Arch Linux: ASA-201512-11 Low: Ruby Unsafe String Issue Detected
Dec 17, 2015
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package ruby before version 2.2.4-1 is vulnerable to unsafe tainted string usage.
Arch Linux Security Advisory ASA-201512-11 ========================================= Severity: Low Date : 2015-12-17 CVE-ID : CVE-2015-7551 Package : ruby Type : unsafe tainted string usage Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package ruby before version 2.2.4-1 is vulnerable to unsafe tainted string usage. Resolution ========= Upgrade to 2.2.4-1. # pacman -Syu "ruby>=2.2.4-1" The problem has been fixed upstream in version 2.2.4. Workaround ========= None. Description ========== There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi. Impact ===== A remote attacker is able to open a library via Fiddle with tainted library name if passed from an untrusted input. References ========= https://www.cve.org/CVERecord?id=CVE-2015-7551 https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!