Advertisement
Hi,<\/p>\n
for security reasons i have secunia csi installed.<\/p>\n
csi says ruby is insecure! will there be a new secure version (installed version: 1.9.3.0 / secure version: 1.9.3-p327)?<\/p>\n
![\"ruby_insecure.jpg\"](\"https://us1.discourse-cdn.com/spiceworks/original/4X/e/1/1/e112caf2dd154511ac6b8a8b329213af684aec54.jpeg\")
<\/p>","upvoteCount":1,"answerCount":2,"datePublished":"2012-11-27T06:23:54.000Z","author":{"@type":"Person","name":"helmutjacobi5748","url":"https://community.spiceworks.com/u/helmutjacobi5748"},"acceptedAnswer":{"@type":"Answer","text":"
Only SW themselves can answer this. But something that is important to note is that this is not an open Ruby platform but a component inside of Spiceworks. So while, on one hand, CSI has identified Ruby correctly and it does have a security issue, it has in another way misidentified the package because that is not an installed Ruby instance but a library inside of Spiceworks. So as it has not identified it as a Spiceworks package, it has, to some degree, scanned it incorrectly.<\/p>\n
This is important for two reasons. First, the scan isn’t as valid as it might seem so you have to take its output in context. Second, the security vulnerability is one of the platform and there is no reason to believe that that security issues exists in the context of Spiceworks. So since CSI didn’t scan it as what it was, there is every possibility that there is no vulnerability and no reason for Spiceworks to fix it.<\/p>","upvoteCount":0,"datePublished":"2012-11-27T14:59:25.000Z","url":"https://community.spiceworks.com/t/ruby-insecure/178847/2","author":{"@type":"Person","name":"scottalanmiller","url":"https://community.spiceworks.com/u/scottalanmiller"}},"suggestedAnswer":[{"@type":"Answer","text":"
Hi,<\/p>\n
for security reasons i have secunia csi installed.<\/p>\n
csi says ruby is insecure! will there be a new secure version (installed version: 1.9.3.0 / secure version: 1.9.3-p327)?<\/p>\n
<\/p>","upvoteCount":1,"datePublished":"2012-11-27T06:23:54.000Z","url":"https://community.spiceworks.com/t/ruby-insecure/178847/1","author":{"@type":"Person","name":"helmutjacobi5748","url":"https://community.spiceworks.com/u/helmutjacobi5748"}}]}}
