Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 551
Alerts This Week
Warning Icon 1 551

Scientific Linux 6: SLSA-2013:1764-1 Critical: Ruby Buffer Overflow

Scientific Large Esm H446
Critical: ruby security update
Date: Tue, 3 Dec 2013 20:07:15 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Critical: ruby on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Critical: ruby security update
Advisory ID: SLSA-2013:1764-1
Issue Date: 2013-11-25
CVE Numbers: CVE-2013-4164
--

A buffer overflow flaw was found in the way Ruby parsed floating point
numbers from their text representation. If an application using Ruby
accepted untrusted input strings and converted them to floating point
numbers, an attacker able to provide such input could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the application. (CVE-2013-4164)
--

SL6
 x86_64
 ruby-1.8.7.352-13.el6.x86_64.rpm
 ruby-debuginfo-1.8.7.352-13.el6.i686.rpm
 ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm
 ruby-devel-1.8.7.352-13.el6.i686.rpm
 ruby-devel-1.8.7.352-13.el6.x86_64.rpm
 ruby-irb-1.8.7.352-13.el6.x86_64.rpm
 ruby-libs-1.8.7.352-13.el6.i686.rpm
 ruby-libs-1.8.7.352-13.el6.x86_64.rpm
 ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm
 ruby-docs-1.8.7.352-13.el6.x86_64.rpm
 ruby-ri-1.8.7.352-13.el6.x86_64.rpm
 ruby-static-1.8.7.352-13.el6.x86_64.rpm
 ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm
 i386
 ruby-1.8.7.352-13.el6.i686.rpm
 ruby-debuginfo-1.8.7.352-13.el6.i686.rpm
 ruby-devel-1.8.7.352-13.el6.i686.rpm
 ruby-irb-1.8.7.352-13.el6.i686.rpm
 ruby-libs-1.8.7.352-13.el6.i686.rpm
 ruby-rdoc-1.8.7.352-13.el6.i686.rpm
 ruby-docs-1.8.7.352-13.el6.i686.rpm
 ruby-ri-1.8.7.352-13.el6.i686.rpm
 ruby-static-1.8.7.352-13.el6.i686.rpm
 ruby-tcltk-1.8.7.352-13.el6.i686.rpm

- Scientific Linux Development Team