- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201412-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Ruby: Denial of Service
Date: December 13, 2014
Bugs: #355439, #369141, #396301, #437366, #442580, #458776,
#492282, #527084, #529216
ID: 201412-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in Ruby, allowing
context-dependent attackers to cause a Denial of Service condition.
Background
=========
Ruby is an object-oriented scripting language.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/ruby < 2.0.0_p598 *>= 1.9.3_p551
>= 2.0.0_p598
Description
==========
Multiple vulnerabilities have been discovered in Ruby. Please review
the CVE identifiers referenced below for details.
Impact
=====
A context-dependent attacker could possibly execute arbitrary code with
the privileges of the process, cause a Denial of Service condition, or
bypass security restrictions.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All Ruby 1.9 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.9.3_p551"
All Ruby 2.0 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.0.0_p598"
References
=========
[ 1 ] CVE-2011-0188
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0188
[ 2 ] CVE-2011-1004
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1004
[ 3 ] CVE-2011-1005
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1005
[ 4 ] CVE-2011-4815
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4815
[ 5 ] CVE-2012-4481
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4481
[ 6 ] CVE-2012-5371
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5371
[ 7 ] CVE-2013-0269
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0269
[ 8 ] CVE-2013-1821
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1821
[ 9 ] CVE-2013-4164
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4164
[ 10 ] CVE-2014-8080
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8080
[ 11 ] CVE-2014-8090
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8090
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/glsa-201412-27.xml
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Gentoo: GLSA-201412-27: Ruby: Denial of Service
Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition.
Summary
Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details.
Resolution
All Ruby 1.9 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.9.3_p551"
All Ruby 2.0 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.0.0_p598"
References
[ 1 ] CVE-2011-0188 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0188 [ 2 ] CVE-2011-1004 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1004 [ 3 ] CVE-2011-1005 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1005 [ 4 ] CVE-2011-4815 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4815 [ 5 ] CVE-2012-4481 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4481 [ 6 ] CVE-2012-5371 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5371 [ 7 ] CVE-2013-0269 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0269 [ 8 ] CVE-2013-1821 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1821 [ 9 ] CVE-2013-4164 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4164 [ 10 ] CVE-2014-8080 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8080 [ 11 ] CVE-2014-8090 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8090
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/glsa-201412-27.xml
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Severity
Severity: Normal
Title: Ruby: Denial of Service
Date: December 13, 2014
Bugs: #355439, #369141, #396301, #437366, #442580, #458776,
ID: 201412-27
Synopsis
Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition.
Background
Ruby is an object-oriented scripting language.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/ruby < 2.0.0_p598 *>= 1.9.3_p551 >= 2.0.0_p598
Impact
===== A context-dependent attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or bypass security restrictions.
Workaround
There is no known workaround at this time.
News
HOWTOs
Features
About Us
Powered By
