ArchLinux: 201512-11: ruby: unsafe tainted string usage
Summary
There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi.
Resolution
Upgrade to 2.2.4-1.
# pacman -Syu "ruby>=2.2.4-1"
The problem has been fixed upstream in version 2.2.4.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7551 https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
Workaround
None.