Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Debian: DSA-3157-1 Urgent: Ruby 1.9.1 Buffer Overflow Vulnerability

debian
Calendar Grey February 9, 2015
Scroller Debian
Tackling important challenges in the Ruby compiler via Ubuntu revisions seeks to improve overall performance and safeguard integrity.
Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2014-4975

Summary

Multiple vulnerabilities were discovered in the interpreter for the Ruby
language:

CVE-2014-4975

The encodes() function in pack.c had an off-by-one error that could
lead to a stack-based buffer overflow. This could allow remote
attackers to cause a denial of service (crash) or arbitrary code
execution.

CVE-2014-8080, CVE-2014-8090

The REXML parser could be coerced into allocating large string
objects that could consume all available memory on the system. This
could allow remote attackers to cause a denial of service (crash).

For the stable distribution (wheezy), these problems have been fixed in
version 1.9.3.194-8.1+deb7u3.

For the upcoming stable distribution (jessie), these problems have been
fixed in version 2.1.5-1 of the ruby2.1 source package.

For the unstable distribution (sid), these problems have been fixed in
version 2.1.5-1 of the ruby2.1 source package.

We recommend that you upgrade your ruby1.9.1 packages.

Further information about Debian Security Advisories,...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: ruby1.9.1
CVE ID: CVE-2014-4975 CVE-2014-8080 CVE-2014-8090

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.