VYPR

rpm package

suse/ruby2.1&distro=SUSE Enterprise Storage 5

pkg:rpm/suse/ruby2.1&distro=SUSE%20Enterprise%20Storage%205

Vulnerabilities (42)

  • CVE-2016-7798HigJan 30, 2017
    affected < 2.1.9-19.3.2fixed 2.1.9-19.3.2

    The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

  • CVE-2016-2339CriJan 6, 2017
    affected < 2.1.9-19.3.2fixed 2.1.9-19.3.2

    An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of

Page 3 of 3