware x86_64 14.0 package: ad5cc7610fd06dae0bcae1b89c8b9659 ruby-1.9.3_p484-x86_64-1_slack14.0.txz Slackware 14.1 package: 74555154cbd4bac223f6121f30821f1f ruby-1.9.3_p484-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 172e5c26ed18318e28668820e36ac0a0 ruby-1.9.3_p484-x86_64-1_slack14.1.txz Slackware -current package: b865aec63c8a52ad041ea3d7b6febfda d/ruby-1.9.3_p484-i486-1.txz Slackware x86_64 -current package: 9ddaa67e1d06d2d37eda294b749ff91d d/ruby-1.9.3_p484-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ruby-1.9.3_p484-i486-1_slack14.1.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: ruby security update Advisory ID: RHSA-2013:1764-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1764.html Issue date: 2013-11-25 CVE Names: CVE-2013-4164 ===================================================================== 1. Summary: Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. (CVE-2013-4164) All ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1033460 - CVE-2013-4164 ruby: heap overflow in floating point parsing 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-irb-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-rdoc-1.8.7.352-13.el6.i686.rpm x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-docs-1.8.7.352-13.el6.i686.rpm ruby-ri-1.8.7.352-13.el6.i686.rpm ruby-static-1.8.7.352-13.el6.i686.rpm ruby-tcltk-1.8.7.352-13.el6.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-irb-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-rdoc-1.8.7.352-13.el6.i686.rpm ppc64: ruby-1.8.7.352-13.el6.ppc64.rpm ruby-debuginfo-1.8.7.352-13.el6.ppc.rpm ruby-debuginfo-1.8.7.352-13.el6.ppc64.rpm ruby-devel-1.8.7.352-13.el6.ppc.rpm ruby-devel-1.8.7.352-13.el6.ppc64.rpm ruby-irb-1.8.7.352-13.el6.ppc64.rpm ruby-libs-1.8.7.352-13.el6.ppc.rpm ruby-libs-1.8.7.352-13.el6.ppc64.rpm ruby-rdoc-1.8.7.352-13.el6.ppc64.rpm s390x: ruby-1.8.7.352-13.el6.s390x.rpm ruby-debuginfo-1.8.7.352-13.el6.s390.rpm ruby-debuginfo-1.8.7.352-13.el6.s390x.rpm ruby-devel-1.8.7.352-13.el6.s390.rpm ruby-devel-1.8.7.352-13.el6.s390x.rpm ruby-irb-1.8.7.352-13.el6.s390x.rpm ruby-libs-1.8.7.352-13.el6.s390.rpm ruby-libs-1.8.7.352-13.el6.s390x.rpm ruby-rdoc-1.8.7.352-13.el6.s390x.rpm x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-docs-1.8.7.352-13.el6.i686.rpm ruby-ri-1.8.7.352-13.el6.i686.rpm ruby-static-1.8.7.352-13.el6.i686.rpm ruby-tcltk-1.8.7.352-13.el6.i686.rpm ppc64: ruby-debuginfo-1.8.7.352-13.el6.ppc64.rpm ruby-docs-1.8.7.352-13.el6.ppc64.rpm ruby-ri-1.8.7.352-13.el6.ppc64.rpm ruby-static-1.8.7.352-13.el6.ppc64.rpm ruby-tcltk-1.8.7.352-13.el6.ppc64.rpm s390x: ruby-debuginfo-1.8.7.352-13.el6.s390x.rpm ruby-docs-1.8.7.352-13.el6.s390x.rpm ruby-ri-1.8.7.352-13.el6.s390x.rpm ruby-static-1.8.7.352-13.el6.s390x.rpm ruby-tcltk-1.8.7.352-13.el6.s390x.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-irb-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-rdoc-1.8.7.352-13.el6.i686.rpm x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-docs-1.8.7.352-13.el6.i686.rpm ruby-ri-1.8.7.352-13.el6.i686.rpm ruby-static-1.8.7.352-13.el6.i686.rpm ruby-tcltk-1.8.7.352-13.el6.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4164.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSk6BNXlSAg2UNWIIRAlZiAKDAAPRSZ1H9cccz0veRzTeGoeJjcACcCB69 P78u5S2/0ZOC5eh3GKqWcx0= =VMn2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP Web Application Server is a web application service program. The input passed to SAP Portal lacks correct validation before being used to redirect users, allowing attackers to build malicious URIs, enticing users to resolve, redirecting user communications to any WEB site, and performing phishing attacks

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAP NetWeaver Web Application Server has an error in the HSTI_UPLOAD_XML function when parsing XML entities, allowing restricted management commands to be sent to the gateway or message server via a specially crafted XML document containing external entity references

The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821. This case " Cross frame scripting (XFS)" Vulnerability related to the problem. The Cisco Wireless LAN Controller is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. The vulnerability is due to insufficient protection of HTML sub-frames, allowing attackers to build malicious HTML sub-frames, enticing user parsing, and performing clickjacking or other client browser attacks. Successful exploits will allow attackers to bypass the same-origin policy and perform unauthorized actions; other attacks are possible. This issue is being tracked by Cisco Bug ID CSCuf77821

The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880. Vendors have confirmed this vulnerability Bug ID CSCuh81880 It is released as.Skillfully crafted by a third party to induce buffer overread CAPWAP Service disruption via packets (DoS) There is a possibility of being put into a state. The vulnerability is caused by insufficient data packet verification, which allows a remote attacker to exploit a vulnerability to send a specially crafted CAPWAP message to the Cisco WLC. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuh81880

Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS XE is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attackers to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuh04949

The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. An attacker can exploit the vulnerability to reload the affected device. This issue is being tracked by Cisco Bug ID CSCue22345

The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. Catapult Software DNP3 Driver is a power-related industrial control software. The Catapult Software DNP3 drivers used by GE iFIX and CIMPLICITY products fail to properly verify input, allowing local attackers to exploit vulnerabilities to bring software into an infinite loop, crashing the process, and requiring a reboot to get normal functionality. Local attackers can exploit this issue to force the application to enter into an infinite loop, causing denial-of-service conditions

The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Catapult Software DNP3 Driver is a power-related industrial control software. Attackers can exploit this issue to force the application to enter into an infinite loop, causing denial-of-service conditions

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. nginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547 http://advisories.mageia.org/MGASA-2013-0349.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm 6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2802-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx Vulnerability : restriction bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-4547 Debian Bug : 730012 Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request. The oldstable distribution (squeeze) is not affected by this problem. For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy2. For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1. We recommend that you upgrade your nginx packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST q9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO 3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6 Ddh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6 OHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f vAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw== =ttYS -----END PGP SIGNATURE-----

The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway 2013.09.26 allows remote attackers to cause a denial of service via a malformed message to a MM4 connection. An attacker could use this vulnerability to cause a denial of service. Attackers can exploit these issues to cause denial-of-service conditions

The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway before 2013.11.15 allows remote attackers to cause a denial of service via a malformed MM1 message that is routed to a (1) MM4 or (2) MM7 connection. An attacker could use this vulnerability to cause a denial of service. Attackers can exploit these issues to cause denial-of-service conditions

The "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.4(1) allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCug65687. An attacker can exploit this issue to download arbitrary files. Information obtained may aid in further attacks. This issue being tracked by Cisco Bug ID CSCug65687. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures